On April 26, 2019, the U.S. Department of Health and Human Services reduced the available penalties for three out of the four tiers of privacy and security violations set forth in the HITECH Act. This blog entry provides an overview of the reductions.
Continue Reading Federal Government Reduces Maximum Annual Penalties for Most Healthcare Privacy Violations

On August 31, 2018, the California State Legislature passed SB-1121, a bill that delays enforcement of the California Consumer Privacy Act of 2018 and makes other modest amendments to the CCPA. The CCPA introduces key privacy requirements for businesses and its provisions will become operative on January 1, 2020.
Continue Reading CCPA Amended: Enforcement Delayed, Few Substantive Changes Made

The Department of Health and Human Services recently published two advance notices of proposed rulemaking that address accounting of disclosures and the potential distribution of civil monetary penalties to affected individuals.
Continue Reading HHS Publishes Advance Notices of Proposed Rulemaking on Accounting of Disclosures and Civil Monetary Penalties

On February 17, 2017, Horizon Blue Cross Blue Shield of New Jersey agreed to pay 1.1 million dollars as part of a settlement with the New Jersey Division of Consumer Affairs regarding allegations that Horizon did not adequately protect the privacy of nearly 690,000 policyholders.
Continue Reading Health Insurer Reaches Privacy Settlement with New Jersey Division of Consumer Affairs

On July 10, 2015, the House of Representatives passed the 21st Century Cures Act, which is intended to ease restrictions on the use and disclosure of protected health information for research purposes.
Continue Reading House of Representatives Passes Bill to Permit Broader Use and Disclosure of Protected Health Information for Research Purposes

On December 31, 2013, the Federal Trade Commission announced that Accretive Health, Inc. has agreed to settle charges that the company’s inadequate data security measures unfairly exposed sensitive consumer information to the risk of theft or misuse. Accretive experienced a breach in July 2011 that involved the protected health information of more than 23,000 patients.
Continue Reading FTC Reaches Settlement with Accretive Health

On January 17, 2013, the Department of Health and Human Services’ Office for Civil Rights released its long-anticipated megarule amending the HIPAA Privacy, Security, Breach Notification and Enforcement Rules. This blog post highlights some of the more significant aspects of the Omnibus Rule and provides critical compliance tips.
Continue Reading New HIPAA Omnibus Rule: A Compliance Guide