Privacy & Security

Fellow Fox Rothschild LLP Partner (and former hospital system General Counsel) Salvatore J.  Russo generously contributed this post.

Some twenty-three years ago, the first well-publicized incident of the re-identification of
Continue Reading Does the HIPAA Concept of De-identification Serve to Adequately Protect the Privacy of all Personal Health Information?

With the explosion of health data sifting through cutting-edge companies, industry stakeholders are left to wonder how wearable devices, wellness programs, health applications, and the like should be regulated.

Despite
Continue Reading Wearable Devices, Wellness Programs, and Health Apps: The Fringes of HIPAA

“TMI” usually means “too much information”, but it was used aptly by the Office for Civil Rights (OCR) as an acronym for a covered entity that exposed protected health information
Continue Reading Too Much (Protected Health) Information Exposed + Too Little Response = $3M and Corrective Action Plan for Medical Imaging Company

HHS Office for Civil Rights (OCR)’s April 3, 2019 cybersecurity newsletter highlights one of the more challenging cybersecurity vulnerabilities faced by covered entities and business associates.  OCR reminds covered entities
Continue Reading HIPAA Security and “Zero Day” Exploits: How to Stay Ahead of the Hack