What do ransomware, Yelp, and website tracking technologies all have in common? They are troubling areas of concern for HIPAA covered entities and business associates, according to one official from the federal Office for...more
The healthcare sector is a prime target for data breaches. According to a summary by the HIPAA Journal, 32% of all data breaches between 2015 and 2022 were in the healthcare sector, “almost double the number recorded in the...more
Recently, things may have sped up a little in your doctor’s office. The notes for your recent visit may have been organized and filed a little more quickly. You might have received assistance sooner than expected with a...more
The Department of Health and Human Services and the Federal Trade Commission have sent a joint letter to approximately 130 hospital systems and telehealth providers to emphasize the risks and concerns about the use of...more
7/21/2023
/ Data Privacy ,
Department of Health and Human Services (HHS) ,
Facebook ,
Federal Trade Commission (FTC) ,
Google ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
OCR ,
PHI ,
Technology ,
Telehealth ,
Web Tracking
On June 26, 2023, the Governor of Connecticut signed Senate Bill (SB) 3 which set forth new requirements related to consumer health data and protections for minors online.
As Connecticut’s comprehensive consumer privacy...more
On June 18, 2023, Texas’ Governor signed House Bill (HB) 4 which enacts the Texas Data Privacy and Security Act. Texas joins California, Colorado, Connecticut, Indiana, Iowa, Montana, Tennessee, Utah, and Virginia in enacting...more
On June 16, 2023, Nevada’s Governor signed Senate Bill (SB) 370, which enacts certain protections for consumer health data.
The law is similar to Washington’s My Health, My Data Act, which was passed in April. The Future...more
It is not the first time we have written about complaints, OCR settlements, and even jail time following snooping by hospital employees into patient records. For example, as COVID raged, an investigation showed that for...more
Unhappy consumers, including patients, are free to express dissatisfaction with services they receive from providers on popular social media or online review platforms, such as Yelp and Google. At least in the healthcare...more
6/6/2023
/ Corrective Action Plans (CAPs) ,
Department of Health and Human Services (HHS) ,
Google ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mental Health ,
New Jersey ,
OCR ,
Online Reviews ,
PHI ,
Yelp
On May 19, 2023, Montana’s Governor signed Senate Bill 384, the Consumer Data Privacy Act. Montana joins California, Colorado, Connecticut, Indiana, Iowa, Tennessee, Utah, and Virginia in enacting a comprehensive consumer...more
On May 11, 2023, Tennessee’s Governor signed Senate Bill 0073, the Tennessee Information Protection Act, making the state the eighth state to pass consumer privacy legislation. Tennessee joins California, Colorado,...more
5/12/2023
/ California Consumer Privacy Act (CCPA) ,
Consumer Protection Laws ,
COPPA ,
Data Controller ,
Data Processors ,
FERPA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
NIST ,
Personal Information ,
State Privacy Laws ,
Tennessee
We have written several times about U.S. Department of Health and Human Services Office for Civil Rights’ “HIPAA Right of Access Initiative.” In its most recent enforcement action under the Initiative, the 44th such...more
Health data privacy, including in the context of reproductive health, was strengthened last week when Washington Governor Jay Inslee signed the “My Health, My Data Act” on April 27, 2023.
Set to take effect on March 31,...more
Since the privacy and security regulations were issued under the federal Health Insurance Portability and Accountability Act (HIPAA), critics pointed to the limitations on the reach of those rules. A critical limitation...more
Websites play a vital role for organizations. They facilitate communication with consumers, constituents, patients, employees, donors, and the general public. They project an organization’s image and promote goodwill, provide...more
4/6/2023
/ Americans with Disabilities Act (ADA) ,
Artificial Intelligence ,
California Consumer Privacy Act (CCPA) ,
Consolidated Appropriations Act (CAA) ,
COPPA ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
State Privacy Laws ,
Title III ,
Website Accessibility ,
Websites
The Federal Trade Commission (FTC) recently took enforcement action against digital healthcare companies for sharing user information vie third-party tracking pixels, which enable the collection of user data....more
To celebrate Data Privacy Day, we present our top ten data privacy and cybersecurity predictions for 2023.
1. Healthcare and Medical Data Security and Tracking-
The healthcare industry has been facing increased scrutiny...more
1/27/2023
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California Privacy Protection Agency (CPPA) ,
California Privacy Rights Act (CPRA) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Employee Monitoring ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Popular ,
State Privacy Laws
Much is being written about “remote work” – is it productive, will demand for it continue or be curtailed in a recession, is cybersecurity compromised, does it inhibit workplace culture, collaboration, etc. Lots of questions,...more
1/17/2023
/ Artificial Intelligence ,
Coronavirus/COVID-19 ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Information and Communication Technology (ICT) ,
Mobile Health Apps ,
Popular ,
Remote Working ,
Risk Assessment ,
Robotics ,
Telehealth
It usually happens after a reported data breach. The organization experiencing the breach sends notifications to affected individuals, as well as federal and or state agencies where appropriate and perhaps other parties. Not...more
Last month, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a bulletin with guidance concerning the use of online tracking technologies by covered entities and business associates...more
We have been quite busy this October, which happens to be National Cybersecurity Awareness Month. But, we did not want to let the month go by without some recognition; and we are grateful to the HHS Office for Civil Rights...more
California passed Assembly Bill (AB) 2089, which amends the Confidentiality of Medical Information Act (CMIA) to include mental health application information under the definition of medical information....more
A $300,640 settlement announced yesterday by the Office for Civil Rights (OCR) provides important reminders about HIPAA Privacy Rule and data privacy practices generally: robust data disposal practices are critical and...more
In response to the United States Supreme Court decision in Dobbs vs. Jackson Women’s Health Organization, President Joe Biden signed an Executive Order on Friday, July 8, 2022, designed to protect access to reproductive...more
7/11/2022
/ Abortion ,
Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Joe Biden ,
OCR ,
Patient Privacy Rights ,
Reproductive Healthcare Issues ,
Roe v Wade ,
SCOTUS
It can be cathartic responding to a negative online review. It can also backfire, as can failing to cooperate with an OCR investigation as required under HIPAA.
The Office for Civil Rights (OCR) recently announced four...more