The United States Court of Appeals for the Fifth Circuit recently vacated a 4.3 million dollar civil monetary penalty imposed by the Department of Health and Human Services’ Office for Civil Rights in 2017 against the University of Texas M.D. Anderson Cancer Center, holding that the penalty was “arbitrary, capricious, and otherwise unlawful.”
Continue Reading Fifth Circuit Court of Appeals Vacates MD Anderson HIPAA Penalty
HIPAA
42 States and District of Columbia Enter into $39.5 Million Agreement with Anthem to Settle Breach-Related Claims
On September 30, 2020, Anthem, Inc., entered into an assurance of voluntary compliance with the attorneys general of 42 states and the District of Columbia to resolve claims under state and federal law relating to Anthem’s 2015 data breach of personal information and protected health information, the largest breach of PHI in history.…
Continue Reading 42 States and District of Columbia Enter into $39.5 Million Agreement with Anthem to Settle Breach-Related Claims
OCR Settles with Orthopedic Clinic for $1.5 Million for Alleged HIPAA Noncompliance
On September 21, 2020, the U.S. Department of Health and Human Services Office for Civil Rights announced a $1.5 million settlement with Athens Orthopedic Clinic PA for alleged violations of the HIPAA Privacy and Security Rules.…
Continue Reading OCR Settles with Orthopedic Clinic for $1.5 Million for Alleged HIPAA Noncompliance
OCR Settles Five More Investigations Under HIPAA Right of Access Initiative
On September 15, 2020, the U.S. Department of Health and Human Services’ Office for Civil Rights announced five more settlements under its HIPAA Right of Access Initiative.…
Continue Reading OCR Settles Five More Investigations Under HIPAA Right of Access Initiative
California Legislature Passes Bill to Establish the Genetic Information Privacy Act, Pending Governor’s Signature
On August 31, 2020, the California Senate joined the Assembly in passing SB-980, as amended, a bill to establish the Genetic Information Privacy Act, which would require direct-to-consumer genetic testing companies to comply with certain privacy and data security provisions. The bill is pending California Governor Gavin Newsom’s signature.…
Continue Reading California Legislature Passes Bill to Establish the Genetic Information Privacy Act, Pending Governor’s Signature
California Senate Proposes Amendment to CCPA to Address De-Identification and Information Used for Research and Public Health Purposes
On June 11, 2020, the California Senate amended AB-713 to the California Consumer Privacy Act. The Senate’s recent amendments impose new contractual obligations on the use or sale of de-identified information and modify the exemption from the CCPA for information used for public health purposes. …
Continue Reading California Senate Proposes Amendment to CCPA to Address De-Identification and Information Used for Research and Public Health Purposes
Senate Commerce Committee Holds Hearing on Data and the Coronavirus
On April 9, 2020 the U.S. Senate Committee on Commerce, Science and Transportation held a “paper hearing” entitled Enlisting Big Data in the Fight Against Coronavirus. …
Continue Reading Senate Commerce Committee Holds Hearing on Data and the Coronavirus
Washington, D.C. Amends Data Breach Notification Law, Adds Data Security Requirements
On March 26, 2020, Washington D.C. enacted bill number B23-0215, amending D.C.’s data breach notification law.…
Continue Reading Washington, D.C. Amends Data Breach Notification Law, Adds Data Security Requirements
New York SHIELD Act Requires Safeguards to Protect Private Information
On March 21, 2020, the data security provisions of New York’s Stop Hacks and Improve Electronic Data Security Act went into effect. The SHIELD Act requires any person or business owning or licensing computerized data that includes the private information of a resident of New York to implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of the private information.…
Continue Reading New York SHIELD Act Requires Safeguards to Protect Private Information
OCR Issues Bulletin on the Sharing and Security of PHI During Coronavirus Pandemic
The Office for Civil Rights at the U.S. Department of Health and Human Services issued a Bulletin on sharing and protecting patients’ protected health information during the COVID-19 national emergency. The Bulletin emphasizes that HIPAA-covered entities may use or disclose patients’ PHI when necessary to treat a patient, to protect the nation’s public health and for other critical purposes.…
Continue Reading OCR Issues Bulletin on the Sharing and Security of PHI During Coronavirus Pandemic