On September 15, 2016, the New Jersey Senate unanimously approved a bill that would limit retailers’ ability to collect and use personal data contained on consumers’ driver and non-driver identification cards. The bill, known as the Personal Information and Privacy Protection Act, must now be approved by the New Jersey Assembly.… Continue Reading
In this first segment from Bloomberg Law’s Second Annual Big Law Business Summit, Hunton partner Lisa Sotto describes the dramatic changes in the legal landscape of privacy over the last 10 to 15 years. View the video recording now. … Continue Reading
On August 4, 2016, the U.S. Department of Health and Human Services' Office for Civil Rights entered into a resolution agreement with Advocate Health Care Network over alleged HIPAA violations. The multimillion dollar settlement with Advocate is the largest settlement to date against a single covered entity.… Continue Reading
The U.S. Department of Health and Human Services’ Office for Civil Rights recently entered into resolution agreements with two large public health centers over alleged HIPAA violations.… Continue Reading
On June 30, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had settled potential HIPAA Security Rule violations with Catholic Health Care Services of the Archdiocese of Philadelphia. This is the first enforcement action OCR has taken against a business associate since the HIPAA Omnibus Rule was enacted in 2013.… Continue Reading
Recently, Aegerion Pharmaceuticals announced that it will enter into several settlements and plead guilty to two misdemeanors in connection with alleged violations of HIPAA, drug marketing regulations and securities laws. The criminal charges stem from the company’s marketing of a cholesterol drug called Juxtapid. Aegerion allegedly failed to comply with risk evaluation and management strategies and … Continue Reading
The U.S. Department of Health and Human Services’ Office for Civil Rights recently announced resolution agreements with Raleigh Orthopaedic Clinic, P.A., and New York-Presbyterian Hospital for HIPAA Privacy Rule violations.… Continue Reading
The Federal Trade Commission recently released an interactive tool for mobile health apps. The tool was developed in conjunction with several other federal agencies, including the Department of Health and Human Services’ Office for Civil Rights, the Office of the National Coordinator for Health Information Technology, and the Food and Drug Administration.… Continue Reading
On March 21, 2016, the Department of Health and Human Services’ Office for Civil Rights announced that it has commenced Phase 2 of the HIPAA Audit Program. … Continue Reading
In March 2016, the Department of Health and Human Services announced resolution agreements with North Memorial Health Care of Minnesota and The Feinstein Institute for Medical Research over potential violations of the HIPAA Privacy Rule.… Continue Reading
In a recent article published by Corporate Counsel, Hunton & Williams partner Lisa Sotto and associate Ryan Logan discuss the privacy and data security-related legal issues that arise in corporate transactions, and provide a how-to guide on addressing those issues during the various stages of a transaction.… Continue Reading
Recently, the U.S. Department of Health and Human Services Office for Civil Rights published guidance on the use of mobile health apps as well as a crosswalk that maps the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Framework to the HIPAA Security Rule.… Continue Reading
On February 3, 2016, the U.S. Department of Health and Human Services Office for Civil Rights announced that an Administrative Law Judge ruled that Lincare, Inc. violated the HIPAA Privacy Rule and ordered the company to pay 239,800 dollars to OCR.… Continue Reading
On January 5, 2016, the Federal Trade Commission announced that dental office management software provider, Henry Schein Practice Solutions, Inc., agreed to settle FTC charges that accused the company of falsely advertising the level of encryption it used to protect patient data.… Continue Reading
On December 14, 2015, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had settled potential HIPAA Security Rule violations with the University of Washington on behalf of the university’s medical center, medical school and affiliated labs and clinics. … Continue Reading
On December 9, 2015, the FTC announced that Wyndham Worldwide Corporation settled charges brought by the FTC stemming from allegations that the company unfairly failed to maintain reasonable data security practices.… Continue Reading
On November 30, 2015, Triple-S Management Corporation, an insurance holding company based in San Juan, Puerto Rico, agreed on behalf of certain of its subsidiaries to a 3.5 million dollar settlement to resolve potential violations of the HIPAA Privacy and Security Rules.… Continue Reading
On August 24, 2015, the Third Circuit issued its opinion in Federal Trade Commission v. Wyndham Worldwide Corporation, affirming the Federal Trade Commission's authority to regulate companies' data security practices under the unfairness prong of Section 5 of the FTC Act.… Continue Reading
On July 10, 2015, the House of Representatives passed the 21st Century Cures Act, which is intended to ease restrictions on the use and disclosure of protected health information for research purposes.… Continue Reading
The Department of Health and Human Services recently announced a resolution agreement and $125,000 settlement with Cornell Prescription Pharmacy in connection with the disposal of prescription records in an unsecured dumpster on Cornell's premises.… Continue Reading
On April 8, 2015, a New York Assemblyman introduced the Data Security Act in the New York State Assembly that would require New York businesses to implement and maintain information security safeguards. The Data Security Act also expands the scope of New York’s breach notification law.… Continue Reading
On February 27, 2015, the White House released a highly-anticipated draft of the Consumer Privacy Bill of Rights Act of 2015 that seeks to establish baseline protections for individual privacy in the commercial context and to facilitate the implementation of these protections through enforceable codes of conduct.… Continue Reading
On January 12, 2015, Senator James Merritt (R-Indianapolis) introduced a new security breach bill that would impose substantial new privacy obligations on companies holding the personal data of Indiana residents.… Continue Reading
The Department of Health and Human Services recently announced a resolution agreement and settlement with Anchorage Community Mental Health Services in connection with a data breach caused by malware.… Continue Reading
