Technology and Cybersecurity
- Overview
- Attorneys
- Insights
Garfunkel Wild’s Technology and Cybersecurity Practice Group provides our clients with practical legal advice to navigate the many business, operational, and regulatory issues that arise in complex technology transactions. On a daily basis, we help our clients procure, build, and maintain a strong technology foundation while navigating the challenges of the latest technologies. Our clients successfully navigate these challenges with our help to avoid failed implementations, maintain robust security programs, comply with applicable laws, and minimize contractual risks.
This Group’s work includes:
- Negotiation of a wide range of technology agreements such as: software licenses; hospital information systems and laboratory information systems; electronic health records; IT outsourcing; data sharing; data hosting and migration; e-commerce; and technology equipment acquisitions
- Litigation and dispute resolution relating to technology implementations, licensing, lost data, service degradation, and other matters
- Development of data security and privacy compliance plans and guidance on cybersecurity programs
- Compliance with federal and state laws relating to information technology products and services such as Promoting Interoperability, Price Transparency, No Surprise Billing, Information Blocking, and HIPAA
- Guidance for clients regarding the implementation of major technology projects including the review of RFPs, implementation work plans, statements of work, service level standards, and other critical operations
Artificial intelligence (AI) has the potential to significantly improve patient care, enhance revenue cycle performance and streamline business operations. While AI has the potential to transform both clinical and business operations in the health care industry, AI also poses new risks for its users in a rapidly changing regulatory landscape. Garfunkel Wild’s Technology and Cybersecurity Practice Group has extensive experience advising clients on the safe, compliant, and legal use of AI for clinical decision support, medical imaging analytics, billing and claims processing, and other workflow solutions. Garfunkel Wild constantly monitors business and regulatory developments in AI to help ensure your organization uses AI appropriately in the health care environment.
With over twenty years specializing in Technology and Cybersecurity Law, our team has negotiated virtually every type of technology contract and has successfully resolved a host of legal issues. This experience reduces costs while achieving the highest contractual protections for our clients. Our clients know that our experience helps them avoid reinventing the wheel because we have resolved similar issues before. When problems arise, our technology and litigation attorneys work together closely to identify and preserve our clients’ rights.
Last week, the U.S. Department of Justice (DOJ) and the U.S. Department of Health and Human Services (HHS) released its annual, jointly authored Health Care Fraud and Abuse Control Program Report (the Report) for Fiscal Year 2023.
The U.S. Department of Health and Human Services (HHS), Office of Inspector General (OIG) released its Semiannual Report (SAR) to Congress on December 4, 2024.
This week, the U.S. Department of Health and Human Services (“HHS”), Office of Inspector General (“OIG”) fulfilled its annual statutory obligation by releasing its 2024 Top Management and Performance Challenges Report (the “Report”). Historically, the Report has not attracted widespread interest in the provider community because it largely focuses on HHS operational challenges. Importantly for providers and other stakeholders, however, the Report reveals crucial insights about compliance priorities for the year ahead.
On October 12, 2024, the New York State Department of Health (“DOH”) published the final cybersecurity regulations for general hospitals (the “Regulations”), with some provisions effective immediately.
The cybersecurity attack on Change Healthcare (“Change”), a subsidiary of the UnitedHealth Group, has caused widespread disruption, impacting health care providers and individuals whose personal data was compromised. This breach has led to numerous class action lawsuits, divided into two main groups: providers affected by the claims processing shutdown and individuals whose data was leaked. In June 2024, approximately 50 lawsuits were centralized into a Multi-District Litigation (MDL) in federal court in Minnesota. On September 17, 2024, the first conference in the matter occurred. As the litigation progresses, motions to dismiss, potential mediation, and class certification are expected to shape the case.
On August 29, 2024, the Federal Department of Health and Human Services (“HHS”) withdrew its appeal of a federal court decision that invalidated certain aspects of HHS guidance regarding the use of tracking technologies (e.g., pixels that collect data on website usage to create directed marketing campaigns).
The U.S. Department of Health and Human Services (HHS), Office of Inspector General (OIG) released its revamped Semiannual Report (SAR) on June 3, 2024. The SAR’s new format focuses on the oversight work OIG completed during the reporting period, and emphasizes how this work directly addresses the Top Management Challenges Facing HHS.
Fraudsters use fake “Form 9710” to target businesses in an attempt to steal information, including the entity’s identity and/or the owners/officers’ identities. Newly formed entities, such as corporations, partnerships, and limited liability companies, in particular, are being targeted. New entities often receive fake Internal Revenue Service (IRS) mailings and solicitations, which are scams.
On Tuesday, April 23, 2024, the Federal Trade Commission (FTC) promulgated a final rule banning most non-compete agreements, in any industry, and is set to become effective 120 days after its publication in the Federal Register (the “Final Rule”).
On March 9, 2024, CMS announced it will make available Change Healthcare/Optum Payment Disruption accelerated payments to providers experiencing potentially significant cash-flow problems as a result of the cyberattack on UnitedHealth Group’s subsidiary Change Healthcare/Optum .
The United States Department of Health and Human Services (HHS), Office of Inspector General (OIG) recently posted a new educational resource on its website about Single Audits. HHS is the largest grant-making agency in the Federal government, and OIG’s new resource is designed to help key stakeholders understand the scope of Single Audits, as well as improve the overall quality of such audits.
Zachary Cohen and Philip Hammarberg discuss the Change Healthcare cyberattack and the steps that a medical provider can take to attempt to mitigate their risk from future cyberattacks.
The New York State Office of the Medicaid Inspector General (OMIG) released its 2024 work plan in furtherance of its mission to coordinate and conduct activities to prevent, detect and investigate medical assistance program fraud, waste and abuse, and to recover improperly expended Medicaid funds.
The U.S. Department of Health and Human Services, Office of Inspector General (OIG) posted a favorable Advisory Opinion (23-15) permitting a consulting company’s (Consultant) proposal to offer gift cards to its current physician practice customers for referring potential new physician practice customers to Consultant. Notably, OIG determined that the proposed arrangement did not implicate the Anti-Kickback Statute (AKS).
The U.S. Department of Health and Human Services, Office of Inspector General (OIG) posted a favorable Advisory Opinion (23-11) that allows a medical device manufacturer (Manufacturer) to subsidize Medicare cost-sharing obligations as part of a U.S. Food & Drug Administration (FDA)-approved clinical study involving a Category B Investigational Device Exemption.
Garfunkel Wild Health Care Information and Technology Practice Group's Podcast - "Ransomware Attack and Hospital Downtime Issues: Interview with an Impacted Physician"
Continuing its year-end reporting blitz, the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) released its Semiannual Report (SAR) to Congress on December 1, 2023.
As we have noted in a previous Garfunkel Wild alert, the Department of Health and Human Services (“DHHS”) Office of Civil Rights (‘OCR”) published guidance regarding the use of tracking technologies (i.e., technologies that collect and analyze information about how users interact with websites and mobile applications).
This week, the United States Department of Justice (DOJ) and the United States Department of Health and Human Services (HHS) fulfilled its annual statutory obligation by releasing its jointly-authored Health Care Fraud and Abuse Control Program (HCFAC) Report for Fiscal Year 2022.
In the last few months of 2023, there has been a flurry of legal activity pertaining to the use, disclosure, and protection of health information. Here is a summary of the latest legal initiatives impacting New York providers.
Garfunkel Wild's Terence Russo will present at the Healthcare Executives' Club, the New York Chapter of the HIMSS, and the Metropolitan New York Chapter of the HFMA's Collaborative Program where he will be a panelist during the program "Perspectives in Health Care Artificial Intelligence".
Join Garfunkel Wild's Zachary B. Cohen and Taras M. Czebiniak for an informative and eye-opening session that will delve into some of the most common compliance issues physicians must navigate in the digital age.
On November 6, 2023, the OIG released its General Compliance Program Guidance, the first in a series of new, non-binding reference guides designed to share information with health care compliance professionals and other health care industry stakeholders
The use of online tracking technologies has led to multi-million dollar lawsuits alleging that health systems are revealing private information, including personal health information, to third parties such as Google and Meta.
Garfunkel Wild's Health Care Information and Technology Practice Group's Podcast Series "Health Information Technology Podcast- Termination and Transition Periods".
The Department of Health and Human Services, Office of Civil Rights (“OCR”) has published a Bulletin which officially states that incorporating certain tracking technologies into websites and mobile applications may cause HIPAA violations that could result in breach notification obligations as well as penalties. This includes platforms and services provided by companies like Meta (formerly Facebook) and Google.
The United States Department of Health and Human Services (“HHS”), Office of Inspector General (“OIG”) recently issued an important final rule (the “Final Rule”) that makes significant changes to existing “Safe Harbors” under the Federal Anti-kickback Statue (“AKS”) and that adds new Safe Harbors that provide protection from AKS sanctions for certain types of arrangements.
Andrew E. Blustein will present at Medicus It Town Hall Webinar – Successfully Navigating the ‘New Normal’: What Ascs Need to Know on September 16, 2020.
Garfunkel Wild Partner/Director Debra A. Silverman and Partners Stacey L. Gulick and Sandra M. Jensen will present the webinar “Implementing and Expanding Telehealth to Address COVID-19” on March 19, 2020.
Garfunkel Wild Partner Kevin G. Donoghue will be joined by Doctor.com, Senior Director, Private & Group Practice Solutions Don Dougherty to present a complimentary pre-symposium webinar entitled “How Can You Expand and Protect Your Online Presence?,” Tuesday, September 24, 2019 from 12:00 PM – 1:00 PM EDT.
Garfunkel Wild Partner/Director Terence A. Russo will present at Thomson Reuters Long Island Emerging Tech Event on April 4, 2019.
Judith A. Eisen and Stacey L. Gulick present at the Gitenstein Institute For Health Law & Policy At Hofstra University School of Law – Thought Leadership in Action Speaker Series on April 4, 2019.
In response to cybersecurity risks facing health care entities, the Department of Health and Human Services (DHHS), posted on December 28, 2018, “Health Industry Cybersecurity Practices: Managing and Protecting Patients.”
Garfunkel Wild’s Technology and Cybersecurity Practice Group provides our clients with practical legal advice to navigate the many business, operational, and regulatory issues that arise in complex technology transactions. On a daily basis, we help our clients procure, build, and maintain a strong technology foundation while navigating the challenges of the latest technologies. Our clients successfully navigate these challenges with our help to avoid failed implementations, maintain robust security programs, comply with applicable laws, and minimize contractual risks.
This Group’s work includes:
- Negotiation of a wide range of technology agreements such as: software licenses; hospital information systems and laboratory information systems; electronic health records; IT outsourcing; data sharing; data hosting and migration; e-commerce; and technology equipment acquisitions
- Litigation and dispute resolution relating to technology implementations, licensing, lost data, service degradation, and other matters
- Development of data security and privacy compliance plans and guidance on cybersecurity programs
- Compliance with federal and state laws relating to information technology products and services such as Promoting Interoperability, Price Transparency, No Surprise Billing, Information Blocking, and HIPAA
- Guidance for clients regarding the implementation of major technology projects including the review of RFPs, implementation work plans, statements of work, service level standards, and other critical operations
Artificial intelligence (AI) has the potential to significantly improve patient care, enhance revenue cycle performance and streamline business operations. While AI has the potential to transform both clinical and business operations in the health care industry, AI also poses new risks for its users in a rapidly changing regulatory landscape. Garfunkel Wild’s Technology and Cybersecurity Practice Group has extensive experience advising clients on the safe, compliant, and legal use of AI for clinical decision support, medical imaging analytics, billing and claims processing, and other workflow solutions. Garfunkel Wild constantly monitors business and regulatory developments in AI to help ensure your organization uses AI appropriately in the health care environment.
With over twenty years specializing in Technology and Cybersecurity Law, our team has negotiated virtually every type of technology contract and has successfully resolved a host of legal issues. This experience reduces costs while achieving the highest contractual protections for our clients. Our clients know that our experience helps them avoid reinventing the wheel because we have resolved similar issues before. When problems arise, our technology and litigation attorneys work together closely to identify and preserve our clients’ rights.
Last week, the U.S. Department of Justice (DOJ) and the U.S. Department of Health and Human Services (HHS) released its annual, jointly authored Health Care Fraud and Abuse Control Program Report (the Report) for Fiscal Year 2023.
The U.S. Department of Health and Human Services (HHS), Office of Inspector General (OIG) released its Semiannual Report (SAR) to Congress on December 4, 2024.
This week, the U.S. Department of Health and Human Services (“HHS”), Office of Inspector General (“OIG”) fulfilled its annual statutory obligation by releasing its 2024 Top Management and Performance Challenges Report (the “Report”). Historically, the Report has not attracted widespread interest in the provider community because it largely focuses on HHS operational challenges. Importantly for providers and other stakeholders, however, the Report reveals crucial insights about compliance priorities for the year ahead.
On October 12, 2024, the New York State Department of Health (“DOH”) published the final cybersecurity regulations for general hospitals (the “Regulations”), with some provisions effective immediately.
The cybersecurity attack on Change Healthcare (“Change”), a subsidiary of the UnitedHealth Group, has caused widespread disruption, impacting health care providers and individuals whose personal data was compromised. This breach has led to numerous class action lawsuits, divided into two main groups: providers affected by the claims processing shutdown and individuals whose data was leaked. In June 2024, approximately 50 lawsuits were centralized into a Multi-District Litigation (MDL) in federal court in Minnesota. On September 17, 2024, the first conference in the matter occurred. As the litigation progresses, motions to dismiss, potential mediation, and class certification are expected to shape the case.
On August 29, 2024, the Federal Department of Health and Human Services (“HHS”) withdrew its appeal of a federal court decision that invalidated certain aspects of HHS guidance regarding the use of tracking technologies (e.g., pixels that collect data on website usage to create directed marketing campaigns).
The U.S. Department of Health and Human Services (HHS), Office of Inspector General (OIG) released its revamped Semiannual Report (SAR) on June 3, 2024. The SAR’s new format focuses on the oversight work OIG completed during the reporting period, and emphasizes how this work directly addresses the Top Management Challenges Facing HHS.
Fraudsters use fake “Form 9710” to target businesses in an attempt to steal information, including the entity’s identity and/or the owners/officers’ identities. Newly formed entities, such as corporations, partnerships, and limited liability companies, in particular, are being targeted. New entities often receive fake Internal Revenue Service (IRS) mailings and solicitations, which are scams.
On Tuesday, April 23, 2024, the Federal Trade Commission (FTC) promulgated a final rule banning most non-compete agreements, in any industry, and is set to become effective 120 days after its publication in the Federal Register (the “Final Rule”).
On March 9, 2024, CMS announced it will make available Change Healthcare/Optum Payment Disruption accelerated payments to providers experiencing potentially significant cash-flow problems as a result of the cyberattack on UnitedHealth Group’s subsidiary Change Healthcare/Optum .
The United States Department of Health and Human Services (HHS), Office of Inspector General (OIG) recently posted a new educational resource on its website about Single Audits. HHS is the largest grant-making agency in the Federal government, and OIG’s new resource is designed to help key stakeholders understand the scope of Single Audits, as well as improve the overall quality of such audits.
Zachary Cohen and Philip Hammarberg discuss the Change Healthcare cyberattack and the steps that a medical provider can take to attempt to mitigate their risk from future cyberattacks.
The New York State Office of the Medicaid Inspector General (OMIG) released its 2024 work plan in furtherance of its mission to coordinate and conduct activities to prevent, detect and investigate medical assistance program fraud, waste and abuse, and to recover improperly expended Medicaid funds.
The U.S. Department of Health and Human Services, Office of Inspector General (OIG) posted a favorable Advisory Opinion (23-15) permitting a consulting company’s (Consultant) proposal to offer gift cards to its current physician practice customers for referring potential new physician practice customers to Consultant. Notably, OIG determined that the proposed arrangement did not implicate the Anti-Kickback Statute (AKS).
The U.S. Department of Health and Human Services, Office of Inspector General (OIG) posted a favorable Advisory Opinion (23-11) that allows a medical device manufacturer (Manufacturer) to subsidize Medicare cost-sharing obligations as part of a U.S. Food & Drug Administration (FDA)-approved clinical study involving a Category B Investigational Device Exemption.
Garfunkel Wild Health Care Information and Technology Practice Group's Podcast - "Ransomware Attack and Hospital Downtime Issues: Interview with an Impacted Physician"
Continuing its year-end reporting blitz, the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) released its Semiannual Report (SAR) to Congress on December 1, 2023.
As we have noted in a previous Garfunkel Wild alert, the Department of Health and Human Services (“DHHS”) Office of Civil Rights (‘OCR”) published guidance regarding the use of tracking technologies (i.e., technologies that collect and analyze information about how users interact with websites and mobile applications).
This week, the United States Department of Justice (DOJ) and the United States Department of Health and Human Services (HHS) fulfilled its annual statutory obligation by releasing its jointly-authored Health Care Fraud and Abuse Control Program (HCFAC) Report for Fiscal Year 2022.
In the last few months of 2023, there has been a flurry of legal activity pertaining to the use, disclosure, and protection of health information. Here is a summary of the latest legal initiatives impacting New York providers.
Garfunkel Wild's Terence Russo will present at the Healthcare Executives' Club, the New York Chapter of the HIMSS, and the Metropolitan New York Chapter of the HFMA's Collaborative Program where he will be a panelist during the program "Perspectives in Health Care Artificial Intelligence".
Join Garfunkel Wild's Zachary B. Cohen and Taras M. Czebiniak for an informative and eye-opening session that will delve into some of the most common compliance issues physicians must navigate in the digital age.
On November 6, 2023, the OIG released its General Compliance Program Guidance, the first in a series of new, non-binding reference guides designed to share information with health care compliance professionals and other health care industry stakeholders
The use of online tracking technologies has led to multi-million dollar lawsuits alleging that health systems are revealing private information, including personal health information, to third parties such as Google and Meta.
Garfunkel Wild's Health Care Information and Technology Practice Group's Podcast Series "Health Information Technology Podcast- Termination and Transition Periods".
The Department of Health and Human Services, Office of Civil Rights (“OCR”) has published a Bulletin which officially states that incorporating certain tracking technologies into websites and mobile applications may cause HIPAA violations that could result in breach notification obligations as well as penalties. This includes platforms and services provided by companies like Meta (formerly Facebook) and Google.
The United States Department of Health and Human Services (“HHS”), Office of Inspector General (“OIG”) recently issued an important final rule (the “Final Rule”) that makes significant changes to existing “Safe Harbors” under the Federal Anti-kickback Statue (“AKS”) and that adds new Safe Harbors that provide protection from AKS sanctions for certain types of arrangements.
Andrew E. Blustein will present at Medicus It Town Hall Webinar – Successfully Navigating the ‘New Normal’: What Ascs Need to Know on September 16, 2020.
Garfunkel Wild Partner/Director Debra A. Silverman and Partners Stacey L. Gulick and Sandra M. Jensen will present the webinar “Implementing and Expanding Telehealth to Address COVID-19” on March 19, 2020.
Garfunkel Wild Partner Kevin G. Donoghue will be joined by Doctor.com, Senior Director, Private & Group Practice Solutions Don Dougherty to present a complimentary pre-symposium webinar entitled “How Can You Expand and Protect Your Online Presence?,” Tuesday, September 24, 2019 from 12:00 PM – 1:00 PM EDT.
Garfunkel Wild Partner/Director Terence A. Russo will present at Thomson Reuters Long Island Emerging Tech Event on April 4, 2019.
Judith A. Eisen and Stacey L. Gulick present at the Gitenstein Institute For Health Law & Policy At Hofstra University School of Law – Thought Leadership in Action Speaker Series on April 4, 2019.
In response to cybersecurity risks facing health care entities, the Department of Health and Human Services (DHHS), posted on December 28, 2018, “Health Industry Cybersecurity Practices: Managing and Protecting Patients.”