The Belgian Data Protection Authority recently published the updated and final list of the types of processing activities which require a data protection impact assessment.
Continue Reading
Health Privacy
EDPB Releases Opinion on Interplay Between the Clinical Trial Regulation and the GDPR
Posted on
On January 23, 2019, the European Data Protection Board released an opinion on the interplay between the European Clinical Trials Regulation and the GDPR.…
Continue Reading
CCPA: Employers Should Consider Implications for Employee Benefit Plans
Posted on
Posted in Health Privacy, Workplace Privacy
As we move closer to implementation of the California Consumer Privacy Act of 2018, companies should consider how the new law could affect their operations in multiple ways – including, for example, data collected through their employee benefit plans.…
Continue Reading
HHS Publishes Health Industry Cybersecurity Practices
Posted on
The U.S. Department of Health and Human Services recently published “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients,” which was developed by the Healthcare & Public Health Sector Coordinating Councils Public Private Partnership, a group comprised of over 150 cybersecurity and healthcare experts from government and private industry.…
Continue Reading
CIPL Co-Hosts Workshop on GDPR and Scientific Health Research
Posted on
On October 22, 2018, the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP co-hosted a workshop in Brussels on “Can GDPR Work for Health Scientific Research?” with the European Federation of Pharmaceutical Industries and Associations and the Future of Privacy Forum to address the challenges raised by the GDPR in conducting scientific health research.…
Continue Reading
Medical Transcription Vendor Agrees to $200,000 Settlement with New Jersey Attorney General
Posted on
Posted in Enforcement, Health Privacy
On October 30, 2018, ATA Consulting LLC agreed to a $200,000 settlement with the New Jersey Attorney General resulting from a server misconfiguration that allowed private medical records to be posted publicly online.…
Continue Reading
OCR Enters into Record Settlement with Anthem
Posted on
Recently, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement and record settlement of $16 million with Anthem, Inc. following Anthem’s 2015 data breach, the largest breach of protected health information in history that affected approximately 79 million individuals.…
Continue Reading
Judge Grants Final Approval of Record Data Breach Settlement in Anthem Class Action
Posted on
On August 15, 2018, U.S. District Judge Lucy Koh signed an order granting final approval of the record 115 million dollar class action settlement agreed to by Anthem Inc. in June 2017. …
Continue Reading
OCR Issues Guidance on Disclosures to Family, Friends and Others
Posted on
Posted in Health Privacy, Information Security
In its most recent cybersecurity newsletter, the U.S. Department of Health and Human Services’ Office for Civil Rights provided guidance regarding identifying vulnerabilities and mitigating the associated risks on software used to process electronic protected health information.…
Continue Reading
Eleventh Circuit Vacates FTC Data Security Order
Posted on
On June 6, 2018, the Eleventh Circuit vacated a 2016 Federal Trade Commission order compelling LabMD to implement a “comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of personal information collected from or about consumers.” The Eleventh Circuit agreed with LabMD that the FTC order was unenforceable because it did not direct the company to stop any “unfair act or practice” within the meaning of Section 5a of the Federal Trade Commission Act.…
Continue Reading