Tag Archives: HIPAA

New HIPAA/HITECH Rules Implementation Roadmap: Countdown Begins to September 23, 2013 Compliance Deadline

By Boris Segalis on March 31, 2013 Posted in HIPAA, HITECH

Last week marked the effective date of the Department of Health and Human Services (HHS) Office of Civil Rights comprehensive modifications to the HIPAA Privacy, Security, Enforcement and Breach Notification Rules (“the Rules”). The arrival of the effective date commences the 180-day period for covered entities to come into compliance with most of the Rule’s… Continue Reading

HHS Release Final Omnibus Rule Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)

By David Navetta on January 18, 2013 Posted in Health Care, HIPAA, HITECH

Yesterday, the U.S. Department of Health and Human Services (HHS) released the long awaited final omnibus rule under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The full text of the Final Rule can be found HERE. The InfoLawGroup is analyzing the 500+ page document and will be posting on the changes in… Continue Reading

Cyber Insurance: An Efficient Way to Manage Security and Privacy Risk in the Cloud?

By David Navetta on February 1, 2012 Posted in Cloud Computing, Cyber Insurance

As organizations of all stripes increasingly rely on cloud computing services to conduct their business, the need to balance the benefits and risks of cloud computing is more important than ever. This is especially true when it comes to data security and privacy risks. However, most Cloud customers find it very difficult to secure favorable contract terms when it comes to data security and privacy. While customers may enjoy some short term cost-benefits by going into the Cloud, they may be retaining more risk then they want (especially where Cloud providers refuse to accept that risk contractually). In short, the players in this industry are at an impasse. Cyber insurance may be a solution to help solve the problem.

February Brings a Privacy Enforcement Storm: HHS, FTC and FINRA Act

By Boris Segalis on February 22, 2011 Posted in Enforcement, HITECH

This month, federal agencies and FINRA have announced significant privacy enforcement actions that have resulted in millions of dollars in fines. The U.S. Department of Health and Human Services (HHS) imposed a $4.3M fine on a health plan for violations of the HIPAA Privacy Rule; the Federal Trade Commission (FTC) settled with several resellers of consumer reports allegations that the resellers failed to adequately safeguard consumer information; and FINRA imposed a $600K fine on two securities firms for failure to safeguard access to customer records. Here are the details:

FAQ on the Proposed Modifications to the HIPAA Rules: Part Two

By Tanya Forsheit on July 15, 2010 Posted in Health Care, HITECH, Marketing

This post is Part Two of my FAQ on the proposed modifications to the HIPAA Rules issued by HHS last week. Part Two focuses on the proposed modifications to the Privacy Rule.

FAQ on the Proposed Modifications to the HIPAA Rules: Part One

By Tanya Forsheit on July 12, 2010 Posted in Health Care, HITECH

As reported last week, on Thursday the Department of Health and Human Services (“HHS”) issued its long-anticipated Notice of Proposed Rulemaking (“NPRM”) on Modifications to the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health Act (the “HITECH” Act). For those of us who subscribe to numerous technology and law listservs, this meant emailboxes flooded with opinions, criticism, speculation, and flat-out fear mongering. We thought people might like to know what the proposed modifications actually say, and what they mean. So, this post provides Part One of a FAQ on the 234 page NPRM. This post, Part One, addresses general issues (including significant changes involving subcontractors) and proposed modifications to the HIPAA Security and Enforcement Rules. Part Two, later this week, will address the proposed modifications to the HIPAA Privacy Rule.

InfoLaw Alert: HHS Issues Proposed Mofications to HIPAA Security and Privacy Rules

By David Navetta on July 8, 2010 Posted in HITECH

The Department of Health and Human Services released proposed modifications to the privacy and security rules related to HIPAA. We are still reading through the 234 page document, but it appears that the new rules expand HIPAA responsibilities for business associates. In addition, HHS has set up a web portal that provides a summary of… Continue Reading

Quickhits: Dog Days of Summer Edition

By David Navetta on July 8, 2010 Posted in Quickhits, Reasonable Security

The heat is on as we enter the dog days of summer. The same is true at the intersection of law, technology, privacy and security where tricky issues continue to heat up. Things are moving so fast now it is a challenge to keep track of all the developments. Here are a few "quickhits" to… Continue Reading

Virginia Adds Medical Information Breach Notice Law

By David Navetta on April 7, 2010 Posted in Breach Notice

The state of Virginia has passed a breach notice law requiring notice of security breaches involving medical information. UPDATE: Note, this law only applies to governmental entities, or other orgnizations "supported wholly or principally by public funds." The version we previously linked to was an older version of the Virginia House’s bill and had a… Continue Reading

Celebrating Data Privacy from A to Z

By Tanya Forsheit on January 28, 2010 Posted in Behavioral Advertising, Breach Notification, Cloud Computing, Encryption, Social Networking, Spam

In honor of Data Privacy Day and its spirit of education, I thought it might be appropriate (and fun) to celebrate some (but certainly not all) of the A, B, Cs of Data Privacy. Would love to see your contributions, too!

The New Health Care Breach Notification Landscape — HHS Rules

By Tanya Forsheit on October 5, 2009 Posted in Health Care, HITECH

On February 17, 2009, Congress signed into law the Health Information Technology for Economic and Clinical Health or “HITECH” Act (“HITECH” or the “Act”) as part of the American Recovery and Reinvestment Act. The HITECH Act requires entities covered by the Health Insurance Portability and Accountability Act (“HIPAA”) to provide notification to affected individuals and to the Secretary of Health and Human Services (“HHS”) following the discovery of a breach of unsecured protected health information. HITECH also requires business associates of HIPAA-covered entities to notify the covered entity in the event of the breach. The Act required HHS to issue interim final regulations with respect to the new breach notification requirements. On August 24, 2009, the HHS interim final regulations were published in the Federal Register.

Code or Clear? Encryption Requirements (Part 2)

By W. Scott Blackmer on October 2, 2009 Posted in Encryption

In the last post, I talked about the role of encryption in fashioning a “reasonable” security plan for sensitive personal information and other protected data routinely collected, stored, and used by an enterprise. But lawmakers and regulators are getting more specific about using encryption and managing data that is risky from an ID-theft perspective. Here are some leading examples of this trend.

Legal Implications of Cloud Computing — Part Two (Privacy and the Cloud)

By Tanya Forsheit on September 30, 2009 Posted in Breach Notice, Breach Notification, Cloud Computing, Cloud Computing Series, Special Series

Last month we posted some basics on cloud computing designed to provide some context and identify the legal issues. What is the cloud? Why is everyone in the tech community talking about it? Why do we as lawyers even care? Dave provided a few things for our readers to think about — privacy, security, e-discovery. Now let’s dig a little deeper. I am going to start with privacy and cross-border data transfers. Is there privacy in the cloud? What are the privacy laws to keep in mind? What are an organization’s compliance obligations? As with so many issues in the privacy space, the answer begins with one key principle — location, location, location.