According to this article, 2021 has been a “particularly dire year” for health care data breaches.   So, it may not seem shocking that a hacker gained access to the protected health information of approximately 400,000 Planned Parenthood Los Angeles patients in October.  What is unusual about this particular hacking incident is its timing.  Planned

I dive into the HIPAA weeds on a daily basis, and am sometimes asked about similarities and differences between HIPAA and the European Union’s General Data Protection Regulation (GDPR).  Fox colleague Nate Williams provoked me to think more about this topic.  Nate took a close look at key definitions and provisions in these privacy laws

President Biden issued an Executive Order on September 9, 2021 (the “EO”) that will lead to required COVID-19 vaccinations for workers in most health care facilities that receive Medicare or Medicaid funds.  This covers approximately 50,000 health care providers across the country.

The EO also triggers COVID-19 vaccination requirements for many of these health care

HIPAA has been around for a quarter century, but confusion continues as to its scope and applicability.   The COVID pandemic, surge in Delta variant cases, and increasing number of employer and government vaccine mandates has triggered a new wave of interest in other people’s’ vaccination status. Many people are surprised to learn that HIPAA does

Flo Health, Inc., which marketed an app used by more than 100 million women interested in tracking their personal menstruation and fertility information, seems to be getting off easily as compared with HIPAA-covered entities who misuse individual health information.  The FTC’s January 13, 2021 press release announcing its proposed settlement with Flo Health sidesteps mention

Covered entities beware: a timing pitfall lurks within the recently adopted rules prohibiting information blocking.  We have posted about OCR’s “Right to Access Initiative” and numerous enforcement actions taken to make sure that covered entities respond to patient access requests in a timely manner.  The HIPAA Privacy Rule requires covered entities to respond to access

A recent conversation with a colleague in California prompted me to write this. He said that as part of its back-to-school plan, his children’s elementary school district “highly encouraged” that all students be tested for COVID-19 before returning to class. The district provided families with an in-home saliva test and asked parents to collect their