Photo of Garrison Ambrose

Garrison Ambrose

Subscribe to Garrison Ambrose's Posts
Follow:Garrison's Linkedin Profile

The California Attorney General’s Office (AG) unsurprisingly takes an expansive view of how the development, sale, and use of artificial intelligence technology (AI) in healthcare could lead to potential violations of existing California laws. In a recent legal advisory the AG highlights specific areas healthcare organizations should focus on as they develop, train, improve, and deploy AI in connection with patients, plan members, and their data.

In particular, the advisory identifies AI risk hot spots that may trigger certain state consumer protection, anti-discrimination, and privacy/autonomy laws, as described further below.Continue Reading California AG Explains How Laws May Apply to AI in Healthcare

The U.S. Department of Health and Human Services (“HHS”), through its Office for Civil Rights (“OCR”), recently issued a “Dear Colleague” letter, Ensuring Nondiscrimination Through the Use of Artificial Intelligence (“AI”) and Other Emerging Technologies, which emphasizes the importance of fairness and equity in AI use in patient care decision support tools (e.g., clinical algorithms and predictive analytics) in connection with certain health programs and activities. While not the law, HHS continues to provide its views about using AI in health care.  See our prior post about another HHS publication that organizations can use as guidance. Specifically, the letter emphasizes the importance of complying with the federal nondiscrimination requirements of Section 1557 of the Affordable Care Act (“Section 1557”).

OCR’s letter confirms that it will enforce Section 1557’s nondiscrimination protections to the use of AI (effective from July 5, 2024) and it will require organizations that participate in certain regulated programs and activities to identify and mitigate risks of unlawful discrimination when using AI (effective on May 1, 2025). We highlight OCR’s guidance on these two enforcement objectives related to Section 1557 below.Continue Reading HHS Recent Guidance on AI Use in Health Care

In an era where cyberattacks on the health care industry have become alarmingly frequent and catastrophic, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has taken a bold step forward. The recently issued Notice of Proposed Rulemaking (NPRM) is OCR’s direct response to the escalation of cyber threats and

The U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) will start to enforce compliance later this month with new special protections for individuals’ reproductive health information as required by a recently finalized HIPAA Privacy Rule, as we noted in an earlier blog post. While the incoming Trump Administration may change enforcement priorities or even rescind that rule, a settlement from OCR that pre-dated implementation of that rule indicates that OCR already affords this information protection.

The settlement marks OCR’s first enforcement action and settlement against a health care provider centered around, and specific to, an impermissible disclosure of an individual’s reproductive health information under the existing Privacy Rule standards. In other words, regardless of whether the incoming administration rescinds or revises the new protections for reproductive health information, OCR has demonstrated that it considers reproductive health information as highly sensitive and will take enforcement action accordingly under the HIPAA Privacy Rule as it is today.

Organizations would be well advised to take the remaining time before the December 23 compliance date to update existing policies to define the scope of reproductive health care-related protected health information (PHI) within the organization and set forth standards and procedures for how the organization will implement compliance with the new requirements including, for example, how the organization will assess and respond to third-party requests for reproductive health care-related PHI, including situations in which an attestation is required.Continue Reading OCR Sets Precedent with Settlement Over Impermissible Disclosure of Reproductive Health Information

The U.S. Department of Health and Human Services (HHS) has published its Plan for Promoting Responsible Use of Artificial Intelligence in Automated and Algorithmic Systems by State, Local, Tribal, and Territorial Governments in the Administration of Public Benefits (AI Plan for State and Local Governments). It shows the agency’s current thinking on managing risk from

The Centers for Medicare & Medicaid Services (“CMS”) and the Office of the National Coordinator for Health Information Technology (“ONC”) have released a final rule establishing “disincentives” (i.e., penalties) for health care providers that participate in certain Medicare payment programs who have engaged in information blocking, as determined by the HHS Office of Inspector General (“OIG”).

The rule continues to signal the federal government’s commitment to encouraging permitted access to and exchange of electronic health information. The rule summarizes elements of the June 2023 OIG final rule, which established penalties for information blocking for certified health IT developers, health information networks, and health information exchanges. The rule also details the procedures that OIG will follow when investigating potential health care provider information blocking claims. There is a wide range of health care providers subject to the rule including, hospitals, physicians, nursing facilities, group practices, pharmacies, and certain eligible professionals participating in Medicare and Medicaid programs, among others, and disincentives are not limited to HIPAA-regulated entities or to healthcare providers who use ONC-certified health IT.Continue Reading HHS Finalizes Rule on Health Care Provider Information Blocking Penalties