FTC's Health Breach Notification Rule (HBNR) Practical Law The Journal
HIPAA initially applied only to HIPAA covered entities, specifically, health care plans, health care clearinghouses, and most health care providers. The Health Information Technology for Economic and Clinical Health Act (HITECH Act), part of the American Recovery and Reinvestment Act of 2009 (ARRA), amended HIPAA to expand coverage to include certain service providers known as HIPAA business associates and established data breach notification requirements. ARRA and the HITECH Act also promoted a nationwide migration to electronic health records (EHRs) and the adoption of consumer-facing websites and apps known as PHRs.
This expansion:
Ensured that HIPAA obligations protect the PHRs that HIPAA covered entities manage, or their business associates manage on their behalf.
Still left a gap in data breach notification coverage because many non-HIPAA regulated organizations handle PHRs, including those that offer or operate consumer health apps and connected devices, like fitness trackers and various wearable technologies and monitoring devices.
Congress addressed this gap in the HITECH Act (42 U.S.C. § 17937), directing the FTC to promulgate the HBNR (16 C.F.R. §§ 318.1 to 318.9) for PHRs that fall outside HIPAA. The FTC initially issued the HBNR in 2009 and began enforcement in early 2010 (74 Fed. Reg. 42962-01 (Aug. 25, 2009)). In mid-2024, following a ten-year review, a related policy statement, and further rulemaking activities, the FTC updated the HBNR, clarifying its roles and responsibilities for the current environment, including consumers' widespread health technology and app usage (89 Fed. Reg. 47028-1 (May 30, 2024)).
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Independent
4 days ago
- The Independent
Debt and delayed care forecast for some who lose insurance under tax and spending law
Delayed treatments, canceled doctor visits, skipped prescriptions. Losing insurance is bad for your health. The Congressional Budget Office forecasts that the U.S. uninsured population will grow by 10 million in 2034, due to the tax and spending bill signed into law by President Donald Trump. And, thanks to a natural experiment nearly two decades ago, researchers can forecast what that will mean for patient care. Among the problems they predict will develop as a direct result of these people losing coverage: — About 2.5 million people may no longer have a personal doctor. — About 1.6 million patients will take on medical debt. — The lack of care may cause nearly 22,000 deaths annually. 'There's really no questioning the basic reality that you can't take health care away from 10 million people without causing many preventable deaths,' said Dr. Adam Gaffney, lead researcher on a team that explored the new law's impact. Here's a deeper look at the research and challenges that could develop. How the law may affect coverage It will become harder for many people to enroll in Medicaid or individual insurance plans and then stay covered. Medicaid is a state and federally funded program that covers care for people with low incomes. States will have to verify every six months whether someone remains eligible for Medicaid. That could cause coverage lapses for people with incomes that fluctuate or for those who move and miss renewal paperwork. Many also are expected to lose coverage as states require Medicaid recipients to work, volunteer or go to school unless exempted. Enrollment in Medicaid has swelled in recent years. Republicans are cutting back in part to help fund tax breaks and pay for other priorities like border security. They also say they are trying to root out waste and fraud by rightsizing Medicaid for the population it was initially designed to serve — mainly pregnant women, the disabled and children. People covered through the Affordable Care Act's individual insurance marketplaces also will see shorter enrollment windows and no more automatic renewals. About the research Gaffney, of Harvard Medical School, and other researchers looked to past studies to measure how many people would experience detrimental effects, like going without prescriptions, from the upcoming changes. Gaffney updated the published analysis, which was originally based on the House version of the bill, at the AP's request. One study in particular was critical for their work: In 2008, Oregon offered a rare opportunity to compare groups of people enrolled in Medicaid with those who were not. After a four-year period of frozen enrollment due to budget limitations, the state determined it could enroll 10,000 more people in Medicaid. It used a lottery system to make the selection amid high demand. That gave researchers a chance to follow people who got coverage and those who did not, similar to how scientists testing a new drug might compare patients taking it to those given a placebo. 'This is a gold standard research design because it replicates a randomized-controlled trial,' said Christine Eibner, a senior economist at RAND Corp. who was not involved in the study. Applying results from that study and other research to the recent CBO estimate allowed Gaffney and other researchers to estimate specific effects of losing coverage. 'By taking coverage away, we are putting patients in a terrible position,' said Gaffney, a former president of Physicians for a National Health Program. Care could grow complicated Amanda Schlesier went four days without her cancer treatment Calquence this spring and wound up in a local emergency room, delirious with pain. The leukemia patient worries about what might happen if she stops treatment again for a longer stretch because she's lost Medicaid. 'God forbid I forget to fill out a page of documentation, and suddenly I lose access to my medication or my doctors or any of the treatment that I've been going through,' the 33-year-old Farmington Hills, Michigan, resident said. People can still receive care when they don't have coverage, but important steps often are delayed, said Dr. Gwen Nichols, chief medical officer of The Leukemia & Lymphoma Society. Patients may be able to visit a doctor, but they would have to line up coverage or help before they can receive expensive chemotherapy. Diagnosis also may be delayed. Meanwhile, the patient's cancer continues to grow. 'It's a ticking time bomb,' Nichols said. Preventive care may lapse The first thing patients often ditch when they lose coverage are screenings designed to catch health problems before they become serious, said Dr. Jen Brull, president of the American Academy of Family Physicians. That could mean patients skip tests for high cholesterol, which can contribute to heart disease, or colonoscopies that detect cancer. Researchers forecast that a half million fewer women will have gotten a mammogram within the past year by 2034. When patients struggle financially and lose coverage, they focus on things like keeping a place to live and food on their table, said Brull, a Fort Collins, Colorado, physician. 'Seeing a doctor because you don't want to get sick feels like a much lower priority,' Brull said. Financial pressure can build Patients start taking financial hits at all ends of care when they lose coverage. They may have to pay up front or start a payment plan before they receive care, said Erin Bradshaw, an executive vice president with the nonprofit Patient Advocate Foundation, which helps people with medical bills. Anyone with an outstanding balance will have to pay it before the next appointment. Financial assistance may be available, but patients don't always know about it. Getting help also may take time and require the submission of tax returns, pay stubs or some validation that the patient no longer has coverage. Bradshaw said letters stating that a patient has lost Medicaid sometimes arrive a couple months after the fact. That can contribute to treatment delays or missed medication doses. Some patients also try to avoid financial stress by skipping care. Schlesier said she delayed seeing a doctor when she first felt symptoms of her cancer returning because she had no coverage at the time. Staying on medications If prescriptions are too expensive, patients may simply not get them or split the doses to stretch the medicine. For Thomas Harper, it's a question of priorities. 'Sometimes you have to make a choice, how well do you want to eat this week versus taking your medicine,' he said. The West Monroe, Louisiana, truck driver has around $300 a month in prescriptions as he deals with diabetes and recovers from non-Hodgkin lymphoma, a type of blood cancer. Harper, 57, recently returned to work. That meant he lost Medicaid, which covered more of his prescription costs. He's balancing buying his meds with shopping for healthy food that keeps his blood sugar in check and builds his immune system. 'I'll survive, but I know there's people out there that cannot survive without Medicaid,' he said. ___ AP video journalist Laura Bargfeld contributed to this report. ___ The Associated Press Health and Science Department receives support from the Howard Hughes Medical Institute's Science and Educational Media Group. The AP is solely responsible for all content.
The Herald Scotland
4 days ago
- The Herald Scotland
Trump plan eases sharing of computerized health records
Trump touted the idea of eliminating redundancies such as filling out paperwork at multiple health providers offices. "This will allow patients to easily transmit information from one doctor to another," Trump said during a July 30 briefing with Health and Human Services Secretary Robert F. Kennedy Jr. and Centers for Medicare & Medicaid Services Administrator Mehmet Oz. Trump emphasized the initiative will be voluntary and require patients to opt in. He added there will be no centralized, government-run database storing patients' personal records. "People are very concerned about the personal records," Trump said. "That's their choice ... it will be absolutely quiet." Large hospital systems and some doctors allow patients to share health information, fill out forms and schedule appointments through websites and mobile apps. And health tech companies have developed apps that allow people to track their health information, but these apps often can't access medical records from health providers, said Amy Gleason, acting administrator of the Department of Government Efficiency, or DOGE. Companies operating 21 networks have agreed to an "interoperability framework" to meet Centers for Medicare & Medicaid Services criteria, according to the Trump administration. Hospital systems and electronic health records vendors have agreed to cooperate in the effort, according to CMS. Participating apps would help people manage obesity and diabetes, including the use of AI assistants to help check symptoms or schedule appointments, CMS said. Privacy, data security remain top worries The health care industry and tech companies have been attempting to reduce paperwork and seamlessly share electronic health records for three decades, said Chris Pierson, CEO of BlackCloak, an Orlando, Florida-based cybersecurity company. Hospitals, doctors, labs and vendors that directly handle such sensitive medical records are subject to a federal privacy law, called the Health Insurance Portability and Accountability Act, or HIPAA. To make health information and records more portable and accessible, consumers need to be guaranteed strong privacy protections and granted control over what information is shared, Pierson said. A consumer might be willing to share their sensitive information with doctors, hospitals or labs. But the same person might want to block an app from sharing records with third parties such as exercise equipment vendors or nutritional supplement retailers. Pierson said such apps would likely still need to comply with HIPAA and other federal and state laws. Given that the apps are voluntary and require consent, they likely would comply with privacy laws, Pierson said. Companies also would need to safeguard information technology security to protect the sensitive information from data breaches. Hackers target health records Digital medical records are a popular target for hackers seeking sensitive health information, bank records and a person's identifiable information such as dates of birth and Social Security numbers. The number of attacks has surged in recent years and are often carried out by organized hackers, often operating overseas, who target the computer systems of health providers and the vendors and companies that serve them. HHS investigates whether breaches involve violations of health information privacy and security laws and publicly reports attacks that affect 500 or more on its website. In July alone, more than two dozen data breaches compromised the records of more than 3 million people, HHS records show. The largest hack in recent years involved the February 2024 attack on UnitedHealth-owned subsidiary Change Healthcare. The attack disrupted the health care industry because doctors and hospitals were unable to collect payments for weeks when computer systems went down.
Reuters
5 days ago
- Reuters
Cigna beats profit estimate on robust health services growth
July 31 (Reuters) - Cigna (CI.N), opens new tab beat Wall Street estimate for second-quarter profit on Thursday, helped by strength in its pharmacy benefit management business. It is one of the last health insurers to report quarterly results for the sector, which has been bogged down by persistently high medical costs in government-backed plans. Cigna, however, is insulated from such cost pressures as it recently sold its Medicare business to Health Care Service Corp. It banks more on its pharmacy benefit management and commercial health insurance businesses. "Our performance in the second quarter reflects our disciplined execution and the strength of our business mix," said CEO David Cordani. Revenue from its Evernorth healthcare services unit, which includes Cigna's pharmacy benefit management business, rose 17% to $57.83 billion during the quarter. Pharmacy benefit managers help negotiate drug prices and coverage with manufacturers on behalf of employers and health plan clients. PBMs' business practices, however, have drawn increasing scrutiny in recent years from U.S. lawmakers looking to lower drug prices, state attorneys generals and from the Federal Trade Commission, which released a report earlier this year accusing PBMs of inflating drug costs. Cigna's adjusted profit of $7.20 per share topped analysts' average estimate of $7.15 per share, according to data compiled by LSEG. The company maintained its annual adjusted profit forecast of at least $29.60 per share, while analysts expect $29.68 per share. For the quarter, it reported a medical care ratio — the percentage of premiums spent on medical care — of 83.2%, up from 82.3% a year earlier, but in line with analysts' estimate. The company said the increase was due to higher stop-loss medical costs. Stop-loss insurance plans help protect health plan sponsors, typically an employer, when medical claims pass a pre-designated threshold.
