Terence A. Russo
Partner/Director
516-393-2271
Technology and Cybersecurity
- Overview
- Attorneys
- Insights
Garfunkel Wild’s Technology and Cybersecurity Practice Group provides our clients with practical legal advice to navigate the many business, operational, and regulatory issues that arise in complex technology transactions. On a daily basis, our digital health law attorneys help our clients procure, build, and maintain a strong technology foundation while navigating the challenges of the latest technologies. Our clients successfully navigate these challenges with our help to avoid failed implementations, maintain robust security programs, comply with applicable laws, and minimize contractual risks.
This Group’s work includes:
- Negotiation of a wide range of technology agreements such as: software licenses; hospital information systems and laboratory information systems; electronic health records; IT outsourcing; data sharing; data hosting and migration; e-commerce; and technology equipment acquisitions
- Litigation and dispute resolution relating to technology implementations, licensing, lost data, service degradation, and other matters
- Development of data security and privacy compliance plans and guidance on cybersecurity programs
- Compliance with federal and state laws relating to information technology products and services such as Promoting Interoperability, Price Transparency, No Surprise Billing, Information Blocking, and HIPAA
- Guidance for clients regarding the implementation of major technology projects including the review of RFPs, implementation work plans, statements of work, service level standards, and other critical operations
Artificial intelligence (AI) has the potential to significantly improve patient care, enhance revenue cycle performance and streamline business operations. While AI has the potential to transform both clinical and business operations in the health care industry, AI also poses new risks for its users in a rapidly changing regulatory landscape. Garfunkel Wild’s Technology and Cybersecurity Practice Group has extensive experience advising clients on the safe, compliant, and legal use of AI for clinical decision support, medical imaging analytics, billing and claims processing, and other workflow solutions. Garfunkel Wild’s digital health law lawyers constantly monitors business and regulatory developments in AI to help ensure your organization uses AI appropriately in the health care environment.
With over twenty years specializing in Technology and Cybersecurity Law, our team has negotiated virtually every type of technology contract and has successfully resolved a host of legal issues. This experience reduces costs while achieving the highest contractual protections for our clients. Our clients know that our experience helps them avoid reinventing the wheel because we have resolved similar issues before. When problems arise, our technology and litigation attorneys work together closely to identify and preserve our clients’ rights.
Practice Group Contacts
Team
New DOJ Report: Providers Beware
Last week, the U.S. Department of Justice (DOJ) and the U.S. Department of Health and Human Services (HHS) released its annual, jointly authored Health Care Fraud and Abuse Control Program Report (the Report) for Fiscal Year 2023.
New OIG Priorities Emerge in Report
The U.S. Department of Health and Human Services (HHS), Office of Inspector General (OIG) released its Semiannual Report (SAR) to Congress on December 4, 2024.
OIG Highlights New Concerns
This week, the U.S. Department of Health and Human Services (“HHS”), Office of Inspector General (“OIG”) fulfilled its annual statutory obligation by releasing its 2024 Top Management and Performance Challenges Report (the “Report”). Historically, the Report has not attracted widespread interest in the provider community because it largely focuses on HHS operational challenges. Importantly for providers and other stakeholders, however, the Report reveals crucial insights about compliance priorities for the year ahead.
New York Hospital Cybersecurity Regulations Announced
On October 12, 2024, the New York State Department of Health (“DOH”) published the final cybersecurity regulations for general hospitals (the “Regulations”), with some provisions effective immediately.
Update on Change Healthcare Class Action Litigation
The cybersecurity attack on Change Healthcare (“Change”), a subsidiary of the UnitedHealth Group, has caused widespread disruption, impacting health care providers and individuals whose personal data was compromised. This breach has led to numerous class action lawsuits, divided into two main groups: providers affected by the claims processing shutdown and individuals whose data was leaked. In June 2024, approximately 50 lawsuits were centralized into a Multi-District Litigation (MDL) in federal court in Minnesota. On September 17, 2024, the first conference in the matter occurred. As the litigation progresses, motions to dismiss, potential mediation, and class certification are expected to shape the case.
HHS Withdraws Its Appeal of Tracking Technologies Decision
On August 29, 2024, the Federal Department of Health and Human Services (“HHS”) withdrew its appeal of a federal court decision that invalidated certain aspects of HHS guidance regarding the use of tracking technologies (e.g., pixels that collect data on website usage to create directed marketing campaigns).
OIG Report Highlights Enforcement Priorities
The U.S. Department of Health and Human Services (HHS), Office of Inspector General (OIG) released its revamped Semiannual Report (SAR) on June 3, 2024. The SAR’s new format focuses on the oversight work OIG completed during the reporting period, and emphasizes how this work directly addresses the Top Management Challenges Facing HHS.
Scam Alert: Fake IRS Form 9710 Targeting Businesses
Fraudsters use fake “Form 9710” to target businesses in an attempt to steal information, including the entity’s identity and/or the owners/officers’ identities. Newly formed entities, such as corporations, partnerships, and limited liability companies, in particular, are being targeted. New entities often receive fake Internal Revenue Service (IRS) mailings and solicitations, which are scams.
FTC Bans Non-Competes Across the Nation
On Tuesday, April 23, 2024, the Federal Trade Commission (FTC) promulgated a final rule banning most non-compete agreements, in any industry, and is set to become effective 120 days after its publication in the Federal Register (the “Final Rule”).
CMS Announces Payment Program for Providers Impacted by Change Healthcare Cyberattack
On March 9, 2024, CMS announced it will make available Change Healthcare/Optum Payment Disruption accelerated payments to providers experiencing potentially significant cash-flow problems as a result of the cyberattack on UnitedHealth Group’s subsidiary Change Healthcare/Optum .
OIG Issues New Resource for Single Audits
The United States Department of Health and Human Services (HHS), Office of Inspector General (OIG) recently posted a new educational resource on its website about Single Audits. HHS is the largest grant-making agency in the Federal government, and OIG’s new resource is designed to help key stakeholders understand the scope of Single Audits, as well as improve the overall quality of such audits.
Health Care Information and Technology Podcast – Change Healthcare Cyberattack: Avoid, Safeguard, and Mitigate
Zachary Cohen and Philip Hammarberg discuss the Change Healthcare cyberattack and the steps that a medical provider can take to attempt to mitigate their risk from future cyberattacks.
OMIG’s 2024 Work Plan Gives Critical Insights into Program Integrity Initiatives
The New York State Office of the Medicaid Inspector General (OMIG) released its 2024 work plan in furtherance of its mission to coordinate and conduct activities to prevent, detect and investigate medical assistance program fraud, waste and abuse, and to recover improperly expended Medicaid funds.
OIG Approves Use of Gift Cards for Referrals in Certification-Heavy Advisory Opinion
The U.S. Department of Health and Human Services, Office of Inspector General (OIG) posted a favorable Advisory Opinion (23-15) permitting a consulting company’s (Consultant) proposal to offer gift cards to its current physician practice customers for referring potential new physician practice customers to Consultant. Notably, OIG determined that the proposed arrangement did not implicate the Anti-Kickback Statute (AKS).
Favorable OIG Advisory Opinion Allows Subsidies for FDA-Approved Clinical Studies
The U.S. Department of Health and Human Services, Office of Inspector General (OIG) posted a favorable Advisory Opinion (23-11) that allows a medical device manufacturer (Manufacturer) to subsidize Medicare cost-sharing obligations as part of a U.S. Food & Drug Administration (FDA)-approved clinical study involving a Category B Investigational Device Exemption.
Health Care Information and Technology Podcast – Ransomware Attack and Hospital Downtime Issues: Interview with an Impacted Physician
Garfunkel Wild Health Care Information and Technology Practice Group's Podcast - "Ransomware Attack and Hospital Downtime Issues: Interview with an Impacted Physician"
More Provider “Nuggets” From OIG’s Year-End Reporting Blitz
Continuing its year-end reporting blitz, the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) released its Semiannual Report (SAR) to Congress on December 1, 2023.
Updates on Tracking Technologies and Information Blocking
As we have noted in a previous Garfunkel Wild alert, the Department of Health and Human Services (“DHHS”) Office of Civil Rights (‘OCR”) published guidance regarding the use of tracking technologies (i.e., technologies that collect and analyze information about how users interact with websites and mobile applications).
DOJ/HHS Jointly Release “Highlight Reel” Report
This week, the United States Department of Justice (DOJ) and the United States Department of Health and Human Services (HHS) fulfilled its annual statutory obligation by releasing its jointly-authored Health Care Fraud and Abuse Control Program (HCFAC) Report for Fiscal Year 2022.
Flurry of Activity Around Patient Information Impacting New York Providers
In the last few months of 2023, there has been a flurry of legal activity pertaining to the use, disclosure, and protection of health information. Here is a summary of the latest legal initiatives impacting New York providers.
Perspectives in Health Care Artificial Intelligence
Garfunkel Wild's Terence Russo will present at the Healthcare Executives' Club, the New York Chapter of the HIMSS, and the Metropolitan New York Chapter of the HFMA's Collaborative Program where he will be a panelist during the program "Perspectives in Health Care Artificial Intelligence".
FCMA and HCMA Webinar – Website and Online Pitfalls: A Prescription for Physicians and Other Heathcare Providers
Join Garfunkel Wild's Zachary B. Cohen and Taras M. Czebiniak for an informative and eye-opening session that will delve into some of the most common compliance issues physicians must navigate in the digital age.
OIG Releases New General Compliance Program Reference Guide
On November 6, 2023, the OIG released its General Compliance Program Guidance, the first in a series of new, non-binding reference guides designed to share information with health care compliance professionals and other health care industry stakeholders
Health Care Providers May Spend Millions Settling Private Pixel Tracking Lawsuits
The use of online tracking technologies has led to multi-million dollar lawsuits alleging that health systems are revealing private information, including personal health information, to third parties such as Google and Meta.
Health Information Technology Podcast – Termination and Transition Periods
Garfunkel Wild's Health Care Information and Technology Practice Group's Podcast Series "Health Information Technology Podcast- Termination and Transition Periods".
Online Tracking Technologies Can Lead to HIPAA Violations
The Department of Health and Human Services, Office of Civil Rights (“OCR”) has published a Bulletin which officially states that incorporating certain tracking technologies into websites and mobile applications may cause HIPAA violations that could result in breach notification obligations as well as penalties. This includes platforms and services provided by companies like Meta (formerly Facebook) and Google.
OIG Issues Important New And Revised Safe Harbors
The United States Department of Health and Human Services (“HHS”), Office of Inspector General (“OIG”) recently issued an important final rule (the “Final Rule”) that makes significant changes to existing “Safe Harbors” under the Federal Anti-kickback Statue (“AKS”) and that adds new Safe Harbors that provide protection from AKS sanctions for certain types of arrangements.
Medicus IT Town Hall Webinar – Successfully Navigating the ‘New Normal’: What ASCs Need to Know
Andrew E. Blustein will present at Medicus It Town Hall Webinar – Successfully Navigating the ‘New Normal’: What Ascs Need to Know on September 16, 2020.
Garfunkel Wild Webinar – Implementing and Expanding Telehealth to Address COVID-19
Garfunkel Wild Partner/Director Debra A. Silverman and Partners Stacey L. Gulick and Sandra M. Jensen will present the webinar “Implementing and Expanding Telehealth to Address COVID-19” on March 19, 2020.
2019 ASC And Healthcare Management Complimentary Pre-Symposium Webinar: How Can You Expand And Protect Your Online Presence?
Garfunkel Wild Partner Kevin G. Donoghue will be joined by Doctor.com, Senior Director, Private & Group Practice Solutions Don Dougherty to present a complimentary pre-symposium webinar entitled “How Can You Expand and Protect Your Online Presence?,” Tuesday, September 24, 2019 from 12:00 PM – 1:00 PM EDT.
Thomson Reuters Long Island Tech Event
Garfunkel Wild Partner/Director Terence A. Russo will present at Thomson Reuters Long Island Emerging Tech Event on April 4, 2019.
The Gitenstein Institute for Health Law & Policy at Hofstra University School of Law – Thought Leadership In Action Speaker Series
Judith A. Eisen and Stacey L. Gulick present at the Gitenstein Institute For Health Law & Policy At Hofstra University School of Law – Thought Leadership in Action Speaker Series on April 4, 2019.
DHHS Releases Voluntary Cybersecurity Practices for the Health Industry
In response to cybersecurity risks facing health care entities, the Department of Health and Human Services (DHHS), posted on December 28, 2018, “Health Industry Cybersecurity Practices: Managing and Protecting Patients.”
Garfunkel Wild’s Technology and Cybersecurity Practice Group provides our clients with practical legal advice to navigate the many business, operational, and regulatory issues that arise in complex technology transactions. On a daily basis, our digital health law attorneys help our clients procure, build, and maintain a strong technology foundation while navigating the challenges of the latest technologies. Our clients successfully navigate these challenges with our help to avoid failed implementations, maintain robust security programs, comply with applicable laws, and minimize contractual risks.
This Group’s work includes:
- Negotiation of a wide range of technology agreements such as: software licenses; hospital information systems and laboratory information systems; electronic health records; IT outsourcing; data sharing; data hosting and migration; e-commerce; and technology equipment acquisitions
- Litigation and dispute resolution relating to technology implementations, licensing, lost data, service degradation, and other matters
- Development of data security and privacy compliance plans and guidance on cybersecurity programs
- Compliance with federal and state laws relating to information technology products and services such as Promoting Interoperability, Price Transparency, No Surprise Billing, Information Blocking, and HIPAA
- Guidance for clients regarding the implementation of major technology projects including the review of RFPs, implementation work plans, statements of work, service level standards, and other critical operations
Artificial intelligence (AI) has the potential to significantly improve patient care, enhance revenue cycle performance and streamline business operations. While AI has the potential to transform both clinical and business operations in the health care industry, AI also poses new risks for its users in a rapidly changing regulatory landscape. Garfunkel Wild’s Technology and Cybersecurity Practice Group has extensive experience advising clients on the safe, compliant, and legal use of AI for clinical decision support, medical imaging analytics, billing and claims processing, and other workflow solutions. Garfunkel Wild’s digital health law lawyers constantly monitors business and regulatory developments in AI to help ensure your organization uses AI appropriately in the health care environment.
With over twenty years specializing in Technology and Cybersecurity Law, our team has negotiated virtually every type of technology contract and has successfully resolved a host of legal issues. This experience reduces costs while achieving the highest contractual protections for our clients. Our clients know that our experience helps them avoid reinventing the wheel because we have resolved similar issues before. When problems arise, our technology and litigation attorneys work together closely to identify and preserve our clients’ rights.
Practice Group Contacts
Team
New DOJ Report: Providers Beware
Last week, the U.S. Department of Justice (DOJ) and the U.S. Department of Health and Human Services (HHS) released its annual, jointly authored Health Care Fraud and Abuse Control Program Report (the Report) for Fiscal Year 2023.
New OIG Priorities Emerge in Report
The U.S. Department of Health and Human Services (HHS), Office of Inspector General (OIG) released its Semiannual Report (SAR) to Congress on December 4, 2024.
OIG Highlights New Concerns
This week, the U.S. Department of Health and Human Services (“HHS”), Office of Inspector General (“OIG”) fulfilled its annual statutory obligation by releasing its 2024 Top Management and Performance Challenges Report (the “Report”). Historically, the Report has not attracted widespread interest in the provider community because it largely focuses on HHS operational challenges. Importantly for providers and other stakeholders, however, the Report reveals crucial insights about compliance priorities for the year ahead.
New York Hospital Cybersecurity Regulations Announced
On October 12, 2024, the New York State Department of Health (“DOH”) published the final cybersecurity regulations for general hospitals (the “Regulations”), with some provisions effective immediately.
Update on Change Healthcare Class Action Litigation
The cybersecurity attack on Change Healthcare (“Change”), a subsidiary of the UnitedHealth Group, has caused widespread disruption, impacting health care providers and individuals whose personal data was compromised. This breach has led to numerous class action lawsuits, divided into two main groups: providers affected by the claims processing shutdown and individuals whose data was leaked. In June 2024, approximately 50 lawsuits were centralized into a Multi-District Litigation (MDL) in federal court in Minnesota. On September 17, 2024, the first conference in the matter occurred. As the litigation progresses, motions to dismiss, potential mediation, and class certification are expected to shape the case.
HHS Withdraws Its Appeal of Tracking Technologies Decision
On August 29, 2024, the Federal Department of Health and Human Services (“HHS”) withdrew its appeal of a federal court decision that invalidated certain aspects of HHS guidance regarding the use of tracking technologies (e.g., pixels that collect data on website usage to create directed marketing campaigns).
OIG Report Highlights Enforcement Priorities
The U.S. Department of Health and Human Services (HHS), Office of Inspector General (OIG) released its revamped Semiannual Report (SAR) on June 3, 2024. The SAR’s new format focuses on the oversight work OIG completed during the reporting period, and emphasizes how this work directly addresses the Top Management Challenges Facing HHS.
Scam Alert: Fake IRS Form 9710 Targeting Businesses
Fraudsters use fake “Form 9710” to target businesses in an attempt to steal information, including the entity’s identity and/or the owners/officers’ identities. Newly formed entities, such as corporations, partnerships, and limited liability companies, in particular, are being targeted. New entities often receive fake Internal Revenue Service (IRS) mailings and solicitations, which are scams.
FTC Bans Non-Competes Across the Nation
On Tuesday, April 23, 2024, the Federal Trade Commission (FTC) promulgated a final rule banning most non-compete agreements, in any industry, and is set to become effective 120 days after its publication in the Federal Register (the “Final Rule”).
CMS Announces Payment Program for Providers Impacted by Change Healthcare Cyberattack
On March 9, 2024, CMS announced it will make available Change Healthcare/Optum Payment Disruption accelerated payments to providers experiencing potentially significant cash-flow problems as a result of the cyberattack on UnitedHealth Group’s subsidiary Change Healthcare/Optum .
OIG Issues New Resource for Single Audits
The United States Department of Health and Human Services (HHS), Office of Inspector General (OIG) recently posted a new educational resource on its website about Single Audits. HHS is the largest grant-making agency in the Federal government, and OIG’s new resource is designed to help key stakeholders understand the scope of Single Audits, as well as improve the overall quality of such audits.
Health Care Information and Technology Podcast – Change Healthcare Cyberattack: Avoid, Safeguard, and Mitigate
Zachary Cohen and Philip Hammarberg discuss the Change Healthcare cyberattack and the steps that a medical provider can take to attempt to mitigate their risk from future cyberattacks.
OMIG’s 2024 Work Plan Gives Critical Insights into Program Integrity Initiatives
The New York State Office of the Medicaid Inspector General (OMIG) released its 2024 work plan in furtherance of its mission to coordinate and conduct activities to prevent, detect and investigate medical assistance program fraud, waste and abuse, and to recover improperly expended Medicaid funds.
OIG Approves Use of Gift Cards for Referrals in Certification-Heavy Advisory Opinion
The U.S. Department of Health and Human Services, Office of Inspector General (OIG) posted a favorable Advisory Opinion (23-15) permitting a consulting company’s (Consultant) proposal to offer gift cards to its current physician practice customers for referring potential new physician practice customers to Consultant. Notably, OIG determined that the proposed arrangement did not implicate the Anti-Kickback Statute (AKS).
Favorable OIG Advisory Opinion Allows Subsidies for FDA-Approved Clinical Studies
The U.S. Department of Health and Human Services, Office of Inspector General (OIG) posted a favorable Advisory Opinion (23-11) that allows a medical device manufacturer (Manufacturer) to subsidize Medicare cost-sharing obligations as part of a U.S. Food & Drug Administration (FDA)-approved clinical study involving a Category B Investigational Device Exemption.
Health Care Information and Technology Podcast – Ransomware Attack and Hospital Downtime Issues: Interview with an Impacted Physician
Garfunkel Wild Health Care Information and Technology Practice Group's Podcast - "Ransomware Attack and Hospital Downtime Issues: Interview with an Impacted Physician"
More Provider “Nuggets” From OIG’s Year-End Reporting Blitz
Continuing its year-end reporting blitz, the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) released its Semiannual Report (SAR) to Congress on December 1, 2023.
Updates on Tracking Technologies and Information Blocking
As we have noted in a previous Garfunkel Wild alert, the Department of Health and Human Services (“DHHS”) Office of Civil Rights (‘OCR”) published guidance regarding the use of tracking technologies (i.e., technologies that collect and analyze information about how users interact with websites and mobile applications).
DOJ/HHS Jointly Release “Highlight Reel” Report
This week, the United States Department of Justice (DOJ) and the United States Department of Health and Human Services (HHS) fulfilled its annual statutory obligation by releasing its jointly-authored Health Care Fraud and Abuse Control Program (HCFAC) Report for Fiscal Year 2022.
Flurry of Activity Around Patient Information Impacting New York Providers
In the last few months of 2023, there has been a flurry of legal activity pertaining to the use, disclosure, and protection of health information. Here is a summary of the latest legal initiatives impacting New York providers.
Perspectives in Health Care Artificial Intelligence
Garfunkel Wild's Terence Russo will present at the Healthcare Executives' Club, the New York Chapter of the HIMSS, and the Metropolitan New York Chapter of the HFMA's Collaborative Program where he will be a panelist during the program "Perspectives in Health Care Artificial Intelligence".
FCMA and HCMA Webinar – Website and Online Pitfalls: A Prescription for Physicians and Other Heathcare Providers
Join Garfunkel Wild's Zachary B. Cohen and Taras M. Czebiniak for an informative and eye-opening session that will delve into some of the most common compliance issues physicians must navigate in the digital age.
OIG Releases New General Compliance Program Reference Guide
On November 6, 2023, the OIG released its General Compliance Program Guidance, the first in a series of new, non-binding reference guides designed to share information with health care compliance professionals and other health care industry stakeholders
Health Care Providers May Spend Millions Settling Private Pixel Tracking Lawsuits
The use of online tracking technologies has led to multi-million dollar lawsuits alleging that health systems are revealing private information, including personal health information, to third parties such as Google and Meta.
Health Information Technology Podcast – Termination and Transition Periods
Garfunkel Wild's Health Care Information and Technology Practice Group's Podcast Series "Health Information Technology Podcast- Termination and Transition Periods".
Online Tracking Technologies Can Lead to HIPAA Violations
The Department of Health and Human Services, Office of Civil Rights (“OCR”) has published a Bulletin which officially states that incorporating certain tracking technologies into websites and mobile applications may cause HIPAA violations that could result in breach notification obligations as well as penalties. This includes platforms and services provided by companies like Meta (formerly Facebook) and Google.
OIG Issues Important New And Revised Safe Harbors
The United States Department of Health and Human Services (“HHS”), Office of Inspector General (“OIG”) recently issued an important final rule (the “Final Rule”) that makes significant changes to existing “Safe Harbors” under the Federal Anti-kickback Statue (“AKS”) and that adds new Safe Harbors that provide protection from AKS sanctions for certain types of arrangements.
Medicus IT Town Hall Webinar – Successfully Navigating the ‘New Normal’: What ASCs Need to Know
Andrew E. Blustein will present at Medicus It Town Hall Webinar – Successfully Navigating the ‘New Normal’: What Ascs Need to Know on September 16, 2020.
Garfunkel Wild Webinar – Implementing and Expanding Telehealth to Address COVID-19
Garfunkel Wild Partner/Director Debra A. Silverman and Partners Stacey L. Gulick and Sandra M. Jensen will present the webinar “Implementing and Expanding Telehealth to Address COVID-19” on March 19, 2020.
2019 ASC And Healthcare Management Complimentary Pre-Symposium Webinar: How Can You Expand And Protect Your Online Presence?
Garfunkel Wild Partner Kevin G. Donoghue will be joined by Doctor.com, Senior Director, Private & Group Practice Solutions Don Dougherty to present a complimentary pre-symposium webinar entitled “How Can You Expand and Protect Your Online Presence?,” Tuesday, September 24, 2019 from 12:00 PM – 1:00 PM EDT.
Thomson Reuters Long Island Tech Event
Garfunkel Wild Partner/Director Terence A. Russo will present at Thomson Reuters Long Island Emerging Tech Event on April 4, 2019.
The Gitenstein Institute for Health Law & Policy at Hofstra University School of Law – Thought Leadership In Action Speaker Series
Judith A. Eisen and Stacey L. Gulick present at the Gitenstein Institute For Health Law & Policy At Hofstra University School of Law – Thought Leadership in Action Speaker Series on April 4, 2019.
DHHS Releases Voluntary Cybersecurity Practices for the Health Industry
In response to cybersecurity risks facing health care entities, the Department of Health and Human Services (DHHS), posted on December 28, 2018, “Health Industry Cybersecurity Practices: Managing and Protecting Patients.”