On January 25, 2013, the Department of Health and Human Services (“HHS”) published in the Federal Register the highly anticipated Omnibus Rule, which strengthens and amends existing regulations in the HIPAA Privacy and Security Rules. The rule will significantly affect health technology companies, including telehealth companies, data centers, and personal health record vendors, with an

When evaluating the various legal and regulatory hurdles associated with telehealth—such as licensure, reimbursement, and privacy—one hurdle that often goes overlooked is the corporate practice of medicine.  Many states have enacted laws which directly or indirectly are viewed as prohibiting the “corporate practice” of medicine.  While variations exist among states, the doctrine

While tech companies looking to provide health solutions must figure out early on whether they are HIPAA-regulated, HIPAA is not the be-all and end-all of privacy law. Even entities not regulated under HIPAA must abide by other privacy rules, including a wide array of state privacy laws. On December 6, 2012, in the state’s

The recent discovery of a security flaw that allows Skype accounts to essentially be hijacked has again raised the issue of the security of web-based platforms—and whether providers can meet their HIPAA obligations when using these communication tools.  The issue of Skype and similar platforms and HIPAA compliance is one that I am often asked

With a new era of active enforcement of the HIPAA privacy and security laws upon us, companies need to figure out early-on whether they are regulated under HIPAA, either as covered entities or business associates.  However, determining whether a company is subject to the HIPAA privacy and security requirements is not always straightforward, especially

Mobile application (“app”) development is the new boon for technology companies of all sizes, and the phrase “There’s an app for that” tells the story of just how much this market has grown and matured.  Most of the early app development focused on low risk opportunities—those involving free or low-cost social media or gaming apps.