Health Privacy | Privacy and Information Security Law Blog

French Data Protection Authority Unveils Its Agenda for 2012

Posted on April 25, 2012 by Hunton & Williams LLP

On April 19, 2012, the French Data Protection Authority (the “CNIL”) issued a press release detailing its enforcement agenda for 2012. In a report adopted March 29, 2012, the CNIL announced that it will conduct 450 on-site inspections this year, with particular focus on the specific themes described below. The CNIL also indicated that it will continue the work started in 2011 with at least 150 additional inspections related to video surveillance, especially with respect to surveillance in locations that are frequented by large numbers of individuals.

Tags: Cloud Computing, CNIL, Data Controller, Data Protection Authority, EU Member States, France, Video Surveillance

HHS Finalizes Omnibus HIPAA Rule for OMB Review; Settles with Phoenix Cardiac Surgery Following OCR Investigation

Posted on April 19, 2012 by Hunton & Williams LLP

In the past month, the Department of Health and Human Services (“HHS”) sent its final omnibus rule modifying the HIPAA Privacy, Security and Enforcement Rules to the White House Office of Management and Budget (“OMB”) and announced a $100,000 settlement with Phoenix Cardiac Surgery, P.C. for violations of the HIPAA Rules.

Tags: Consumer Protection, Department of Health and Human Services, HIPAA, HITECH Act, Penalty, Privacy Rule, Protected Health Information, Security Rule

HHS Settles First Breach Notification Rule Case for $1.5 Million

Posted on March 14, 2012 by Hunton & Williams LLP

On March 13, 2012, the Department of Health and Human Services (“HHS”) announced that it had settled the first case related to the HITECH Act Breach Notification Rule. BlueCross Blue Shield of Tennessee (“BCBS Tennessee”) agreed to pay $1.5 million to settle potential HIPAA violations related to the October 2009 theft of 57 unencrypted hard drives containing protected health information (“PHI”) from a network data closet at a leased facility leased in Chattanooga, Tennessee.

Tags: Consumer Protection, Department of Health and Human Services, HIPAA, HITECH Act, Penalty, Privacy Rule, Protected Health Information, Social Security Number, Tennessee

2012 IAPP Global Privacy Summit

Posted on March 6, 2012 by Hunton & Williams LLP

Join us at the International Association of Privacy Professionals (“IAPP”) Global Privacy Summit in Washington, D.C., March 7-9, 2012. Hunton & Williams privacy professionals will be featured speakers in the following sessions:

Mending Fences after a Breach
Thursday, March 8, 12:15 p.m.
Speakers include: Lisa J. Sotto, partner and head of the Global Privacy and Data Security practice, Hunton & Williams LLP; Susan Grant, Director of Consumer Protection, Consumer Federation of America; and Joanne B. McNabb, Chief, California Office of Privacy Protection. Continue reading…

Tags: Article 29 Working Party, Binding Corporate Rules, Bridget Treacy, Canada, Christopher Graham, CNIL, Consumer Protection, Federal Trade Commission, Fred Cate, Information Commissioners Office, International Association of Privacy Professionals, Ireland, Jacob Kohnstamm, Lisa Sotto, Marty Abrams, Mexico, Nuala OConnor Kelly, Peter Hustinx, United Kingdom

Article 29 Working Party Issues Guidance on European Patients Smart Open Services

Posted on February 14, 2012 by Hunton & Williams LLP

On January 25, 2012, the Article 29 Working Party (the “Working Party”) issued a Working Document providing guidance on data protection issues relating to the European Patients Smart Open Services (“epSOS”) project. epSOS is a pilot project focused on developing an information and communications technology infrastructure that enables access to patient health information (i.e., Patient Summaries) among different EU Member States for the purpose of providing medical treatment. The project also aims to facilitate the cross-border use of electronic prescriptions (i.e., ePrescriptions). epSOS involves the collaboration of a significant number of health care provider organizations and companies that contribute their knowledge and expertise to the project.

Tags: Article 29 Working Party, Cross-Border Data Flow, Data Controller, Data Protection Authority, EU Member States, Protected Health Information

Minnesota AG Sues Debt Collection Agency for Health Privacy Violations

Posted on January 24, 2012 by Hunton & Williams LLP

On January 19, 2012, Minnesota Attorney General Lori Swanson announced a lawsuit against Accretive Health, Inc., (“Accretive”) for violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations, the Minnesota Health Records Act, Minnesota’s debt collection statutes and Minnesota’s consumer protection laws. The suit, which was filed in Federal District Court in Minnesota, alleges that Accretive failed to adequately safeguard patients’ protected health information (“PHI”). This failure contributed to a July 2011 information security breach when an Accretive employee left an unencrypted laptop containing information of approximately 23,500 patients in a rental car. The laptop was stolen and has not yet been recovered.

Tags: Consumer Protection, HIPAA, HITECH Act, Minnesota, Privacy Rule, Protected Health Information, Social Security Number, State Attorneys General

HHS Issues New Model Privacy Notice for PHR Vendors

Posted on September 15, 2011 by Hunton & Williams LLP

On September 12, 2011, the Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (“ONC”) unveiled a model privacy notice for personal health records (the “PHR Model Privacy Notice”). The PHR Model Privacy Notice was developed by ONC in collaboration with consumers and vendors of personal health records (“PHRs”). The PHR Model Privacy Notice is intended to enable consumers to “understand privacy and security policies and data sharing practice information, compare PHR company practices, and make informed decisions.”

Tags: Consumer Protection, Cookies, Department of Health and Human Services, Federal Trade Commission, Protected Health Information

How the Supreme Court’s Decision in Sorrell v. IMS Health May Affect Forthcoming “Do Not Track” Legislation

Posted on September 9, 2011 by Hunton & Williams LLP

Following the U.S. Supreme Court’s ruling in Sorrell v. IMS Health, Thomas Julin, partner at Hunton & Williams LLP who represented IMS Health in the case, closely studied the Court’s decision to assess its implications, including with respect to other forthcoming legislation. In an interview with Marty Abrams, President of the Centre for Information Policy Leadership, during the Centre’s First Friday Call on September 9, 2011, Julin discussed the close parallels between the law invalidated in Sorrell v. IMS Health and proposed federal regulation of behavioral advertising such as the “Do-Not-Track Online Act of 2011,” which was introduced by Senator Jay Rockefeller (D-WV) in May 2011.

Listen to the full audio recording of Thomas Julin discussing his views on the implications of Sorrell v. IMS.

Read Julin’s article on this topic published by BNA’s Privacy and Security Law Report.

Tags: Consumer Protection, Do Not Track, Litigation, Marty Abrams, Supreme Court, Thomas Julin

HHS Pressured to Drop Access Report Provision in Proposed Rule

Posted on August 5, 2011 by Hunton & Williams LLP

Several health care industry groups requested that the Department of Health and Human Services (“HHS”) either remove or significantly revise a proposed “access report” requirement in its recent notice of proposed rulemaking (the “Proposed Rule”) for the accounting of disclosures of protected health information (“PHI”). As we reported in May, HHS issued the Proposed Rule that revises existing HIPAA Privacy Rule provisions regarding accounting of disclosures and gives individuals a new right to obtain an “access report” that would list the specific persons who have accessed a patient’s PHI, and describe any actions taken by those persons with respect to the PHI (e.g., create, modify, access or delete).

Tags: Department of Health and Human Services, HIPAA, HITECH Act, Privacy Rule, Protected Health Information

IAPP Hosts Webinar on Upcoming OCR Audit Program

Posted on August 2, 2011 by Hunton & Williams LLP

On July 28, 2011, the International Association of Privacy Professionals (“IAPP”) hosted a webinar that addressed the upcoming audit program of the Department of Health and Human Services Office of Civil Rights (“OCR”). Susan McAndrew, the Deputy Director for Health Information Privacy at OCR, provided an overview of the audit program, noting that it stemmed from Section 13411 of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. That section of the HITECH Act authorized the Secretary of the Health and Human Services to “provide for periodic audits to ensure that covered entities and business associates” comply with the requirements of the HIPAA Privacy and Security Rules.

Tags: Compliance, Department of Health and Human Services, HIPAA, HITECH Act, International Association of Privacy Professionals, Privacy Rule, Protected Health Information, Security Rule

Privacy and Information Security Law Blog - Global privacy and information security law updates and analysis

HHS Finalizes Omnibus HIPAA Rule for OMB Review; Settles with Phoenix Cardiac Surgery Following OCR Investigation

2012 IAPP Global Privacy Summit

Article 29 Working Party Issues Guidance on European Patients Smart Open Services

HHS Issues New Model Privacy Notice for PHR Vendors

How the Supreme Court’s Decision in Sorrell v. IMS Health May Affect Forthcoming “Do Not Track” Legislation

HHS Pressured to Drop Access Report Provision in Proposed Rule

IAPP Hosts Webinar on Upcoming OCR Audit Program

Published By Hunton & Williams

Search

Subscribe

Topics

Recent Updates

Blogroll

Privacy News