The American Privacy Rights Act of 2024 (APRA), a bipartisan and “historic” comprehensive data privacy bill unveiled April 8, 2024, would preempt state data privacy laws and be enforced by
Continue Reading Comprehensive Federal Privacy Bill May Open Backdoor for HIPAA Private Right of Actionbusiness associate
Is Your Website HIPAA-Compliant?
If you are a HIPAA-covered entity or business associate, you likely know that patient PHI may only be created, received, maintained, and transmitted as permitted by the HIPAA Security Rule…
Continue Reading Is Your Website HIPAA-Compliant?Business Associates Beware: You May Need To Vaccinate Staff Under Recent Biden Executive Order
President Biden issued an Executive Order on September 9, 2021 (the “EO”) that will lead to required COVID-19 vaccinations for workers in most health care facilities that receive Medicare or…
Continue Reading Business Associates Beware: You May Need To Vaccinate Staff Under Recent Biden Executive Order
HIPAA and COVID-19: ABCs For Working From Home
If your company is a covered entity or a business associate, you face unique challenges when workforce members ask or are required to work from home. Hopefully, your company’s HIPAA…
Continue Reading HIPAA and COVID-19: ABCs For Working From Home
Breach Notice Deadline Alert
If you are a covered entity who experienced a breach of unsecured protected health information affecting fewer than 500 individuals , you must notify the Office of Human Rights of…
Continue Reading Breach Notice Deadline Alert
The California AG May Be Watching You, Covered Entity
As Fox partner Odia Kagan posted yesterday, early enforcement of CCPA will focus on data related to kids. In addition, according to a recent article in the San Francisco Chronicle…
Continue Reading The California AG May Be Watching You, Covered Entity
Bankrupt Medical Records Company Hit with $100,000 Penalty for HIPAA Violations
Filefax, Inc., a defunct Illinois medical records storage and management company, has been fined $100,000 for improperly handling medical data under an agreement with the court-appointed receiver managing the company’s…
Continue Reading Bankrupt Medical Records Company Hit with $100,000 Penalty for HIPAA Violations
When HIPAA Compliance Is Not Enough: The Territorial Scope of GDPR
The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Whereas HIPAA applies to particular types or classes of data creators, recipients, maintainers or transmitters…
Continue Reading When HIPAA Compliance Is Not Enough: The Territorial Scope of GDPR
Beware: HIPAA Applies to the Health Plans You Never Knew You Had (Part 1: Employee Assistance Programs)
You may be surprised to learn that those “extra” benefits your company offers to its employees such as your employee assistance program (“EAP”) and wellness program likely are subject to…
Continue Reading Beware: HIPAA Applies to the Health Plans You Never Knew You Had (Part 1: Employee Assistance Programs)
Ten Tips for Actions by a Covered Entity after a HIPAA Breach by a Business Associate
This blog recently discussed tips for a covered entity (CE) in dealing with a HIPAA business associate (BA). Now, even though you have adopted all of the tips and…
Continue Reading Ten Tips for Actions by a Covered Entity after a HIPAA Breach by a Business Associate