Aleksandra Vold

Subscribe to all posts by Aleksandra Vold

With New Enforcement Action, FTC Warns Against Health Information Being Used for Advertising Purposes

Photo of Daniel KaufmanPhoto of Aleksandra VoldBy Daniel Kaufman and Aleksandra Vold on Posted in FTC
If the Federal Trade Commission’s (FTC) recent pursuits did not make clear the agency’s deep concerns about the use of health information for advertising purposes, a new enforcement action brought by the FTC against BetterHelp – to the tune of $7.8 million – should leave no uncertainty. Factual Allegations BetterHelp provides online counseling services and … Continue Reading

HHS Announces New Divisions to Address Weighty Case Load

Photo of Aleksandra VoldBy Aleksandra Vold on Posted in HHS
On February 27, 2023, the U.S. Department of Health and Human Services (HHS) announced that its law enforcement agency – the Office for Civil Rights (OCR) – will reorganize, adding new divisions to better address the rapid increase in cases it is charged with handling. Tellingly, the title of HHS’s announcement focuses on the need to … Continue Reading

Latest FTC Health Privacy Case Sheds Light on Agency Health Privacy Approaches

Photo of Aleksandra VoldPhoto of Daniel KaufmanBy Aleksandra Vold and Daniel Kaufman on Posted in FTC
Health privacy has been a Federal Trade Commission (FTC) priority for decades, and indeed, one of its very first privacy cases, in the early 2000s, involved the inadvertent sharing of user health data. Fast-forward a few decades, and health privacy remains a major concern. Case in point: The latest FTC privacy enforcement action focuses on … Continue Reading

OCR Guidance on Use of Tracking Technologies Warrants Review of Website Tech

Photo of Aleksandra VoldPhoto of Lynn SessionsPhoto of Stefanie FerrariBy Aleksandra Vold, Lynn Sessions and Stefanie Ferrari on Posted in Information Governance, Information Security
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued guidance regarding covered entities’ and business associates’ use of tracking technologies (the Guidance). As discussed in greater detail below, the Guidance reveals OCR’s position that an IP address is not just an identifier but is itself individually identifiable health information (IIHI) … Continue Reading

What’s Old Is New Again: OCR Announces $300,000 Settlement Related to Improper Disposal of Physical PHI

Photo of Aleksandra VoldBy Aleksandra Vold on Posted in Healthcare
After a long stretch of breach enforcement actions and settlements arising out of alleged technology gaps, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced that it settled a case that involved improper disposal of physical protected health information (PHI). This case unusual for its quick resolution, but that is … Continue Reading

‘Unboxing’ the New NIST Guidance: NIST Publishes Significant Update to Healthcare Cybersecurity Guide

Photo of Adam CohenPhoto of Kimberly GordyPhoto of Aleksandra VoldBy Adam Cohen, Kimberly Gordy and Aleksandra Vold on Posted in Healthcare
Without question, healthcare providers and the companies that support them operate in an elevated cybersecurity risk environment. And when a cybersecurity incident occurs, the ensuing regulatory inquiries and/or litigation often focus on whether the entity followed recognized security practices. The National Institute of Standards and Technology (NIST) Cybersecurity Framework has long been one of the … Continue Reading

Recent FTC Post Commits to Protecting Sensitive Health Data After White House Issues Related Executive Order

Photo of Aleksandra VoldPhoto of Daniel KaufmanBy Aleksandra Vold and Daniel Kaufman on Posted in FTC
On July 8, 2022, following the Supreme Court’s decision in Dobbs, the president signed an executive order that called on a number of federal agencies to take steps to protect reproductive rights. He specifically asked the Federal Trade Commission (FTC) to “consider taking steps to protect consumers’ privacy when seeking information about and provision of … Continue Reading

HHS OCR Guidance to 60,000 Retail Pharmacies: Refusal to Fill Rx Based on Potential Pregnancy Termination Concerns Is a Civil Rights Violation, Will Be Investigated

Photo of Kimberly GordyPhoto of Aleksandra VoldBy Kimberly Gordy and Aleksandra Vold on Posted in HHS
On July 13, the Department of Health & Human Services (HHS) Office for Civil Rights (OCR) issued guidance to retail pharmacies that refusing to dispense a prescribed medication or making a determination on the suitability of that medication on the basis of the patient’s sex, pregnancy, or pregnancy-related conditions is discriminatory conduct in violation of … Continue Reading

Office for Civil Rights Provides Guidance: HIPAA Privacy Rule on Disclosures of Information Relating to Reproductive Healthcare

Photo of Aleksandra VoldBy Aleksandra Vold on Posted in Data Privacy, Healthcare, HIPAA/HITECH
On June 29, in response to the U.S. Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization, the U.S. Department of Health & Human Services Office for Civil Rights (HHS OCR) issued guidance on when entities covered by the Health Insurance Portability and Accountability Act (HIPAA) are permitted to share protected health information (PHI) … Continue Reading

Dobbs Triggers Significant Healthcare and Privacy Law Concerns and Confusion

Photo of Aleksandra VoldPhoto of Amy FoutsBy Aleksandra Vold and Amy Fouts on Posted in Data Privacy, Healthcare, HIPAA/HITECH
To help guide entities through the significant confusion and changes that will be evolving for the next several years, BakerHostetler has assembled the Dobbs Decision Task Force (DDTF), led by attorneys in five major areas (healthcare/health tech, privacy, labor and employment, employee benefits, and white collar). Like many others, healthcare entities are facing immediate uncertainty … Continue Reading

Privacy-Forward California AG Xavier Becerra Confirmed as Next HHS Secretary

Photo of Aleksandra VoldPhoto of BakerHostetlerBy Aleksandra Vold and BakerHostetler on Posted in HHS
On March 19, 2021, Xavier Becerra was confirmed as the secretary of the U.S. Department of Health and Human Services (HHS). HHS is the federal regulatory body that oversees the Office for Civil Rights (OCR), which is the primary federal enforcer of the Health Insurance Portability and Accountability Act (HIPAA). The secretary oversees 11 operating … Continue Reading

CISA Updates Advisory on Large-Scale Impending and Credible Ransomware Threat to Healthcare to Include Additional IOCs

Photo of Aleksandra VoldPhoto of Sara GoldsteinBy Aleksandra Vold and Sara Goldstein on Posted in Healthcare, HHS
On Oct. 28, a joint cybersecurity advisory was published by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Department of Health & Human Services. The advisory warned of an imminent cybercrime threat to U.S. hospitals and healthcare providers – specifically that a large-scale ransomware attack may be on the very near horizon. BakerHostetler’s coverage … Continue Reading

The Destruction of Privilege and Work Product Protection for Data Breach Investigations?

Photo of Craig A. HoffmanPhoto of Theodore J. Kobus IIIPhoto of Lynn SessionsPhoto of Casie CollignonPhoto of David CarneyPhoto of Joseph L. BruemmerPhoto of Thomas HoganPhoto of Aleksandra VoldBy Craig A. Hoffman, Theodore J. Kobus III, Lynn Sessions, Casie Collignon, David Carney, Joseph L. Bruemmer, Thomas Hogan and Aleksandra Vold on Posted in Data Breaches
Attorneys play an important role in the incident response process. A skilled and experienced attorney can help organizations effectively respond to a security incident in a way that complies with obligations, protects key relationships, and prevents or mitigates financial consequences. Unfortunately, some have sold the value of involving an attorney in the incident response process … Continue Reading

Federal Court Invalidates 2013 HIPAA Omnibus Rule Regulations and HHS Guidance on Fees for Copies of Medical Records

Photo of Sara GoldsteinPhoto of Aleksandra VoldPhoto of BakerHostetlerBy Sara Goldstein, Aleksandra Vold and BakerHostetler on Posted in HHS, HIPAA/HITECH
In what is being seen as a strong rebuke to years of regulatory overreach, the United States District Court for the District of Columbia entered an order on January 23, 2020 that invalidates provisions of the 2013 Omnibus Rule to the Health Insurance Portability and Accountability Act (“HIPAA”) and 2016 guidance issued by United States … Continue Reading

‘Apparent Inconsistency’ in HITECH Language Leads HHS OCR to Significantly Decrease Yearly Fines

Photo of Aleksandra VoldBy Aleksandra Vold on Posted in HIPAA/HITECH, Medical Privacy
On April 26, 2019, the U.S. Department of Health & Human Services (HHS) issued an announcement that the annual penalty cap for three of the four tiers of HIPAA violations would be reduced significantly to match what HHS called a “better reading” of inconsistent language found in the Health Information Technology for Economic and Clinical … Continue Reading

Best Cybersecurity Practices for Healthcare Organizations – Insider-Caused Data Loss

Photo of Aleksandra VoldPhoto of BakerHostetlerBy Aleksandra Vold and BakerHostetler on Posted in HHS, HIPAA/HITECH, Medical Privacy
This article is part of a series of blog posts exploring the recommendations and guidance Health & Human Services (HHS) provides to healthcare organizations in its Cybersecurity Best Practices report. For previous articles in the series, click here. While any security incident may cause an entity heartburn, when the incident is traced back to an … Continue Reading

Best Cybersecurity Practices for Healthcare Organizations – Loss or Theft of Devices

Photo of Aleksandra VoldPhoto of BakerHostetlerBy Aleksandra Vold and BakerHostetler on Posted in HHS, HIPAA/HITECH
This article is part of a series of blog posts exploring the recommendations and guidance Health & Human Services (HHS) provides to healthcare organizations in its Cybersecurity Best Practices report. For previous articles in the series, click here. The report on cybersecurity best practices (Report) weighs in on one of the issues many entities find … Continue Reading

Best Cybersecurity Practices for Healthcare Organizations – Ransomware Prevention

Photo of Aleksandra VoldPhoto of BakerHostetlerBy Aleksandra Vold and BakerHostetler on Posted in HHS, HIPAA/HITECH, Phishing, Ransomware
This article is part of a series of blog posts exploring the recommendations and guidance Health & Human Services (HHS) provides to healthcare organizations in its “Cybersecurity Best Practices” report. For previous articles in the series, click here. The report on cybersecurity best practices (Report) is not the first time HHS has discussed the prevalent … Continue Reading

Best Cybersecurity Practices for Healthcare Organizations – Phishing Prevention

Photo of Aleksandra VoldPhoto of BakerHostetlerBy Aleksandra Vold and BakerHostetler on Posted in Cybersecurity, HHS, HIPAA/HITECH
This article is part of a series of blog posts exploring the recommendations and guidance Health and Human Services (HHS) provides healthcare organizations in its Cybersecurity Best Practices report. For previous articles in the series, click here. In its report on cybersecurity best practices, HHS highlights email phishing attacks as one of the top threats … Continue Reading

HHS Issues Cybersecurity Guidance for Healthcare Organizations

Photo of Aleksandra VoldPhoto of BakerHostetlerBy Aleksandra Vold and BakerHostetler on Posted in Cybersecurity, HHS
BakerHostetler will post a series of blogs to fully explore the recommendations and guidance Health and Human Services provides healthcare organizations in its report. Cyberattacks continue to rise across industries, and healthcare is no different. Eighty percent of U.S. physicians reported having experienced some form of cyberattack. In 2017, cyberattacks cost small and midsize businesses … Continue Reading
LexBlog