Health : Privacy & Information Security Law Blog

Home > Health >

HHS Delays Enforcement of HITECH Act Business Associate Provisions

Posted on February 19, 2010 by Hunton & Williams LLP

We understand that yesterday Adam H. Greene (Office of the General Counsel, Civil Rights Division, U.S. Department of Health & Human Services), speaking at the ABA’s 11th Annual Conference on Emerging Issues in Healthcare Law, indicated that enforcement of the business associate provisions of the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), which became effective on February 17, 2010, will be delayed until final rules addressing those provisions are published. The HITECH Act’s business associate provisions require business associates to implement the information security safeguards specified by the HIPAA Security Rule, and comply with certain requirements of the HIPAA Privacy Rule. Similarly, the HITECH Act requires covered entities to provide in their business associate agreements that all of the HITECH Act’s security requirements applicable to covered entities are also applicable to business associates.

The Office for Civil Rights (“OCR”), which enforces HIPAA’s Privacy and Security Rules, has stated publicly that it is carefully evaluating how to proceed with HIPAA enforcement. For example, Section 13411 of the HITECH Act requires HHS to “provide for periodic audits to ensure that covered entities and business associates” are complying with the HITECH Act and its implementing regulations. At the 18th Annual National HIPAA Summit in early February, Sue McAndrew, the OCR’s Deputy Director for Health Information Privacy, explained that there are “1,000 ways” to conduct HIPAA audits and that OCR is working with a HIPAA expert to “map out essentially the range of options” to determine how best to effectively conduct HIPAA audits.

Despite the delay in enforcement, covered entities and business associates should take necessary actions to comply with the HITECH Act’s requirements. Please see our client alert on HITECH compliance for more information.

Tags: Adam Greene, Business Associate Agreement, Department of Health and Human Services, Enforcement, HIPAA, HITECH Act, Health, Health Privacy, Office of Civil Rights, Privacy Rule, Security Rule, Sue McAndrew

First Amendment Challenge Prompts Maine AG to Postpone Enforcement of New Child Privacy Protection Law

Posted on September 10, 2009 by Hunton & Williams LLP

On September 9, 2009, the U.S. District Court for the District of Maine dismissed a lawsuit challenging the validity of the Act to Prevent Predatory Marketing Practices Against Minors (the “Act”), which is set to take effect on September 12, 2009. The Act prohibits businesses from knowingly collecting or receiving a minor’s health-related information or personal information for marketing purposes without first obtaining verifiable parental consent. Businesses are also prohibited from using any health-related information or personal information regarding a minor for the purpose of marketing a product or service to the minor. In dismissing the claim, the Court acknowledged that the Plaintiffs had successfully established the likelihood of success on the merits that the Act is overbroad and violates the First Amendment. Although the Plaintiffs met this burden, the Court recognized that the Attorney General has agreed not to enforce the Act, and the Maine Legislature is committed to reconsidering its scope in January 2010. Accordingly, the Court, with the agreement of the parties, closed the lawsuit in a stipulated order of dismissal.

Click here for details regarding the scope and requirements of the Act.

Tags: Behavioral Advertising, COPPA, Enforcement, Health, Internet, Maine, Marketing, State Law, personal information

Maine Enacts Comprehensive New Law Restricting Marketing to Minors

Posted on August 14, 2009 by Hunton & Williams LLP

On September 12, 2009, Maine’s Act to Prevent Predatory Marketing Practices Against Minors (the “Act”) will take effect. The Act prohibits businesses from knowingly collecting or receiving a minor’s health-related information or personal information for marketing purposes without first obtaining verifiable parental consent. Businesses are also prohibited from using any health-related information or personal information regarding a minor for the purpose of marketing a product or service to the minor. Pursuant to the Act, the use of information in such a manner is a predatory marketing practice, which may be sanctioned as an unfair trade practice. The law also allows individuals subject to unlawful data collection or predatory marketing practices to bring a private right of action against violators.

For businesses, the implications of Maine's new data collection and marketing restrictions are far-reaching. The scope of the law covers both online and off-line marketing activities, and the broad definition of personal information includes a minor’s name in combination with any information concerning the minor. In light of the Act’s restrictive requirements and considerable scope, businesses would be well-advised to evaluate their current marketing practices and age verification mechanisms. The text of the law is available here.

Tags: COPPA, Health, Information Security, Internet, Maine, Marketing, State Law, personal information

This website is for general information purposes only. Information posted is not intended to be legal advice. For more information, please see the Disclaimer and Privacy Notice links.

Computerworld magazine has named Hunton & Williams the top firm for privacy for the third year in a row based on a survey of more than 2,000 corporate privacy professionals.More...

Topics

Behavioral Advertising
Centre for Information Policy Leadership
Enforcement
European Union
Events
FCRA
Financial Privacy
General
Health Privacy
Identity Theft
Information Security
International
Marketing
Online Privacy
Security Breach
State Law
Workplace Privacy

Archives

Recent Updates

Links

Financial Industry News

Google settles Buzz privacy lawsuit SAN FRANCISCO Google Inc has settled a lawsuit accusing it of privacy violations in connection with its Buzz social networking service, according to a court document filed on Friday. The settlement filing comes on the same day Google said it would...
September 6, 2010 6:16 AM
Google pays millions to settle privacy case GOOGLE has agreed to pay $US8.5 million ($9.28m) to settle a privacy lawsuit over its Buzz social networking tool, according to court documents. Buzz was added to Google's free email service Gmail in February.Legal paperwork made available online last...
September 6, 2010 11:51 PM
George Osborne needs to push banks to publish executive pay Bankers' pay transparency is only fair and the chancellor knows it – all that's needed now is legislationGeorge Osborne, the chancellor: has to get his skates on if he's not to miss the deadline for next year's annual reports. Photograph: Anthony Devlin/PAGeorge Osborne says, via his official spokesman, that he is committed to forcing banks to publish the pay brackets of their big earners on a no-names basis. Good. The scheme, devised by Sir David Walker, is a worthwhile reform. It is...
September 6, 2010 9:13 AM
Norway man pleads not guilty to terror financing OSLO, Norway -- A Somali-born Norwegian citizen pleaded not guilty Tuesday to charges of sending over $30,000 to top leaders of an al-Qaida-linked Somali militant group at the start of the first trial under Norway's 2002 terror financing law. Norwegian...
September 7, 2010 1:39 AM
Norway man on trial for terror financing A Somali-born Norwegian citizen has pleaded not guilty to charges of sending over $US30,000 to top leaders of an al-Qaeda-linked Somali militant group at the start of the first trial under Norway's 2002 terror financing law. Norwegian prosecutors...
September 7, 2010 2:09 AM
13 PKK members surrender to Turkish security forces Thirteen members of the outlawed Kurdish Workers' Party (PKK) who ran away from the PKK camps in Iraq surrendered to Turkish security forces on Monday, the semi- official Anatolia news agency reported.The PKK rebels told the Turkish security forces at...
September 6, 2010 6:20 PM
Balloon ban unlawful, judge decides CHILD protection group Bravehearts has permission to fly its white balloons as it likes.A judge has overturned a ruling which banned them on the grounds they could jeopardise a sex crime trial in country Victoria.White Balloon Day was banned in...
September 7, 2010 12:35 AM
Bozo bus depot needs tighter security: Kelly Police Commissioner Raymond Kelly wants NYPD terror cops to look into lax security at a New Jersey depot where mass-transit menace Darius McCollum stole dozens of buses.The Daily News exposed dramatic security lapses at the Hoboken facility this week,...
September 6, 2010 11:14 PM
The Guardian: Viewpoint Let's have a public say in bankers' pay George Osborne says, via his official spokesman, that he is committed to forcing banks to publish the pay brackets of their big earners on a no-names basis. Good. The scheme, devised by Sir David Walker, is a worthwhile reform. It is also very modest. If the coalition government could not hold its nerve on this minor matter then the new independent Banking Commission, examining the case for structural reform, would be redundant.One of the banks' main objections is that disclosure could...
September 6, 2010 10:49 AM
Police launch anti sexting video The video launch in Canberra coincided with the beginning of a three-day conference on hi-tech crime in Sydney which will focus on the difficulties the cyber environment presents for policing and subsequent legal action.AFP Commissioner Tony Negus said...
September 6, 2010 7:30 PM

Privacy & Information Security Law Blog

Unless otherwise noted, attorneys not certified by the Texas Board of Legal Specialization.

The Hunton & Williams law firm's Privacy and Information Management practice includes attorneys who provide services related to privacy law and information security. Our lawyers practice in all areas of privacy and information security, including: state and federal privacy law compliance; EU data protection compliance, including global data transfer mechanisms such as the U.S. Safe Harbor program and model clauses; HIPAA compliance, including the Privacy Rule and Safeguards Rule; GLBA compliance, including the Privacy Rule and Safeguards Rule; FCRA compliance, including disclosure of consumer reports, Affiliate Marketing Rule compliance, and Red Flags Rule compliance; e-commerce issues such as CAN-SPAM, TCPA, mobile marketing, other direct marketing and behavioral advertising; response to and preparation for information security breaches, including breach notification; workplace privacy, such as employee monitoring; identity theft; records management, records retention, and records disposal; online privacy such as COPPA compliance and website privacy notices; e-discovery; and FTC or other government enforcement actions.

Atlanta, Austin, Bangkok, Beijing, Brussels, Charlotte, Dallas, Houston, London, Los Angeles, McLean, Miami, New York, Norfolk, Raleigh, Richmond, San Francisco, Washington - www.hunton.com

LexBlog Lawyer Blogs and Law Firm Blog Design

Privacy & Information Security Law Blog : Privacy Lawyer & Attorney : Hunton & Williams Law Firm : Personal Data, Information Security

Published By
Hunton & Williams

Global privacy and information security law updates and analysis

HHS Delays Enforcement of HITECH Act Business Associate Provisions

First Amendment Challenge Prompts Maine AG to Postpone Enforcement of New Child Privacy Protection Law

Maine Enacts Comprehensive New Law Restricting Marketing to Minors

Privacy & Information Security Law Blog : Privacy Lawyer & Attorney : Hunton & Williams Law Firm : Personal Data, Information Security

Published By Hunton & Williams

Global privacy and information security law updates and analysis

HHS Delays Enforcement of HITECH Act Business Associate Provisions

First Amendment Challenge Prompts Maine AG to Postpone Enforcement of New Child Privacy Protection Law

Maine Enacts Comprehensive New Law Restricting Marketing to Minors

Published By
Hunton & Williams