The California Consumer Privacy Act (CCPA), considered one of the most expansive U.S. privacy laws to date, went into effect on January 1, 2020. The CCPA placed significant limitations on the collection and sale of a...more
1/20/2022
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CMIA ,
Consumer Privacy Rights ,
Contractors ,
Cookies ,
Coronavirus/COVID-19 ,
Corporate Counsel ,
Covered Business ,
Data Breach ,
Data Deletion ,
Data Privacy ,
Data Protection ,
Do Not Sell ,
For-Profit Corporations ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Opt-Outs ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Record Retention ,
Sensitive Personal Information ,
Third-Party
As employers consider implementing a vaccine mandate to encourage employees to get vaccinated against COVID-19, we have recently discussed the merits of imposing a “vaccine surcharge” on monthly health insurance premiums for...more
The Federal Trade Commission (“FTC”) recently issued an important policy statement to health apps and other connected devices that collect or use consumers’ health information. The FTC’s policy statement effectively...more
When use or disclosure of an individual’s health information or medical records is at issue, the assumption seems to be, much more often than not, that the HIPAA privacy and security rules apply. This has certainly been the...more
10/1/2021
/ Americans with Disabilities Act (ADA) ,
Anti-Discrimination Policies ,
Coronavirus/COVID-19 ,
Disclosure ,
Employment Records ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Medical Records ,
OCR ,
OSHA ,
Personal Information ,
PHI ,
Physicians ,
Vaccinations
According to Forbes.com, more employers are considering imposing a premium surcharge on employees participating in the company’s health plan who are not vaccinated for COVID-19. Whether positioned as rewards or penalties,...more
Patient record requests can be a significant administrative burden for health care providers. An OCR enforcement initiative and a new federal law give providers more reason to get this process right.
Since the Health...more
Effective October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law (Public Act No. 21-119), joining Utah and Ohio. In short, the Connecticut law prohibits courts in the state from...more
Since the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule became effective in 2003, it generally required covered entities to provide patients timely access to their medical records. Of...more
7/23/2021
/ 21st Century Cures Act ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Information Blocking Rules ,
OCR ,
OIG ,
PHI ,
Right-To-Access
In April, we posted about the U.S. Department of Labor’s (DOL) Employee Benefits Security Administration (EBSA) issuing cybersecurity guidance for employee retirement plans. That is, April 14, 2021. Shortly thereafter, the...more
State legislatures across the nation are prioritizing privacy and security matters, and Connecticut is no exception. This week, Connecticut Attorney General William Tong announced the passage of An Act Concerning Data Privacy...more
In a landmark decision, the U.S. Supreme Court has ruled that the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030 et seq., does not prohibit improper use of computer information to which an individual has authorized...more
For years (and we do mean years), the EEOC has waffled about whether incentives were permissible in connection with a medical inquiry under a voluntary wellness program. Friday, the EEOC issued its most recent pronouncement...more
6/2/2021
/ Adverse Employment Action ,
Affordable Care Act ,
Americans with Disabilities Act (ADA) ,
Anti-Retaliation Provisions ,
Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Employer Group Health Plans ,
Equal Employment Opportunity Commission (EEOC) ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Incentives ,
IRS ,
Medical Examinations ,
New Guidance ,
Vaccinations ,
Voluntary Participation ,
Wellness Programs
On May 13th, New York State Senator Kevin Thomas, Chair of NY’s Consumer Protection Committee, reintroduced the New York Privacy Act (“NYPA”), a comprehensive consumer privacy law similar in kind to the California Consumer...more
5/26/2021
/ Anti-Discrimination Policies ,
California Consumer Privacy Act (CCPA) ,
CDPA ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Controller ,
DPPA ,
Duty of Care ,
FERPA ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
New York ,
Opt-In ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Proposed Legislation ,
Right to Delete ,
Written Notice
In a recent post, we highlighted the need for a privacy and cybersecurity training program, one not solely focused on spotting phishing attempts (although that is quite important as well). A primary reason, quite simply, is...more
4/28/2021
/ Coronavirus/COVID-19 ,
Cybersecurity ,
Data Security ,
Employee Training ,
GitHub ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
Popular ,
Remote Working ,
Security Breach ,
State Health Departments
Providing incentives for employees to get the COVID-19 vaccine continues to be on the minds of organizations as vaccinations pick up speed. However, concerns about privacy and the shifting positions on wellness program...more
A small New Jersey plastic surgery practice, Village Plastic Surgery (“VPS”), has become the eighteenth HIPAA covered entity to face an enforcement action under the Office for Civil Right’s HIPAA Right of Access Initiative....more
As we noted in late January 2020, the spread of infectious disease raises particular concerns for healthcare workers who want to do their jobs and care for their patients, while also protect themselves and their families....more
3/19/2021
/ Coronavirus/COVID-19 ,
Data Breach ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Workers ,
Information Technology ,
Medical Records ,
Third-Party ,
Unauthorized Access ,
Vaccinations ,
Vendors ,
Virus Testing
Florida may soon join the growing number of states that have enacted comprehensive consumer privacy legislation. Backed by Governor Ron DeSantis, Florida House Bill 969 (HB 969) would create new obligations for covered...more
3/3/2021
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Credit Reporting Agencies ,
Data Breach ,
Fair Credit Reporting Act (FCRA) ,
FIPA ,
Florida ,
GLBA Privacy ,
Governor DeSantis ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Non-Discrimination Rules ,
Opt-Outs ,
Personally Identifiable Information ,
Proposed Legislation
On January 13, House Delegate Sara Love Introduced the “Biometric Identifiers and Biometric Information Privacy Act” (the “Act”) substantially modeled after the Biometric Information Privacy Act in Illinois, 740 ILCS 14 et...more
Virginia may be the first state to follow California’s lead on consumer privacy legislation, but it certainly will not be the last. The International Association of Privacy Professionals (IAPP) observed, “State-Level momentum...more
When the California Consumer Privacy Act of 2018 (CCPA) became law, it was only a matter of time before other states adopt their own statutes intended to enhance privacy rights and consumer protection for residents. The...more
Enacted in 2008, the Illinois Biometric Information Privacy Act, 740 ILCS 14 et seq. (the “BIPA”), went largely unnoticed until a few years ago when a handful of cases sparked a flood of class action litigation over the...more
As employers continue to grapple with a safe return to the workplace, the U.S. Centers for Disease Control and Prevention (CDC) issued new guidance for businesses and employers on SARS-CoV-2 testing of employees, as part of a...more
1/28/2021
/ Centers for Disease Control and Prevention (CDC) ,
Coronavirus/COVID-19 ,
Corporate Counsel ,
Employee Privacy Rights ,
Employer Liability Issues ,
Equal Employment Opportunity Commission (EEOC) ,
Food and Drug Administration (FDA) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Informed Consent ,
New Guidance ,
Virus Testing ,
Workplace Safety
In honor of Data Privacy Day, we provide the following “Top 10 for 2021.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2021...more
1/28/2021
/ Americans with Disabilities Act (ADA) ,
Artificial Intelligence ,
ATDS ,
Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet of Things ,
OCR ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
TCPA
Since 1996, when Congress passed the Health Insurance Portability and Accountability Act (HIPAA), employers have been struggling with whether and to what extent they could offer incentives to employees to participate in...more