On June 11, 2020, the California Senate amended AB-713 to the California Consumer Privacy Act. The Senate’s recent amendments impose new contractual obligations on the use or sale of de-identified information and modify the exemption from the CCPA for information used for public health purposes.
Continue Reading California Senate Proposes Amendment to CCPA to Address De-Identification and Information Used for Research and Public Health Purposes

On March 21, 2020, the data security provisions of New York’s Stop Hacks and Improve Electronic Data Security Act went into effect. The SHIELD Act requires any person or business owning or licensing computerized data that includes the private information of a resident of New York to implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of the private information.
Continue Reading New York SHIELD Act Requires Safeguards to Protect Private Information

The Office for Civil Rights at the U.S. Department of Health and Human Services issued a Bulletin on sharing and protecting patients’ protected health information during the COVID-19 national emergency. The Bulletin emphasizes that HIPAA-covered entities may use or disclose patients’ PHI when necessary to treat a patient, to protect the nation’s public health and for other critical purposes.
Continue Reading OCR Issues Bulletin on the Sharing and Security of PHI During Coronavirus Pandemic

The District Court for the District of Columbia recently invalidated certain Department of Health and Human Services (“HHS”) rules regarding an individual’s access to their protected health information (“PHI”). The Court held that: (1) individuals can only direct their electronic PHI to third parties (and not hard copy PHI); and (2) the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Omnibus Rule provisions regarding the caps on fees that HIPAA-covered entities may charge for such requests did not follow relevant administrative law procedures.
Continue Reading District Court Limits HIPAA Right of Access

The U.S. Department of Education and the U.S. Department of Health and Human Services released joint guidance on the application of the Family Educational Rights and Privacy Act and the Health Insurance Portability and Accountability Act of 1996 Privacy Rule to student records.
Continue Reading Department of Education and Department of Health and Human Services Release First Update to Joint Guidance on FERPA and HIPAA Since 2008

On November 7, 2019, the Office for Civil Rights of the U.S. Department of Health and Human Services announced a $1.6 million civil penalty imposed against the Texas Health and Human Services Commission for violations of HIPAA Privacy and Security Rules.
Continue Reading HHS Imposes 1.6 Million Dollar Civil Penalty on Texas State Agency for Health Data Breach