Monitoring Legal Developments Relating to the Privacy and Security of Health Information
The following post is adapted from an article written by Fox Rothschild attorneys Wayne Pinksone and Lucy Li, available here.
OSHA recently published guidance for “nonessential businesses” that are intending to reopen and allow their employees to return to work. This guidance is intended to supplement the U.S. Department of Labor and U.S. Department…
A joint Alert from the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre (NCSC) warns of new cyber attacks targeting COVID-19-related information.
Notably, these attacks succeed when system users have weak or common passwords. NCSC published frequently found passwords here, many of which are…
Fox Rothschild LLP partner Beth Larkin listened to the HHS Office for Civil Rights 4/24/20 webinar (which should be posted on its website at some point) regarding HIPAA and COVID-19 and took notes. Here’s my summary of key points, based on Beth’s notes:
Overview: OCR stresses that the HIPAA Rules are supposed to be balanced…
On March 20, 2020, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) published Guidance and a list of FAQs related to the provision of telehealth and HIPAA compliance.
“OCR will exercise enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered…
Effective March 15, 2020, certain hospitals that fail to comply with specific HIPAA Privacy Rule requirements will not be subject to HIPAA sanctions and penalties, according to a “COVID-19 & HIPAA Bulletin” issued by U.S. Health and Human Services Secretary Alex M. Azar. The waiver was implemented as a response to President Trump’s…
If your company is a covered entity or a business associate, you face unique challenges when workforce members ask or are required to work from home. Hopefully, your company’s HIPAA Security Policies and Procedures address the use of portable devices, whether they are owned by the employer or by the employee, and your HIPAA security…
The FAQs included in my prior post address employer response with an eye to HIPAA compliance. What else can an employer do or not do with employee information related to COVID-19 status? Even covered entities and business associates concerned with HIPAA must be alert to other laws that affect their communications and action plans. Employers…
Fox Rothschild partner Bill Maruca’s article, “Protecting Privacy During an Infectious Disease Panic”, is (unfortunately) as relevant today as it was when it was posted here more than 5 years ago. Swap Ebola for COVID-19, and the article provides useful guidance for covered entities and business associates subject to HIPAA and to employers, family and…
Fellow Fox Rothschild LLP Partner (and former hospital system General Counsel) Salvatore J. Russo generously contributed this post.
Some twenty-three years ago, the first well-publicized incident of the re-identification of de-identified personal health data was brought to the attention of the American public. It involved the then governor of Massachusetts, William Weld. Dr. Latanya Sweeney…
The answer to this question has changed yet again. I’ve blogged on this topic several times in the past (see here, here and here), and described the question as a wriggling worm. Plaintiff Ciox Health, LLC has finally managed to catch that worm and share its bounty among those looking to charge third-party…
This website uses cookies to improve your experience. By continuing to browse our website you consent to our use of cookies as set forth in our Cookie Policy. Learn More
