Edward G. Zacharias
Subscribe to Edward G. Zacharias's Posts
Edward G. Zacharias is the managing partner of McDermott’s Boston office. Clients across the healthcare industry and beyond turn to him for practical, business-oriented counsel on their most significant privacy and cybersecurity compliance, healthcare regulatory and transactional matters. Ed’s clients include “Big Tech” companies, health information technology and digital health companies, healthcare providers, insurers, electronic health record platforms, pharmacies, drug and device manufacturers, life sciences companies and health services vendors. Read Edward Zacharias' full bio.
Federal Court Invalidates Key Part of HHS OCR Bulletin Regarding Application of HIPAA to Online Tracking Technologies
By Ryan S. Higgins, David Quinn Gacioch, Jennifer S. Geetter, Daniel F. Gottlieb and Edward G. Zacharias on Aug 27, 2024
Posted In Digital Health, Employee Benefits, Health and Welfare Plans
In a consequential decision for Health Insurance Portability and Accountability Act (HIPAA)-regulated entities, on June 20, 2024, the US District Court for the Northern District of Texas ruled that the US Department of Health and Human Services Office for Civil Rights exceeded its authority in certain respects in sub-regulatory guidance. The guidance concerned HIPAA’s application...
Continue Reading
FTC Amends Health Breach Notification Rule to Regulate Health Apps and Expand Breach Notification Requirements
By Jennifer S. Geetter, Edward G. Zacharias, Alya Sulaiman, Kyle E. Hafkey and Abby Higgins on Jun 26, 2024
Posted In Digital Health, Privacy and Data Security
On April 26, 2024, the Federal Trade Commission (FTC) issued a final rule to amend its Health Breach Notification Rule (HBN Rule). The HBN Rule works as a compliment and counterpart to the breach notification requirements established under the Health Insurance Portability and Accountability Act (HIPAA) for HIPAA-regulated entities. Specifically, the HBN Rule requires that...
Continue Reading
OCR Update on Tracking Technologies Provides Little Relief for HIPAA-Regulated Entities
By Jennifer S. Geetter, David Quinn Gacioch, Elliot R. Golding, Daniel F. Gottlieb, Ryan S. Higgins and Edward G. Zacharias on May 14, 2024
Posted In Digital Health, Employee Benefits, Health and Welfare Plans, Privacy and Data Security
On March 18, 2024, the US Department of Health and Human Services Office for Civil Rights (OCR) issued an update to its December 1, 2022, bulletin titled “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.” In releasing the 2024 update, OCR stated that its purpose was to “increase clarity for regulated...
Continue Reading
HHS Publishes New Rights of Conscience Final Rule
By Gregory Fosheim, Sumaya Noush, David Quinn Gacioch and Edward G. Zacharias on Mar 28, 2024
Posted In Employee Benefits, Health and Welfare Plans
On January 11, 2024, the US Department of Health and Human Services (HHS) published its new final rule governing federal healthcare conscience protection statutes. The 2024 final rule, which went into effect March 11, 2024, repeals the majority of the prior final rule from 2019 that was found to be unlawful by three federal courts...
Continue Reading
FTC Proposes Health Breach Notification Rule Amendments
By Jennifer S. Geetter, Edward G. Zacharias and Purnima Boominathan on Jun 20, 2023
Posted In Digital Health, Employee Benefits, Health and Welfare Plans
At a recent open Commission meeting, the Federal Trade Commission (FTC) voted unanimously to issue a Notice of Proposed Rulemaking to amend the Health Breach Notification Rule (HBNR). The FTC’s proposed amendment aims to codify the HBNR’s application to digital health and mobile technologies. However, several aspects of the proposed amendment lack clarity and are...
Continue Reading
Major Changes Proposed to Substance Use Disorder Confidentiality Law
By Scott Weinstein, Edward G. Zacharias, Abby Higgins and Li Wang on Jan 24, 2023
Posted In Employee Benefits, Health and Welfare Plans
In a Notice of Proposed Rulemaking published December 2, 2022 (the Proposed Rule), the United States Department of Health and Human Services (HHS) proposed long-awaited changes to the regulations protecting the confidentiality of substance use disorder patient records under Part 2 of Title 42 of the Code of Federal Regulations (42 CFR Part 2, or...
Continue Reading
HHS Issues Guidance on Requirements Under HIPAA for Online Tracking Technologies, Addressing Privacy and Security Concerns Related to Health Information
By Jennifer S. Geetter, Elliot R. Golding, Amy C. Pimentel, Scott Weinstein, Edward G. Zacharias and Marine Margaryan on Dec 20, 2022
Posted In Privacy and Data Security
On December 1, 2022, the Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) issued a Bulletin on the obligations of covered entities and business associates (regulated entities) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules (HIPAA Rules) when using online tracking...
Continue Reading
FTC Issues Policy Statement Expanding Interpretation of Health Breach Notification Rule’s Scope
By Carolyn Metnick, Edward G. Zacharias and Sam Siegfried on Oct 13, 2021
Posted In Digital Health, Employee Benefits, Health and Welfare Plans, Privacy and Data Security
On September 15, 2021, the Federal Trade Commission (FTC) voted 3–2 along party lines (with Republican commissioners dissenting) to issue a policy statement announcing an expansive interpretation of the FTC’s Health Breach Notification Rule, 16 CFR Part 318 (the Rule). According to the policy statement, the Rule applies to health apps and connected devices that...
Continue Reading
HIPAA Boss Sees ‘Low-Hanging Fruit’ Ripe For Enforcement
By Edward G. Zacharias on Feb 18, 2020
Posted In Health and Welfare Plans, Privacy and Data Security
Healthcare providers and insurers are still making tons of rookie mistakes on patient privacy, turning themselves into easy enforcement targets, according to Roger Severino, director of the US Department of Health and Human Services. Severino made headlines in 2017 for expressing interest in punishing a “big, juicy, egregious” privacy breach, and seemingly followed through with...
Continue Reading
HHS Office of Inspector General Calls for Increased Oversight and Enforcement of HIPAA
By Amy C. Pimentel, Edward G. Zacharias and Daniel F. Gottlieb on Nov 19, 2015
Posted In Employment, Health and Welfare Plans, Privacy and Data Security
On September 29, 2015, the U.S. Department of Health and Human Services Office of the Inspector General (OIG), Office of Evaluation and Inspections, released two studies calling on the HHS Office for Civil Rights (OCR) to strengthen its efforts in both general enforcement of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Standards and...
Continue Reading