Edward G. Zacharias
Subscribe to Edward G. Zacharias's PostsEdward G. Zacharias is the managing partner of McDermott’s Boston office. Clients across the healthcare industry and beyond turn to him for practical, business-oriented counsel on their most significant privacy and cybersecurity compliance, healthcare regulatory and transactional matters. Ed’s clients include “Big Tech” companies, health information technology and digital health companies, healthcare providers, insurers, electronic health record platforms, pharmacies, drug and device manufacturers, life sciences companies and health services vendors. Read Edward Zacharias' full bio.
HHS Publishes New Rights of Conscience Final Rule
By Gregory Fosheim, Sumaya Noush, David Quinn Gacioch and Edward G. Zacharias on Mar 28, 2024
Posted In Employee Benefits, Health and Welfare Plans
On January 11, 2024, the US Department of Health and Human Services (HHS) published its new final rule governing federal healthcare conscience protection statutes. The 2024 final rule, which went into effect March 11, 2024, repeals the majority of the prior final rule from 2019 that was found to be unlawful by three federal courts...
Continue Reading
FTC Proposes Health Breach Notification Rule Amendments
By Jennifer S. Geetter, Edward G. Zacharias and Purnima Boominathan on Jun 20, 2023
Posted In Digital Health, Employee Benefits, Health and Welfare Plans
At a recent open Commission meeting, the Federal Trade Commission (FTC) voted unanimously to issue a Notice of Proposed Rulemaking to amend the Health Breach Notification Rule (HBNR). The FTC’s proposed amendment aims to codify the HBNR’s application to digital health and mobile technologies. However, several aspects of the proposed amendment lack clarity and are...
Continue Reading
Major Changes Proposed to Substance Use Disorder Confidentiality Law
By Scott Weinstein, Edward G. Zacharias, Abby Higgins and Li Wang on Jan 24, 2023
Posted In Employee Benefits, Health and Welfare Plans
In a Notice of Proposed Rulemaking published December 2, 2022 (the Proposed Rule), the United States Department of Health and Human Services (HHS) proposed long-awaited changes to the regulations protecting the confidentiality of substance use disorder patient records under Part 2 of Title 42 of the Code of Federal Regulations (42 CFR Part 2, or...
Continue Reading
HHS Issues Guidance on Requirements Under HIPAA for Online Tracking Technologies, Addressing Privacy and Security Concerns Related to Health Information
By Jennifer S. Geetter, Elliot R. Golding, Amy C. Pimentel, Scott Weinstein, Edward G. Zacharias and Marine Margaryan on Dec 20, 2022
Posted In Privacy and Data Security
On December 1, 2022, the Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) issued a Bulletin on the obligations of covered entities and business associates (regulated entities) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules (HIPAA Rules) when using online tracking...
Continue Reading
FTC Issues Policy Statement Expanding Interpretation of Health Breach Notification Rule’s Scope
By Carolyn Metnick, Edward G. Zacharias and Sam Siegfried on Oct 13, 2021
Posted In Digital Health, Employee Benefits, Health and Welfare Plans, Privacy and Data Security
On September 15, 2021, the Federal Trade Commission (FTC) voted 3–2 along party lines (with Republican commissioners dissenting) to issue a policy statement announcing an expansive interpretation of the FTC’s Health Breach Notification Rule, 16 CFR Part 318 (the Rule). According to the policy statement, the Rule applies to health apps and connected devices that...
Continue Reading
HIPAA Boss Sees ‘Low-Hanging Fruit’ Ripe For Enforcement
By Edward G. Zacharias on Feb 18, 2020
Posted In Health and Welfare Plans, Privacy and Data Security
Healthcare providers and insurers are still making tons of rookie mistakes on patient privacy, turning themselves into easy enforcement targets, according to Roger Severino, director of the US Department of Health and Human Services. Severino made headlines in 2017 for expressing interest in punishing a “big, juicy, egregious” privacy breach, and seemingly followed through with...
Continue Reading
HHS Office of Inspector General Calls for Increased Oversight and Enforcement of HIPAA
By Amy C. Pimentel, Edward G. Zacharias and Daniel F. Gottlieb on Nov 19, 2015
Posted In Employment, Health and Welfare Plans, Privacy and Data Security
On September 29, 2015, the U.S. Department of Health and Human Services Office of the Inspector General (OIG), Office of Evaluation and Inspections, released two studies calling on the HHS Office for Civil Rights (OCR) to strengthen its efforts in both general enforcement of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Standards and...
Continue Reading
OCR Launches Phase 2 HIPAA Audit Program with Pre-Audit Screening Surveys
By Edward G. Zacharias, Daniel F. Gottlieb and Ryan S. Higgins on May 26, 2015
Posted In Health and Welfare Plans, Privacy and Data Security
HIPAA covered entities have reported that the HHS Office for Civil Rights recently sent pre-audit screening surveys to a pool of covered entities that may be selected for the previously delayed second phase of HIPAA compliance audits. This On the Subject describes the phase two audit program and identifies steps that covered entities and business...
Continue Reading
OCR to Begin Phase 2 of HIPAA Audit Program
By Edward G. Zacharias and Daniel F. Gottlieb on Aug 26, 2014
Posted In Health and Welfare Plans, Privacy and Data Security
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) will soon begin a second phase of audits (Phase 2 Audits) of compliance with Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy, security and breach notification standards (HIPAA Standards) as required by the Health Information Technology for Economic and Clinical...
Continue Reading
