The District Court for the District of Columbia recently invalidated certain Department of Health and Human Services (“HHS”) rules regarding an individual’s access to their protected health information (“PHI”). The Court held that: (1) individuals can only direct their electronic PHI to third parties (and not hard copy PHI); and (2) the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Omnibus Rule provisions regarding the caps on fees that HIPAA-covered entities may charge for such requests did not follow relevant administrative law procedures.
Continue Reading
Health Privacy
OCR’s Second Settlement Under HIPAA Right of Access Initiative
Posted on
On December 12, 2019, the U.S. Department of Health and Human Services’ Office for Civil Rights announced its second enforcement action and settlement under its HIPAA Right of Access Initiative.…
Continue Reading
HHS Imposes 1.6 Million Dollar Civil Penalty on Texas State Agency for Health Data Breach
Posted on
On November 7, 2019, the Office for Civil Rights of the U.S. Department of Health and Human Services announced a $1.6 million civil penalty imposed against the Texas Health and Human Services Commission for violations of HIPAA Privacy and Security Rules.…
Continue Reading
Washington AG Settles with Premera on Behalf of Multistate Coalition
Posted on
On July 11, 2019, Washington Attorney General Bob Ferguson announced that his office had entered into a consent decree and $10 million settlement with Premera Blue Cross (“Premera”) that stems from a 2014-2015 breach that affected more than 11 million individuals. The settlement, which includes a payment of roughly $5.4 million to Washington state and $4.6 million to a coalition of 29 other state Attorneys General (the “Multistate AGs”), is one of the largest ever for a breach involving protected health information (“PHI”) and comes just one month after another notable HIPAA settlement involving a similar coalition of state AGs.
…
Continue Reading
First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement
Posted on
Arizona Attorney General Mark Brnovich recently announced a settlement with healthcare software provider Medical Informatics Engineering Inc. and its wholly owned subsidiary NoMoreClipboard, LLC. This blog entry provides an overview of the case. …
Continue Reading
OCR Settles with Medical Imaging Services Company
Posted on
On May 6, 2019, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement and $3 million settlement with Touchstone Medical Imaging. The settlement is the first OCR HIPAA enforcement action in 2019, following an all-time record year of HIPAA enforcement in 2018.…
Continue Reading
Federal Government Reduces Maximum Annual Penalties for Most Healthcare Privacy Violations
Posted on
On April 26, 2019, the U.S. Department of Health and Human Services reduced the available penalties for three out of the four tiers of privacy and security violations set forth in the HITECH Act. This blog entry provides an overview of the reductions.…
Continue Reading
China Ministries Jointly Release Guidelines for Protecting Personal Information Online
Posted on
On April 11, 2019, three Chinese bodies issued the Guide to Protection of Security of Internet Personal Information. This blog entry provides an overview of the Guide.…
Continue Reading
Dutch DPA Issues Guidelines on Privacy Policies Following Investigation
Posted on
On April 17, 2019, the Dutch Data Protection Authority issued six recommendations for companies, to be taken into account when drafting privacy policies. This blog entry provides an overview of the recommendations as well as the investigation which preceded their issuance. …
Continue Reading
Belgian DPA Publishes Updated List of Processing Activities Requiring DPIA
Posted on
The Belgian Data Protection Authority recently published the updated and final list of the types of processing activities which require a data protection impact assessment.…
Continue Reading