Gicel Tomimbang

Subscribe to all posts by Gicel Tomimbang

HHS Publishes Notice of Proposed Rulemaking to Amend HIPAA Security Rule Requirements—Comments Due March 7, 2025

By Gicel Tomimbang, John Wyand and Julia Jacobson on Posted in Cybersecurity, Data Protection, HIPAA, Privacy, Proposed Rule
Summary On December 27, 2024, the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) published its Notice of Proposed Rulemaking (“NPRM”) titled HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information. HHS seeks comments on proposed modifications to the Security Standards for the Protection of Electronic Protected Health … Continue Reading

Are You Ready? Deadline to Comply with HIPAA Requirements for Reproductive Health Care PHI December 23, 2024

By John Wyand and Gicel Tomimbang on Posted in HIPAA, Privacy, Regulations
In response to the shifting legal landscape around reproductive health care, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) finalized amendments to the HIPAA Privacy Rule to strengthen privacy protections for highly sensitive protected health information (PHI) related (or potentially related) to reproductive health care. OCR announced the final rule … Continue Reading

42 C.F.R. Part 2 Final Rule to Align with the HIPAA Privacy Rules

By John Wyand, Kimberly Donovan, John Bunch and Gicel Tomimbang on Posted in Department of Health and Human Services, HHS, HIPAA, Privacy
The US Department of Health and Human Services, Office for Civil Rights (OCR)and the Substance Abuse and Mental Health Services Administration issued a Final Rule modifying the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations under 42 C.F.R. Part 2 (Part 2), applicable to certain federally assisted SUD treatment programs (Part 2 Programs), and … Continue Reading

Florida Electronic Health Records Exchange Act Amended – Health Records Maintained by Qualifying Health Care Providers Must Be Stored in the U.S., U.S. Territories, and Canada Only

By Julia Jacobson, John Wyand, Kimberly Donovan and Gicel Tomimbang on Posted in Data Protection, Digital Health, Electronic Health Records, Florida, HIPAA
On May 8, 2023, Governor Ron DeSantis of Florida signed CS/CS/SB 264, amending a suite of Florida statutes to impose heightened requirements on business activities involving foreign interests.  As related to the health care industry, CS/CS/SB 264 amended the Florida Electronic Health Records Exchange Act (“Act”) to, among other things, require “health care providers” that … Continue Reading

OCR Joins Chorus of Regulators Warning About Health Data Tracking Technology

By Julia Jacobson and Gicel Tomimbang on Posted in Compliance, Data Protection, Digital Health, HIPAA, Privacy, Publications, Technology
Key Takeaway: Organizations must conduct a fact-based analysis to determine whether health data collection and tracking technology deployed on their websites and mobile apps complies with the federal Health Insurance Portability and Accountability Act (“HIPAA”) and other applicable laws and guidance. Cookies, web beacons, and similar technology are used to collect and analyze data about … Continue Reading

Healthcare Entities Must Still Comply with 2023 Privacy Laws

By John Wyand and Gicel Tomimbang on Posted in Privacy
As we head into the fourth quarter, US businesses need to assess their progress in preparing for sweeping changes to the California Consumer Privacy Act (“CCPA”) that become effective January 1, 2023, and with compliance with four new state consumer privacy laws (in Colorado, Connecticut, Utah and Virginia) that become effective throughout 2023 (collectively, “2023 … Continue Reading
LexBlog