On September 26, 2016, the French Data Protection Authority published the results of the Internet sweep on connected devices. The sweep was conducted in May 2016 to assess the quality of the information provided to users of connected devices, the level of security of the data flows and the degree of user empowerment.… Continue Reading
On August 4, 2016, the U.S. Department of Health and Human Services' Office for Civil Rights entered into a resolution agreement with Advocate Health Care Network over alleged HIPAA violations. The multimillion dollar settlement with Advocate is the largest settlement to date against a single covered entity.… Continue Reading
On July 29, 2016, the Federal Trade Commission announced that it had issued an opinion and final order reversing the administrative law judge’s decision by finding that LabMD failed to maintain reasonable security practices to protect consumers’ sensitive personal information in violation of Section 5 of the FTC Act.… Continue Reading
The U.S. Department of Health and Human Services’ Office for Civil Rights recently entered into resolution agreements with two large public health centers over alleged HIPAA violations.… Continue Reading
On July 6, 2016, the UK government decided to close its controversial care.data scheme after concerns were raised about the safeguards in place to protect individuals’ health care data and issues with patient transparency.… Continue Reading
On June 30, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had settled potential HIPAA Security Rule violations with Catholic Health Care Services of the Archdiocese of Philadelphia. This is the first enforcement action OCR has taken against a business associate since the HIPAA Omnibus Rule was enacted in 2013.… Continue Reading
On June 8, 2016, the Federal Trade Commission announced that Practice Fusion, an electronic health records company, agreed to settle FTC charges that the company misled consumers about the privacy of doctor reviews submitted to the company. … Continue Reading
On May 19, 2016, Hunton & Williams LLP and The Advisory Board Company hosted a webinar on How to Discuss Cybersecurity with Your C-Suite and Board of Directors. Hunton partner Matthew Jenkins moderated the session, and speakers included partner Paul Tiao, member of the firm’s Global Technology and Privacy practice, and The Advisory Board Company’s … Continue Reading
Recently, Aegerion Pharmaceuticals announced that it will enter into several settlements and plead guilty to two misdemeanors in connection with alleged violations of HIPAA, drug marketing regulations and securities laws. The criminal charges stem from the company’s marketing of a cholesterol drug called Juxtapid. Aegerion allegedly failed to comply with risk evaluation and management strategies and … Continue Reading
The U.S. Department of Health and Human Services’ Office for Civil Rights recently announced resolution agreements with Raleigh Orthopaedic Clinic, P.A., and New York-Presbyterian Hospital for HIPAA Privacy Rule violations.… Continue Reading
The Federal Trade Commission recently released an interactive tool for mobile health apps. The tool was developed in conjunction with several other federal agencies, including the Department of Health and Human Services’ Office for Civil Rights, the Office of the National Coordinator for Health Information Technology, and the Food and Drug Administration.… Continue Reading
On March 21, 2016, the Department of Health and Human Services’ Office for Civil Rights announced that it has commenced Phase 2 of the HIPAA Audit Program. … Continue Reading
In March 2016, the Department of Health and Human Services announced resolution agreements with North Memorial Health Care of Minnesota and The Feinstein Institute for Medical Research over potential violations of the HIPAA Privacy Rule.… Continue Reading
Recently, the U.S. Department of Health and Human Services Office for Civil Rights published guidance on the use of mobile health apps as well as a crosswalk that maps the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Framework to the HIPAA Security Rule.… Continue Reading
On February 3, 2016, the U.S. Department of Health and Human Services Office for Civil Rights announced that an Administrative Law Judge ruled that Lincare, Inc. violated the HIPAA Privacy Rule and ordered the company to pay 239,800 dollars to OCR.… Continue Reading
On January 5, 2016, the Federal Trade Commission announced that dental office management software provider, Henry Schein Practice Solutions, Inc., agreed to settle FTC charges that accused the company of falsely advertising the level of encryption it used to protect patient data.… Continue Reading
On December 14, 2015, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had settled potential HIPAA Security Rule violations with the University of Washington on behalf of the university’s medical center, medical school and affiliated labs and clinics. … Continue Reading
On November 30, 2015, Triple-S Management Corporation, an insurance holding company based in San Juan, Puerto Rico, agreed on behalf of certain of its subsidiaries to a 3.5 million dollar settlement to resolve potential violations of the HIPAA Privacy and Security Rules.… Continue Reading
On July 1, 2015, Connecticut's governor signed into law Public Act No. 15-142, An Act Improving Data Security and Agency Effectiveness, that amends and updates the state's data breach notification law and imposes certain data security requirements on health insurers and state contractors.… Continue Reading
On July 10, 2015, the House of Representatives passed the 21st Century Cures Act, which is intended to ease restrictions on the use and disclosure of protected health information for research purposes.… Continue Reading
The Department of Health and Human Services recently announced a resolution agreement and $125,000 settlement with Cornell Prescription Pharmacy in connection with the disposal of prescription records in an unsecured dumpster on Cornell's premises.… Continue Reading
On April 8, 2015, a New York Assemblyman introduced the Data Security Act in the New York State Assembly that would require New York businesses to implement and maintain information security safeguards. The Data Security Act also expands the scope of New York’s breach notification law.… Continue Reading
On February 5, 2015, the Article 29 Working Party published a letter that responds to a request of the European Commission to clarify the scope of health data processed by lifestyle and wellbeing apps. In the letter, the Working Party identifies the criteria to determine when personal data qualifies as "health data," and provides recommendations on the treatment of health data in the proposed EU Regulation.… Continue Reading
On January 27, 2015, the Federal Trade Commission announced the release of a report on the Internet of Things that describes the current state of the Internet of Things, analyzes the benefits and risks of its development, applies privacy principles to the Internet of Things and discusses whether legislation is needed to address this burgeoning area.… Continue Reading
