On August 23, 2022, the U.S. Department of Health & Human Services, Office for Civil Rights announced that it had settled a case involving the disposal of physical protected health information.
Continue Reading OCR Announces $300,000 Settlement Related to Improper Disposal of Physical PHI
HIPAA
NIST Publishes New Draft Guidance on HIPAA Security Rule
Posted on
On July 21, 2022, the National Institute of Standards and Technology released an updated draft of its HIPAA Security Rule guidance. …
Continue Reading NIST Publishes New Draft Guidance on HIPAA Security Rule
FTC Issues Business Alert on Illegal Use and Sharing of Location, Health and other Sensitive Data
Posted on
On July 11, 2022, the Federal Trade Commission’s Bureau of Consumer Protection issued a business alert on businesses’ handling of sensitive data, with a particular focus on location and health data.
Continue Reading FTC Issues Business Alert on Illegal Use and Sharing of Location, Health and other Sensitive Data
President Biden Issues Executive Order Protecting Privacy of Reproductive Health Data
Posted on
Posted in Enforcement, Health Privacy
On July 8, 2022, President Biden issued an Executive Order titled, “Protecting Access to Reproductive Health Care Services,” in response to the overturning of Roe v. Wade. …
Continue Reading President Biden Issues Executive Order Protecting Privacy of Reproductive Health Data
HHS Issues Post-Dobbs Guidance to Protect Patient Privacy
Posted on
On June 29, 2022, the U.S. Department of Health and Human Services issued two guidance documents to “help protect patients seeking reproductive health care, as well as their providers” following the Supreme Court’s decision in Dobbs vs. Jackson Women’s Health Organization. …
Continue Reading HHS Issues Post-Dobbs Guidance to Protect Patient Privacy
HHS Releases Guidance on Audio-Only Telehealth Practices
Posted on
Earlier this month, the U.S. Department of Health and Human Services Office for Civil Rights released guidance to help covered entities understand how they can use remote communication technologies for audio-only telehealth in compliance with the HIPAA Privacy and Security Rules. Specifically, the Guidance clarifies how audio-only telehealth can be conducted after OCR’s Notification of Enforcement Discretion for Telehealth, put in place during the COVID-19 pandemic, is no longer in effect.
Continue Reading HHS Releases Guidance on Audio-Only Telehealth Practices
Vermont Enacts Insurance Data Security Law
Posted on
On May 27, 2022, Vermont Governor Phil Scott signed H.515, making Vermont the twenty-first state to enact legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law. This blog entry provides a summary of the legislation.
Continue Reading Vermont Enacts Insurance Data Security Law
Connecticut Enacts Consumer Privacy Law
Posted on
On May 10, 2022, Connecticut Governor Ned Lamont signed An Act Concerning Personal Data Privacy and Online Monitoring, after the law was previously passed by the Connecticut General Assembly in April. Connecticut is now the fifth state to enact a consumer privacy law.
Continue Reading Connecticut Enacts Consumer Privacy Law
Utah Becomes Fourth U.S. State to Enact Consumer Privacy Law
Posted on
Posted in U.S. State Law
On March 24, 2022, Utah became the fourth state in the U.S., following California, Virginia and Colorado, to enact a consumer data privacy law, the Utah Consumer Privacy Act. The law will take effect on December 31, 2023.
Continue Reading Utah Becomes Fourth U.S. State to Enact Consumer Privacy Law
NJ Acting Attorney General Announces $425,000 Fine to Settle Breach Investigation
Posted on
Earlier this month, the New Jersey Acting Attorney General Andrew Bruck announced that its Division of Consumer Affairs had reached a $425,000 settlement with three New Jersey-based providers of cancer care over alleged failures to adequately safeguard patient data.
Continue Reading NJ Acting Attorney General Announces $425,000 Fine to Settle Breach Investigation