Privacy & Security

Do You Need To Worry About The New California Data Privacy Law? Maybe

By William Maruca on July 2, 2019

The California Consumer Privacy Act (CCPA) will take effect on January 1, 2020 and regulates most entities that collect personal information of California residents. CCPA was patterned after the European Union’s General Data Protection Regulation (GDPR) which went online on May 28, 2018 and has been called “GDPR-Lite.” In May, Fox Rothschild partner Odia Kagan…

Beware: HIPAA Applies to the Health Plans You Never Knew You Had (Part 1: Employee Assistance Programs)

By Jessica Forbes Olson on January 29, 2018

You may be surprised to learn that those “extra” benefits your company offers to its employees such as your employee assistance program (“EAP”) and wellness program likely are subject to the HIPAA privacy, security and breach notification rules (collectively, “HIPAA Rules”). Part 1 covers why most EAPs are subject to the HIPAA Rules. Part 2…

Eight Tips to Confront the New Initiative by HHS on PHI Security

By Michael Kline on September 5, 2016

In a recent Guidance, the Office of Civil Rights of the U.S. Department of Health and Human Services (“OCR”) appears to have attempted to reverse an impression that its emphasis is more on privacy of protected health information (“PHI”) than on security of PHI. Its July 2016 article draws attention to the need by…

Is Your Facility a PokéStop? (A what?)

By William Maruca on July 20, 2016

Are strangers wandering around your health care facility with their noses buried in their smartphones? And if so, what should you do about it? They’re playing Pokémon GO, a location-based augmented reality mobile game that was released for iOS and Android devices on July 6, 2016. Its popularity exceeded all expectations (my kids are…

Emailing PHI? NIST Seeks Comments on Trustworthy Email by November 30, 2015

By Elizabeth Litten on October 29, 2015

When and how should you email PHI, if at all? The Office for Civil Rights (OCR) offers guidance as to the permissibility of sending PHI via email in this “Frequently Asked Question” answer, but doesn’t provide specifics as to how PHI can be safely emailed. Whether you are a covered entity or a business…

Even the Federal Government Can’t Hide: How a High-End Cyberattack Breached One of the Most “Protected” Systems

By Elizabeth Litten on June 26, 2015

Guest Blogger: Violetta Abinaked, Summer Associate (originally posted by Mark McCreary’s on Privacy Compliance & Data Security)

With data breaches being the quickly trending “flavor of the month” criminal activity, it’s no shock that on June 4, 2015 yet another system was hit. This time though, it may be one of the largest…

The New and Improved HIPAA/HITECH Rules: What Employers Need to Know

By Michael Kline on February 17, 2013

On February 7, 2013, our partner Keith McMurdy, Esq., posted an excellent entry on the Employee Benefits Blog of Fox Rothschild LLP that merits republishing for our readers as well. The post outlined some direct effects of the new HIPAA Omnibus Rule on employers and their health plans.…
Continue Reading The New and Improved HIPAA/HITECH Rules: What Employers Need to Know

HIPAA “Mega Rule”, Meet “Super BAA”: The CMS Data Use Agreement

By Elizabeth Litten on January 24, 2013

While the undertakings of a Medicare ACO and the terminology in the Data Use Agreement for protection of patient data may differ from those of covered entities, business associates and subcontractors and their BAAs under the HIPAA/HITECH regulations, they have many striking similarities and purposes.…
Continue Reading HIPAA “Mega Rule”, Meet “Super BAA”: The CMS Data Use Agreement

Countdown to 2013 and the HITECH “Mega Rule”: Ten New Year’s Resolutions to Protect Health Information

By Elizabeth Litten on December 27, 2012

Here are ten HIPAA resolutions worth making for 2013 for anyone who has contact with protected health information in their job, even without the benefit of the long-awaited Mega Rule.…
Continue Reading Countdown to 2013 and the HITECH “Mega Rule”: Ten New Year’s Resolutions to Protect Health Information

PHI Breach Involving Health Plan Leads to Lawsuit by Identity Theft Victims Who Were Plan Members

By Elizabeth Litten on September 18, 2012

The principle that individuals whose protected health information is stolen, lost, or otherwise inappropriately used, accessed, or left unsecured have no private right of action against the person or entity responsible for the breach under the HIPAA/HITECH laws may change for victims of identity theft who can show the theft was caused by a HIPAA breach, at least if the action is brought in the 11th Circuit.…
Continue Reading PHI Breach Involving Health Plan Leads to Lawsuit by Identity Theft Victims Who Were Plan Members

menu

HIPAA & Health Information Technology