Archives: Health Privacy

Subscribe to Health Privacy RSS Feed

Data Security Act Introduced in New York State Assembly

On April 8, 2015, a New York Assemblyman introduced the Data Security Act in the New York State Assembly that would require New York businesses to implement and maintain information security safeguards. The Data Security Act also expands the scope of New York’s breach notification law.… Continue Reading

Article 29 Working Party Clarifies Scope of Health Data Processed by Lifestyle and Wellbeing Apps

On February 5, 2015, the Article 29 Working Party published a letter that responds to a request of the European Commission to clarify the scope of health data processed by lifestyle and wellbeing apps. In the letter, the Working Party identifies the criteria to determine when personal data qualifies as "health data," and provides recommendations on the treatment of health data in the proposed EU Regulation.… Continue Reading

FTC Releases Report on Internet of Things

On January 27, 2015, the Federal Trade Commission announced the release of a report on the Internet of Things that describes the current state of the Internet of Things, analyzes the benefits and risks of its development, applies privacy principles to the Internet of Things and discusses whether legislation is needed to address this burgeoning area.… Continue Reading

Delaware Enacts New Data Destruction Law

On July 1, 2014, Delaware Governor Jack Markell signed into law a bill that creates new safe destruction requirements for the disposal of business records containing consumer personal information. The law will take effect on January 1, 2015.… Continue Reading

Florida Amends Breach Notification Law to Cover Health Data, Tighten Notice Deadline and Require State Regulator Notification

On June 20, 2014, Florida Governor Rick Scott signed a bill that repeals and replaces the state's existing breach notification statute to cover health information and online account credentials, impose a 30-day notification timing requirement and require notification to the state regulator for breaches affecting 500 or more residents. The amendment took effect on July 1, 2014. … Continue Reading

HHS Settles Case Involving Unattended Medical Records

On June 23, 2014, the Department of Health and Human Services announced a resolution agreement and 800,000 USD settlement with Parkview Health System, Inc. following a complaint involving patient medical records that were left unattended on a physician’s driveway. … Continue Reading

HHS Announces Pre-Audit HIPAA Surveys

The Department of Health and Human Services Office for Civil Rights recently announced that it intends to survey up to 1,200 covered entities and business associates to determine their suitability for a more fulsome HIPAA compliance audit.… Continue Reading

Puerto Rico Health Insurer Reports Record Fine Following PHI Breach Incident

Triple-S Management Corporation reported in a recent SEC filing that its health insurance subsidiary, Triple-S Salud, Inc., has been notified by the Puerto Rico Health Insurance Administration that the Administration will impose a $6.8 million civil monetary penalty on the insurer in connection with a data breach that occurred in September 2013. … Continue Reading

FTC Reaches Settlement with Accretive Health

On December 31, 2013, the Federal Trade Commission announced that Accretive Health, Inc. has agreed to settle charges that the company's inadequate data security measures unfairly exposed sensitive consumer information to the risk of theft or misuse. Accretive experienced a breach in July 2011 that involved the protected health information of more than 23,000 patients.… Continue Reading
LexBlog