Archives: Health Privacy

Subscribe to Health Privacy RSS Feed

FTC Releases Interactive Tool for Mobile Health Apps

The Federal Trade Commission recently released an interactive tool for mobile health apps. The tool was developed in conjunction with several other federal agencies, including the Department of Health and Human Services’ Office for Civil Rights, the Office of the National Coordinator for Health Information Technology, and the Food and Drug Administration.… Continue Reading

HHS Releases Guidance on Health Apps and HIPAA Security Rule Crosswalk

Recently, the U.S. Department of Health and Human Services Office for Civil Rights published guidance on the use of mobile health apps as well as a crosswalk that maps the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Framework to the HIPAA Security Rule.… Continue Reading

HIPAA Settlement Emphasizes Importance of Risk Analyses

On December 14, 2015, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had settled potential HIPAA Security Rule violations with the University of Washington on behalf of the university’s medical center, medical school and affiliated labs and clinics. … Continue Reading

Connecticut Passes New Data Protection Measures into Law

On July 1, 2015, Connecticut's governor signed into law Public Act No. 15-142, An Act Improving Data Security and Agency Effectiveness, that amends and updates the state's data breach notification law and imposes certain data security requirements on health insurers and state contractors.… Continue Reading

Data Security Act Introduced in New York State Assembly

On April 8, 2015, a New York Assemblyman introduced the Data Security Act in the New York State Assembly that would require New York businesses to implement and maintain information security safeguards. The Data Security Act also expands the scope of New York’s breach notification law.… Continue Reading

Article 29 Working Party Clarifies Scope of Health Data Processed by Lifestyle and Wellbeing Apps

On February 5, 2015, the Article 29 Working Party published a letter that responds to a request of the European Commission to clarify the scope of health data processed by lifestyle and wellbeing apps. In the letter, the Working Party identifies the criteria to determine when personal data qualifies as "health data," and provides recommendations on the treatment of health data in the proposed EU Regulation.… Continue Reading

FTC Releases Report on Internet of Things

On January 27, 2015, the Federal Trade Commission announced the release of a report on the Internet of Things that describes the current state of the Internet of Things, analyzes the benefits and risks of its development, applies privacy principles to the Internet of Things and discusses whether legislation is needed to address this burgeoning area.… Continue Reading

Delaware Enacts New Data Destruction Law

On July 1, 2014, Delaware Governor Jack Markell signed into law a bill that creates new safe destruction requirements for the disposal of business records containing consumer personal information. The law will take effect on January 1, 2015.… Continue Reading

Florida Amends Breach Notification Law to Cover Health Data, Tighten Notice Deadline and Require State Regulator Notification

On June 20, 2014, Florida Governor Rick Scott signed a bill that repeals and replaces the state's existing breach notification statute to cover health information and online account credentials, impose a 30-day notification timing requirement and require notification to the state regulator for breaches affecting 500 or more residents. The amendment took effect on July 1, 2014. … Continue Reading

HHS Settles Case Involving Unattended Medical Records

On June 23, 2014, the Department of Health and Human Services announced a resolution agreement and 800,000 USD settlement with Parkview Health System, Inc. following a complaint involving patient medical records that were left unattended on a physician’s driveway. … Continue Reading
LexBlog