2023 HHS published a request for information looking for input from the public on two requirements from the HITECH Act that have yet to be finalized: (1) the requirement for HHS to take into account “recognized security practices” of covered entities and business associates when determining potential fines; and (2) the requirement to share a portion of monetary penalties recovered in a breach with the individuals harmed by the breach. In recent years, HHS has also been active in releasing targeted guidance documents on how HIPAA applies in unique situations such as in the context of telehealth, developers of mobile health apps and the Covid-19 pandemic. In February 2024, HHS and the Substance Abuse and Mental Health Services Administration issued final rulemaking related to the confidentiality of substance use disorder records pursuant to a statutory directive to align certain parts of HIPAA and the federal substance use disorder regulations (known as “Part 2” because they are located at 42 C.F.R. part 2). In April 2024, HHS issued final regulations addressing the use / disclosure of PHI in the context of reproductive health care. However, on June 18, 2025, the U.S. District Court for the Northern District of Texas issued an order declaring unlawful and vacating most of the April 2024 HIPAA regulations focused on reproductive health care (Purl v. United States Department of Health and Human Services, 787 F.Supp.3d 284, N.D. Tx. (Jun. 18, 2025). In December 2024, HHS released a proposed rule that would modify the HIPAA Security Rule to require covered entities and business associates to improve their cybersecurity protections. Medical Research - 2018 Requirements Regulation 45 C.F.R. § 46.01 ensures that the rights of an individual are protected during a research project and applies to most federally- funded research. Privacy and confidentiality are key elements along with informed consent of the person involved in the research. The Rule, formally known as the Common Rule, was revised in 2017 and is now officially referred to as the 2018 Requirements.
23
Made with FlippingBook - Online Brochure Maker