On August 29, 2024, the Office for Civil Rights of the United States Department of Health and Human Services (“HHS-OCR”) withdrew its appeal of an order by the United States District Court for the Northern District of Texas’ (“District Court”) declaring unlawful and vacating a portion of an HHS-OCR Bulletin, “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.”  See Am. Hosp. Ass’n v. Becerra, No. 4:23-cv-1110 (N.D. Tex. June 20, 2024).  At its core, the District Court declared that a portion of the HHS-OCR Bulletin was an overstep of the agency’s authority.  While many in the health care industry may breathe a sigh of relief given the proliferation of class action lawsuits focused on tracking technologies and the evolving maze of regulation impacting the industry generally, it is unclear whether HHS-OCR will continue its newfound attempts to regulate the use of tracking technologies.  Regardless, vigilance and caution around website tracking should continue to be exercised.

Read the full post on Proskauer’s Health Care Law Brief.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Matthew J. Westbrook Matthew J. Westbrook

Matt Westbrook is an associate in the Corporate Department and a member of the Health Care Group. His practice focuses on providing regulatory compliance advice for the Firm’s health care clients, including service providers, health plans, operators, investors, and lenders, among others. Matt…

Matt Westbrook is an associate in the Corporate Department and a member of the Health Care Group. His practice focuses on providing regulatory compliance advice for the Firm’s health care clients, including service providers, health plans, operators, investors, and lenders, among others. Matt specifically provides advice on fraud and abuse matters arising under the Federal False Claims Act (FCA), Civil Monetary Penalties Law, Federal Anti-Kickback Statute (AKS), and Physician Self-Referral Law (Stark Law), as well as on the regulations promulgated by the Drug Enforcement Administration (DEA) and the Department of Health and Human Services, including the Office of Inspector General (OIG), Centers for Medicare & Medicaid Services (CMS), and Food and Drug Administration (FDA).

Before joining the Firm, Matt served as senior counsel in OIG’s Administrative and Civil Remedies Branch. At OIG, Matt was responsible for determining whether to impose administrative sanctions, including civil money penalties and Federal health care program exclusions, against health care providers and suppliers, and whether to impose civil money penalties on hospitals and physicians in connection with matters referred to CMS under the Emergency Medical Treatment and Labor Act (EMTALA). During his tenure, Matt also litigated exclusion appeals before administrative law judges and appellate panels of the Departmental Appeals Board; advised United States Attorney’s Offices on exclusions appealed to Federal district courts; resolved voluntary self-disclosures submitted by providers and grant and contract recipients; and participated in the negotiations and settlements of FCA matters by the Department of Justice involving the AKS, Stark Law, CMS reimbursement issues, and DEA and FDA compliance issues. In connection with certain FCA resolutions, Matt also negotiated and monitored corporate integrity agreements.

On the Florida junior circuit and in college, Matt was a competitive tennis player. Matt played on the varsity team and was captain his senior year at Rhodes College, earning ITA Division III and SCAC All-Academic Honor Roll awards his sophomore, junior, and senior years. Matt is an active member of the American Health Law Association (AHLA) and currently serves as a Vice Chair of AHLA’s Fraud and Abuse Practice Group.

Photo of Jonian Rafti Jonian Rafti

Jonian Rafti is an associate in the Corporate Department and a member of the Health Care Group. Since law school, his practice has exclusively focused on representing a variety of clients in the health care sector, including hospitals and health systems, physician organizations…

Jonian Rafti is an associate in the Corporate Department and a member of the Health Care Group. Since law school, his practice has exclusively focused on representing a variety of clients in the health care sector, including hospitals and health systems, physician organizations, telehealth platforms, and digital health companies.

Jonian provides legal advice on a range of regulatory, corporate, and transactional matters governing the practice of medicine and the health care industry, including: federal and state fraud and abuse compliance; HIPAA; scope of practice limitations; telehealth encounter requirements; practice expansions; and general corporate and business planning.

Jonian is a Certified Information Privacy Professional (CIPP/US). As a law student, he worked at the Charities Bureau of the New York State Office of the Attorney General on matters affecting state not-for-profit corporations.

Photo of Leslie Shanklin Leslie Shanklin

Leslie Shanklin is a partner in the Corporate Department, co-head of the Privacy & Cybersecurity Group and a member of the of the Technology, Media & Telecommunications group.

Leslie’s practice focuses on privacy and data security, delivering comprehensive expertise around data-related risk and…

Leslie Shanklin is a partner in the Corporate Department, co-head of the Privacy & Cybersecurity Group and a member of the of the Technology, Media & Telecommunications group.

Leslie’s practice focuses on privacy and data security, delivering comprehensive expertise around data-related risk and compliance. Leslie provides pragmatic, strategic and tech-savvy legal counsel to clients seeking to realize the essential value of data to their businesses while effectively managing risk and preserving trust. Leslie draws from deep legal, practical and technical expertise gained from leading global privacy teams and operations for multinational companies.

Leslie’s experience includes advising on the legal and risk aspects of data strategy, building and operationalizing data protection compliance programs in all regions of the world, providing strategic legal counsel around data privacy and security issues in commercial transactions, advising on legal aspects of information security risk, compliance and incident response, and advising on federal, state and international regulatory enforcement actions.

Leslie advises clients with a global lens, helping clients craft nimble, risk-based, forward-looking approaches to data management in the rapidly-evolving US and international privacy and information security legal landscape, including:

  • Federal laws such as Section 5 of the FTC Act and FTC rules and guidance, COPPA, VPPA, TCPA, and HIPAA
  • State laws such as the California Consumer Privacy Act (CCPA including CPRA amendments) and the California Medical Information Act (CMIA), as well as various existing and evolving laws in other US states such as Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Iowa (ICDPA), Tennessee (TIPA), Indiana (ICDPA), Montana (MCDPA) and Washington (My Health My Data Act)
  • International law and guidance such as the EU General Data Protection Regulation (GDPR), the ePrivacy Directive, the UK Data Protection Act, Brazil’s General Data Protection Law (LGPD), and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)

Leslie is a Certified Information Privacy Professional in the United States (CIPP/US) and Europe (CIPP/E) with the International Association of Privacy Professionals (IAPP). She previously served as Co-Chair of the international Hybrid Broadcast Broadband Television (HbbTV) Association Privacy Task Force.

Prior to joining Proskauer, Leslie led global privacy teams for media and entertainment companies for over a decade and most recently served on the Privacy leadership team for Warner Bros. Discovery.