On August 29, 2024, the Office for Civil Rights of the United States Department of Health and Human Services (“HHS-OCR”) withdrew its appeal of an order by the United States District Court for the Northern District of Texas’ (“District Court”) declaring unlawful and vacating a portion of an HHS-OCR Bulletin, “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.”  See Am. Hosp. Ass’n v. Becerra, No. 4:23-cv-1110 (N.D. Tex. June 20, 2024).  At its core, the District Court declared that a portion of the HHS-OCR Bulletin was an overstep of the agency’s authority.  While many in the health care industry may breathe a sigh of relief given the proliferation of class action lawsuits focused on tracking technologies and the evolving maze of regulation impacting the industry generally, it is unclear whether HHS-OCR will continue its newfound attempts to regulate the use of tracking technologies.  Regardless, vigilance and caution around website tracking should continue to be exercised.

Read the full post on Proskauer’s Health Care Law Brief.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Matthew J. Westbrook Matthew J. Westbrook

Matt Westbrook is an associate in the Corporate Department and a member of the Health Care Group. His practice focuses on providing regulatory compliance advice for the Firm’s health care clients, including service providers, health plans, operators, investors, and lenders, among others. Matt…

Matt Westbrook is an associate in the Corporate Department and a member of the Health Care Group. His practice focuses on providing regulatory compliance advice for the Firm’s health care clients, including service providers, health plans, operators, investors, and lenders, among others. Matt specifically provides advice on fraud and abuse matters arising under the Federal False Claims Act (FCA), Civil Monetary Penalties Law, Federal Anti-Kickback Statute (AKS), and Physician Self-Referral Law (Stark Law), as well as on the regulations promulgated by the Drug Enforcement Administration (DEA) and the Department of Health and Human Services, including the Office of Inspector General (OIG), Centers for Medicare & Medicaid Services (CMS), and Food and Drug Administration (FDA).

Before joining the Firm, Matt served as senior counsel in OIG’s Administrative and Civil Remedies Branch. At OIG, Matt was responsible for determining whether to impose administrative sanctions, including civil money penalties and Federal health care program exclusions, against health care providers and suppliers, and whether to impose civil money penalties on hospitals and physicians in connection with matters referred to CMS under the Emergency Medical Treatment and Labor Act (EMTALA). During his tenure, Matt also litigated exclusion appeals before administrative law judges and appellate panels of the Departmental Appeals Board; advised United States Attorney’s Offices on exclusions appealed to Federal district courts; resolved voluntary self-disclosures submitted by providers and grant and contract recipients; and participated in the negotiations and settlements of FCA matters by the Department of Justice involving the AKS, Stark Law, CMS reimbursement issues, and DEA and FDA compliance issues. In connection with certain FCA resolutions, Matt also negotiated and monitored corporate integrity agreements.

On the Florida junior circuit and in college, Matt was a competitive tennis player. Matt played on the varsity team and was captain his senior year at Rhodes College, earning ITA Division III and SCAC All-Academic Honor Roll awards his sophomore, junior, and senior years. Matt is an active member of the American Health Law Association (AHLA) and currently serves as a Vice Chair of AHLA’s Fraud and Abuse Practice Group.

Photo of Jonian Rafti, CIPP/US, AIGP Jonian Rafti, CIPP/US, AIGP

Jonian Rafti is an associate in the Corporate Department and a member of the Health Care Group. He regularly represents private equity investors, health systems, management companies, physician groups, and lenders in complex transactional and health care regulatory matters.

Since the start of…

Jonian Rafti is an associate in the Corporate Department and a member of the Health Care Group. He regularly represents private equity investors, health systems, management companies, physician groups, and lenders in complex transactional and health care regulatory matters.

Since the start of his career, Jonian’s practice has exclusively focused on representing a variety of clients in the health care sector. He leverages this industry experience to provide practical and market-driven insight to clients undertaking mergers, acquisitions, joint ventures, financings and other business transactions. In addition to his transactional practice, Jonian provides counsel on a range of regulatory requirements governing the practice of medicine and the health care industry, including the Federal Anti-Kickback Statute, Civil Monetary Penalties Law, Health Care Fraud Statute, Physician Self-Referral Law (Stark Law) and their state counterparts. He also advises clients on corporate practice of medicine restrictions, HIPAA and health data privacy, and health care technology matters.

Jonian is a Certified Information Privacy Professional (CIPP/US) and a Certified Artificial Intelligence Governance Professional (AIGP). As a law student, he worked at the Charities Bureau of the NY Attorney General’s Office on governance and regulatory disputes affecting state not-for-profit corporations.

He has previously served as member of the Board of Directors and Vice-Chair of The Andrew Goodman Foundation, and member of the Bard College Center for Civic Engagement’s Young Alumni Advisory Council.

Photo of Anna W. Chan Anna W. Chan

Anna W. Chan is an associate in the Privacy & Cybersecurity Group and member of the Technology Media & Telecommunications group.

Anna’s practice focuses on privacy and data security. She regularly works with clients in the development and/or enhancement of privacy compliance programs…

Anna W. Chan is an associate in the Privacy & Cybersecurity Group and member of the Technology Media & Telecommunications group.

Anna’s practice focuses on privacy and data security. She regularly works with clients in the development and/or enhancement of privacy compliance programs, including drafting online and offline privacy policies, procedures, and related notices. Anna often assists clients with the drafting, review, and negotiation of data processing agreements. She also has experience counseling clients on privacy-related issues in marketing, such as email and telemarketing, as well as privacy-related issues in the ad tech space, including the use of cross-device tracking technologies.

Anna also regularly assists clients with identifying, evaluating, and addressing cybersecurity risks, including advising on proactive cyber incident readiness activities, such as tabletop exercises and incident response plans. She also assists clients with data breach and cybersecurity incident response, including analyzing breach notification laws and preparation of notices to impacted individuals and regulators. Anna also frequently assists clients in conducting diligence and negotiating privacy and data security aspects of corporate transactions

Prior to joining Proskauer, Anna was a privacy counsel at a Fortune 500 pharmaceutical company, where she advised the company on data privacy compliance for the company’s U.S. operations.

Anna is a Certified Information Privacy Professional in the United States (CIPP/US).

Photo of Leslie Shanklin Leslie Shanklin

Leslie Shanklin is a partner in the Corporate Department, co-head of the Privacy & Cybersecurity Group and a member of the of the Technology, Media & Telecommunications group.

Leslie’s practice focuses on privacy and data security, delivering comprehensive expertise around data-related risk and…

Leslie Shanklin is a partner in the Corporate Department, co-head of the Privacy & Cybersecurity Group and a member of the of the Technology, Media & Telecommunications group.

Leslie’s practice focuses on privacy and data security, delivering comprehensive expertise around data-related risk and compliance. Leslie provides pragmatic, strategic and tech-savvy legal counsel to clients seeking to realize the essential value of data to their businesses while effectively managing risk and preserving trust. Leslie draws from deep legal, practical and technical expertise gained from leading global privacy teams and operations for multinational companies.

Leslie’s experience includes advising on the legal and risk aspects of data strategy, building and operationalizing data protection compliance programs in all regions of the world, providing strategic legal counsel around data privacy and security issues in commercial transactions, advising on legal aspects of information security risk, compliance and incident response, and advising on federal, state and international regulatory enforcement actions.

Leslie advises clients with a global lens, helping clients craft nimble, risk-based, forward-looking approaches to data management in the rapidly-evolving US and international privacy and information security legal landscape, including:

  • Federal laws such as Section 5 of the FTC Act and FTC rules and guidance, COPPA, VPPA, TCPA, and HIPAA
  • State laws such as the California Consumer Privacy Act (CCPA including CPRA amendments) and the California Medical Information Act (CMIA), as well as various existing and evolving laws in other US states such as Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Iowa (ICDPA), Tennessee (TIPA), Indiana (ICDPA), Montana (MCDPA) and Washington (My Health My Data Act)
  • International law and guidance such as the EU General Data Protection Regulation (GDPR), the ePrivacy Directive, the UK Data Protection Act, Brazil’s General Data Protection Law (LGPD), and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)

Leslie is a Certified Information Privacy Professional in the United States (CIPP/US) and Europe (CIPP/E) with the International Association of Privacy Professionals (IAPP). She previously served as Co-Chair of the international Hybrid Broadcast Broadband Television (HbbTV) Association Privacy Task Force.

Prior to joining Proskauer, Leslie led global privacy teams for media and entertainment companies for over a decade and most recently served on the Privacy leadership team for Warner Bros. Discovery.