E-Health, Privacy, and Security Law, Third Edition, with 2017 Supplement

This treatise provides health law practitioners and digital health professionals with a full exploration of the legal, regulatory, transactional, and ethical issues at the nexus of health and information technology, including digital health, privacy, security, social media, HIPAA, HITECH, and more. It also includes guidance on maximizing technology to cut costs and improve marketing, all while staying compliant and avoiding penalties.



CLEAR INFORMATION on the full range of today’s digital health business and transactional law issues 

The new Third Edition includes updated chapters on the digital health industry and health information technology, as well as discussion of:

  • recent security breach settlements with HHS’s Office for Civil Rights (OCR) and the implications, as well as a new chapter on other cybersecurity developments in healthcare
  • how health information technologies will play a key role in the shift from fee-for-service medicine to payment for quality and cost-effectiveness;
  • the European Data Privacy Regime, including the Data Protection Directive, and key changes the General Data Protection Regulation (GDPR) will bring, such as mandatory breach reporting and significant fines.
  • OCR's Phase 2 HIPAA compliance audit program, evaluating compliance with privacy, security, and breach notification rules
  • the impact of patient-generated health data, including that originating with mobile and wearable devices;
  • the increasing use of telemedicine, both in the U.S. and globally, and the barriers to it;
  • HHS’s imposition of civil monetary penalties (CMP) under HIPAA, as well as new actions brought by state attorneys general under the HITECH Act; and
  • FDA warning letters related to social media promotion of pharmaceutical and dietary supplement products, and FDA final guidance detailing the regulatory scheme for mobile medical apps.
  • the Part 2 Regulations Proposed Rule from the Substance Abuse and Mental Health Services Administration (SAMHSA) of HHS on the exchange of substance use disorder information
  • the Stage 3 Final Rule under the American Recovery and Reinvestment Act (ARRA) specifying the requirements that eligible professionals and hospitals must meet to qualify for Medicare and Medicaid EHR incentive payments;
  • the FTC’s Health Breach Notification Rule (“HBNR”) and its applicability to PHR vendors, PHR-related entities, and third-party service providers

Supplement Information    

The 2017 Supplement discusses:

  • Telemedicine, with a brand new overview chapter covering issues such as modalities, reimbursement, and mobile applications
  • Multiple HIPAA enforcement resolution agreements arising from public OCR investigations of alleged security rule infractions
  • The new draft E-Privacy Regulation and other developments in the European data privacy regime
  • Ransomware, including OCR’s informal guidance on such attacks under the Breach Notification Rule
  • Updates on OCR’s Phase 2 HIPAA Audit Program, as well as active enforcement of the HIPAA Security and Privacy rules
  • Legal ethics issues, including attorneys as whistleblowers, use of biometric data, and artificial intelligence
  • The Part 2 Final Rule issued by HHS’s SAMHSA, updating regulations on substance abuse
  • The Federal Policy for the Protection of Human Subjects Final Rule and the new exemption for secondary research
  • The 21st Century Cures Act safe harbors from device regulation for certain categories of medical software



Bloomberg BNA authors and editors are practicing professionals with insider perspectives and real-life experience. Learn more about this book’s authors and editors.
W. Andrew H. Gantt III  is a partner at Venable LLP, Baltimore, MD, and Co-Chair of Venable's healthcare practice.


View full tables of contents and read the book’s preface or introduction.