Legal Health Information Exchange

Latest from Legal Health Information Exchange

  • The New Jersey Data Privacy Act (NJDPA) was enacted on January 16, 2024 and will affect individuals, or legal entities that process personal data, and entities that process data on their behalf.
  • Although “protected health information” (“PHI”) collected by a covered entity or business associate (as defined by HIPAA) is excluded from this new law,

  • As HHS is actively enforcing its new guidance and HIPAA interpretation against hospitals across the country, the federal government’s own healthcare providers continue to use online tracking technologies on their websites.
  • AHA asserts that OCR’s Guidance on Online Technologies harms the very people it purports to protect,” and that “[t]he federal government’s repeated threats to

  • HHS publishes its Proposed Rule “Establishment of Disincentives for Health Care Providers that Have Committed Information Blocking.” Download it here.
  • It’s not time to be spooked, just yet, about these potential information blocking disincentives. Enforcement could be limited.
  • Information Blocking requires providers to “know” that a practice that interferes with the access and use of

  • The Minnesota Supreme Court has held that HIPAA “authorizes” disclosures for purposes of the Minnesota Health Records Act, and so consent was not required for a hospital to disclose certain individually identifiable health information to its institutionally related foundation for fundraising purposes.
  • A copy of Minnesota Supreme Court Case can be downloaded here.
  • The

  • OCR reaches a new $1.3 million dollar settlement with a health plan for HIPAA violations.
  • OCR says, “HIPAA-regulated entities need to be proactive in ensuring their compliance with the HIPAA Rules, and not wait for OCR to reveal long-standing HIPAA deficiencies.”
  • Employers that offer Employee Benefits must evaluate if they are responsible for a health

  • The FTC Act prohibits companies from unilaterally applying material privacy policy changes to previously collected data.
  •, a genetic testing company, said it would only share consumers’ sensitive health and other personal information in limited circumstances, then later expanded its data sharing to third parties, like supermarket chains.
  • The FTC views “genetics” to be a

  • AHA encourages OCR to publish its long-awaited Final Rule adopting proposed amendments to the HIPAA Privacy Rule which it views as providing sufficient expanded protection for patients’ sensitive health information (e.g., reproductive health).
  • AHA encourages OCR to retract or amend its Online Tracking Guidance, or otherwise seek public comment on HIPAA compliance with online tracking