located at 42 C.F.R. part 2). In April 2023, HHS issued a notice of proposed rulemaking intended to address the use / disclosure of PHI in the context of reproductive health care. And in April 2023 HHS published a request for information looking for input from the public on two requirements from the HITECH Act that have yet to be finalized: (1) the requirement for HHS to take into account “recognized security practices” of covered entities and business associates when determining potential fines; and (2) the requirement to share a portion of monetary penalties recovered in a breach with the individuals harmed by the breach. In recent years, HHS has also been active in releasing targeted guidance documents on how HIPAA applies in unique situations such as in the context of telehealth, developers of mobile health apps and the Covid-19 pandemic. Medical Research - The Common Rule Regulation 45 C.F.R. § 46.01, otherwise known as the Common Rule, ensures that the rights of an individual are protected during a research project and applies to most federally-funded research. Privacy and confidentiality are key elements along with informed consent of the person involved in the research. Federal Trade Commission Act (FTC Act) Section 5 of the Federal Trade Commission Act (FTC Act, 15 U.S.C. § 45) is a federal consumer protection law that prohibits unfair or deceptive commercial practices and has been applied to business practices that affect consumer privacy and data security. The FTC is the most active federal agency relative to privacy matters and has initiated enforcement actions against businesses for, among other things: 1) failure to comply with statements made in their website privacy policies; 2) making material changes to privacy policies without adequate notice to consumers; and 3) failure to provide reasonable and appropriate security and protections to safeguard consumer information.
23
Made with FlippingBook - Online Brochure Maker