The Food and Drug Administration (FDA) has recently issued several cybersecurity and medical device initiatives as part of the agency’s increased focus on digital health. These initiatives include draft cybersecurity guidance for medical devices, increased coordination with the Department of Homeland Security, and the promotion of artificial intelligence. Elliot Golding and Jennifer Tharp provided an
Jennifer Tharp
States Increase HIPAA Enforcement
Overview of Recent Settlement Actions
Recent Health Insurance Portability and Accountability Act (“HIPAA”) enforcement settlements for Virtual Medical Group (“VMG”) in New Jersey and EmblemHealth in New York may signal a broader trend of increased state HIPAA enforcement. Under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act’s amendment to HIPAA, codified at 42 U.S.C. § 1320d-5(d), state attorney generals have authority to bring civil actions in federal district court to enforce HIPAA when the interests of state citizens have been affected. Although states also have authority to bring civil actions under state law Unfair and Deceptive Acts (“UDAP”) laws, their additional authority under HIPAA provides an independent vehicle to enforce data privacy and cybersecurity practices. This increased enforcement trend provides yet another reason that health care entities subject to HIPAA need to ensure they have taken steps to ensure HIPAA compliance.
Continue Reading States Increase HIPAA Enforcement