With the outbreak of COVID-19, companies suddenly find themselves dealing with a host of privacy issues and questions about sharing information with employees, customers and others. We highlight some of these privacy and data security concerns in a recent client alert.
Continue Reading Coronavirus/COVID-19: Key Privacy and Security Considerations
HIPAA
District Court Limits HIPAA Right of Access
The District Court for the District of Columbia recently invalidated certain Department of Health and Human Services (“HHS”) rules regarding an individual’s access to their protected health information (“PHI”). The Court held that: (1) individuals can only direct their electronic PHI to third parties (and not hard copy PHI); and (2) the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Omnibus Rule provisions regarding the caps on fees that HIPAA-covered entities may charge for such requests did not follow relevant administrative law procedures.…
Continue Reading District Court Limits HIPAA Right of Access
OCR’s Second Settlement Under HIPAA Right of Access Initiative
On December 12, 2019, the U.S. Department of Health and Human Services’ Office for Civil Rights announced its second enforcement action and settlement under its HIPAA Right of Access Initiative.…
Continue Reading OCR’s Second Settlement Under HIPAA Right of Access Initiative
Department of Education and Department of Health and Human Services Release First Update to Joint Guidance on FERPA and HIPAA Since 2008
The U.S. Department of Education and the U.S. Department of Health and Human Services released joint guidance on the application of the Family Educational Rights and Privacy Act and the Health Insurance Portability and Accountability Act of 1996 Privacy Rule to student records.…
Continue Reading Department of Education and Department of Health and Human Services Release First Update to Joint Guidance on FERPA and HIPAA Since 2008
HHS Imposes 1.6 Million Dollar Civil Penalty on Texas State Agency for Health Data Breach
On November 7, 2019, the Office for Civil Rights of the U.S. Department of Health and Human Services announced a $1.6 million civil penalty imposed against the Texas Health and Human Services Commission for violations of HIPAA Privacy and Security Rules.…
Continue Reading HHS Imposes 1.6 Million Dollar Civil Penalty on Texas State Agency for Health Data Breach
New York Amends Breach Notification Law
On July 25, 2019, New York Governor Andrew Cuomo signed into law Senate Bill S5575B, an amendment to New York’s breach notification law. This blog entry provides an overview of the changes.…
Continue Reading New York Amends Breach Notification Law
Washington AG Settles with Premera on Behalf of Multistate Coalition
On July 11, 2019, Washington Attorney General Bob Ferguson announced that his office had entered into a consent decree and $10 million settlement with Premera Blue Cross (“Premera”) that stems from a 2014-2015 breach that affected more than 11 million individuals. The settlement, which includes a payment of roughly $5.4 million to Washington state and $4.6 million to a coalition of 29 other state Attorneys General (the “Multistate AGs”), is one of the largest ever for a breach involving protected health information (“PHI”) and comes just one month after another notable HIPAA settlement involving a similar coalition of state AGs.
…
Continue Reading Washington AG Settles with Premera on Behalf of Multistate Coalition
First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement
Arizona Attorney General Mark Brnovich recently announced a settlement with healthcare software provider Medical Informatics Engineering Inc. and its wholly owned subsidiary NoMoreClipboard, LLC. This blog entry provides an overview of the case. …
Continue Reading First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement
Oregon Extends Data Breach Notification Requirements to Include Third-Party Vendors
On May 24, 2019, Oregon Governor Kate Brown signed into law Senate Bill 684, which extends Oregon’s data breach notification requirements to include third-party vendors. This blog entry provides an overview of the bill.…
Continue Reading Oregon Extends Data Breach Notification Requirements to Include Third-Party Vendors
Nevada Law Provides Consumers with Limited Right to Opt Out of Sale
On May 29, 2019, Nevada’s governor approved SB 220, which provides amendments to an existing law that requires operators of websites and online services to post a notice on their website regarding their privacy practices. This blog entry provides a summary of the Amendment Bill.…
Continue Reading Nevada Law Provides Consumers with Limited Right to Opt Out of Sale