Artificial Intelligence (AI) is widely viewed as a valuable tool for improving health and healthcare. It is being used by major technology companies such as Google, small start-up companies, and researchers to collect and analyze health data collected from a variety of sources. As stated by Abhimanyu S. Ahjula in this October 2019 article:
Elizabeth G. Litten
Flo Health App Fallout: HIPAA-like Breach Notification Rule Not Enforced by FTC
By Elizabeth G. Litten on
Posted in Breach notification
Flo Health, Inc., which marketed an app used by more than 100 million women interested in tracking their personal menstruation and fertility information, seems to be getting off easily as compared with HIPAA-covered entities who misuse individual health information. The FTC’s January 13, 2021 press release announcing its proposed settlement with Flo Health sidesteps mention…
New Year Likely to Bring New Incentive for Cybersecurity Investment
By Elizabeth G. Litten on
Posted in HIPAA Enforcement
H.R. 7898, sent to the President for signature on December 24, 2020 may be the HIPAA holiday gift covered entities and business associates have been waiting for. The bill requires the Secretary of the Department of Health and Human Services, when considering penalties, audits and other actions related to HIPAA breaches and security incidents,…
Re-Setting the Clock for Responding to Individual Access Requests Under the Information Blocking Rule
By Elizabeth G. Litten on
Posted in Individual Access Rights
Covered entities beware: a timing pitfall lurks within the recently adopted rules prohibiting information blocking. We have posted about OCR’s “Right to Access Initiative” and numerous enforcement actions taken to make sure that covered entities respond to patient access requests in a timely manner. The HIPAA Privacy Rule requires covered entities to respond to access…
Which Privacy Protections Apply? HIPAA, FERPA and COVID-19
By Elizabeth G. Litten on
Posted in Privacy & Security
A recent conversation with a colleague in California prompted me to write this. He said that as part of its back-to-school plan, his children’s elementary school district “highly encouraged” that all students be tested for COVID-19 before returning to class. The district provided families with an in-home saliva test and asked parents to collect their…
New OCR Resource Adds Guidance on HIPAA and Direct-to-Consumer Health Apps
By Elizabeth G. Litten on
Posted in EHR and PHR, Health IT
A tricky issue for mobile health app developers since the Office for Civil Rights (OCR) released its first “Health App Use Scenarios & HIPAA” guidance back in 2016 has been deciphering whether the developer is a business associate if it offers its app on a consumer-facing basis as well as through covered entities (or their…
Updated OCR Guidance on Contacting Recovered COVID-19 Patients
By Elizabeth G. Litten on
Posted in HIPAA Authorizations
The Office for Civil Rights within the Department of Health and Human Services (OCR) provided guidance in June that reassured covered entity health care providers and that it is generally OK to use or disclose protected health information (PHI) to contact individuals who have recovered from COVID-19 for case management and care coordination.
The OCR…
“I Have an App for That”: ONC’s Information Blocking Rule and HIPAA Access Rights
By Elizabeth G. Litten on
Posted in Health IT, Uncategorized
A patient asks her doctor to send her test results to an app the patient has downloaded on her phone. The doctor worries that the app is not secure and that the patient might not understand the security risks. What should the doctor do?
Covered entity health care providers and their business associates likely need…
Employer Collection of COVID-19 Data and Employee Privacy
By Elizabeth G. Litten on
Posted in Privacy & Security
The following post is adapted from an article written by Fox Rothschild attorneys Wayne Pinksone and Lucy Li, available here.
OSHA recently published guidance for “nonessential businesses” that are intending to reopen and allow their employees to return to work. This guidance is intended to supplement the U.S. Department of Labor and U.S. Department…
Don’t Get Sprayed: CISA Alert Reminds Health Care Entities to Use Strong Passwords
By Elizabeth G. Litten on
Posted in Privacy & Security, Uncategorized
A joint Alert from the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre (NCSC) warns of new cyber attacks targeting COVID-19-related information.
Notably, these attacks succeed when system users have weak or common passwords. NCSC published frequently found passwords here, many of which are…