HITECH Law

On November 28, 2022, HHS released Proposed Rule to amend Part 2 regulation on confidentiality of substance use disorder (SUD) patient records in federally assisted Part 2 Programs. The Proposed Rule would align Part 2 with HIPAA's requirements for consent, disclosure, de-identification, unsecured PHI, data breach notification, and other ...

The FTC recently took enforcement action against an online e-commerce company and its CEO for failing to implement data security policies and procedures to protect the personal information of consumers. The FTC alleged that the company’s inadequate security measures and its website Privacy Policy regarding such measures constituted unfair ...

Best practices in IT data security include the use of multi-factor authentication (MFA) but cyber threat actors are evading the data security that MFA is intended to provide. To combat this, CISA recently issued guidance and fact sheets urging the migration to phishing-resistant MFAs such as FIDO/WebAuthn and PKI-based MFA. If this is not feasible ...