UMass Memorial Medical Center, Inc., and UMass Memorial Medical Group, Inc. (collectively, UMass) has agreed to pay $230,000 to settle claims alleging that that they violated the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), and various other state patient privacy laws.
The Centers for Medicare and Medicaid Services (CMS) recently released their Final Rule for the Promoting Interoperability Program formerly known as the Medicare and Medicaid Electronic Health Record Incentive Programs.
CMS had previously published a Proposed Rule and a request for feedback from the public related to improving interoperability and the sharing of electronic medical records between providers, and between providers and patients, which we covered in a May blog post. CMS has stated that the purpose of the Final Rule is to “advance the agency’s priority of creating a patient-centered health care system by achieving greater price transparency, interoperability, and significant burden reduction so that hospitals can operate with better flexibility and patients have what they need to be active healthcare consumers.”
The Centers for Medicare and Medicaid Services (CMS) recently released its Proposed Rule that, in major part, rebrands the previously known Medicare and Medicaid Electronic Health Records (EHR) Incentives Program into the Promoting Interoperability Program. The rebrand shifts the focus of the program to ensure that providers facilitate patient access to their own health data, and limit the burden on health care providers when it comes to monitoring clinical care using health technology.
The draft bill, “Data Acquisition and Technology Accountability and Security Act,” has led 32 state attorneys general to release a letter urging Congress to avoid preempting state data breach and data security laws.
On February 16, 2018, Representatives Blaine Luetkemeyer (R-MO) and Carolyn Maloney (D-NY) introduced the draft bill in the House of Representatives, which would establish, (i) sweeping standards for data protection across various industries, (ii) federal post-data breach notification requirements, and (iii) establish a process that covered entities must follow to notify law enforcement, regulators, and victims following different types of data breaches.
Recent activity by the FTC in court continues to indicate that federal regulators are prepared to take a strong stance on deceptive practices related to cryptocurrency.
In a complaint, filed on February 20, 2018, the FTC alleges that Thomas Dluca, Louis Gatto, and Eric Pinkston engaged in unfair or deceptive business practice, and misrepresented material facts, associated with businesses known as the “Bitcoin Funding Team,” “My7Network,” and “Jetcoin.”
A recent flurry of activity by the Securities and Exchange Commission (SEC) in court, and strong talk on the Hill, gives a clear indication that the U.S. regulatory agency is making a significant push to rein in the current wild-west atmosphere of investments in Blockchain and cryptocurrency companies.
In the wake of the DAO Report issued by the SEC in July 2017, the agency released several Investor Alerts to warn the public of the risks associated with investing in initial coin offerings (ICOs), including an alert to warn investors to be careful about advertisements by celebrities promoting ICOs and other Blockchain-related investments. Moreover, the SEC chairman and his counterpart at the Commodity Futures Trading Commission (CFTC) have recently released statements and op-eds and appeared before the U.S. Senate Banking Committee to elevate the awareness of lawmakers and the public of some of these risks.