Data privacy and security legislation and enforcement saw significant activity in 2018 and early 2019. McDermott’s 2018 Digital Health Year in Review: Focus on Data report – the first in a four-part series – highlights notable developments and guidance that health care providers, digital health companies and other health care industry stakeholders should navigate in

Throughout 2017, the health care and life sciences industries experienced a widespread proliferation of digital health innovation that presents challenges to traditional notions of health care delivery and payment as well as product research, development and commercialization for both long-standing and new stakeholders. At the same time, lawmakers and regulators made meaningful progress toward modernizing

In October 2016, the American Association of Retired Persons (AARP) sued the US Equal Employment Opportunity Commission (EEOC) in the US District Court for the District of Columbia seeking an injunction against the latest iteration of wellness program regulations. The final EEOC regulations issued last year offer employers a roadmap for offering employee wellness programs

Jennifer Geetter and Dale Van Demark wrote this bylined article on how companies must manage and govern their use of digital healthcare information assets. “Organizations will need to design and implement digital governance structures that … include additional components and organizational stakeholders, in order to meet the business and strategic demands of the digital health

In the presentation “Highlights of Record Retention Requirements Applicable to Employee Benefit Plans,” Todd A. Solomon detailed the general rules of The Employee Retirement Income Security Act of 1974 (ERISA). He discussed several specific record-keeping requirements for employee benefit plans and a number of general requirements that imply a duty to retain records, for example

The US Department of Health and Human Services has recently issued guidance under the Health Insurance Portability and Accountability Act on what covered entities and business associates can do to prevent and recover from ransomware attacks; however, other state data breach notification laws can also be triggered by a ransomware attack. The authors of this

In a presentation to the Silicon Valley Employers Forum, Susan M. Nash discussed recent updates to select health and welfare plans while outlining some potential issues. The agenda included changes to exchange notices, corrections to Form 1094 and 1095, issues regarding the Affordable Care Act (ACA) Section 1557 and the Equal Employment Opportunity Commission’s (EEOC)

Joanna Kerpen authored an article on final HIPAA rules for privacy enforcement and audit programs, particularly those with additional requirements aimed at group health plan sponsors. This report focuses on the final regulations issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), in January 2013, HIPAA enforcement and audit programs, HIPAA-related additional

On July 28, 2016, US Department of Health and Human Services (HHS) issued guidance (guidance) under the Health Insurance Portability and Accountability Act (HIPAA) on what covered entities and business associates can do to prevent and recover from ransomware attacks. Ransomware attacks can also trigger concerns under state data breach notification laws.

Ransomware is a