HIPAA — Insights — InfoLawGroup LLP

"AB 370", "online tracking", "privacy statement", Attorney General, CalOPPA, DNT, Do Not Track, guidance, Kamala Harris, Section 5

Say What You Do and Do What You Say: Guidance for Privacy Policies, and for Life

By InfoLawGroup LLP on May 26, 2014

FAQs Concerning the Legal Implications of the Heartbleed Vulnerability

By InfoLawGroup LLP on April 14, 2014

“Big Data” for Educational Institutions: A Framework for Addressing Privacy Compliance and Legal Considerations

By InfoLawGroup LLP on November 11, 2013

New HIPAA/HITECH Rules Implementation Roadmap: Countdown Begins to September 23, 2013 Compliance Deadline

By InfoLawGroup LLP on March 31, 2013

HHS Release Final Omnibus Rule Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)

By InfoLawGroup LLP on January 18, 2013

EPIC Alleges Epic FTC Fail In Google Saga; We Review the Complaint

By InfoLawGroup LLP on February 13, 2012

On February 8, 2012, the Electronic Privacy Information Center (EPIC) asked the Federal District Court for the District of Columbia to compel the Federal Trade Commission (FTC) to enforce the terms of the agency's Google Buzz privacy settlement with Google. EPIC seeks to compel the FTC to stop Google's planned consolidation of user data from across the company's services into a single profile for each user under a single privacy policy. EPIC has alleged that the proposed changes and the way Google seeks to implement the changes violate the Google Buzz consent order. The District Court will hear the case before March 1, 2012.In this post, we discuss the highlights of EPIC's complaint, Google's response and lessons learned.

Cyber Insurance: An Efficient Way to Manage Security and Privacy Risk in the Cloud?

By InfoLawGroup LLP on February 01, 2012

As organizations of all stripes increasingly rely on cloud computing services to conduct their business, the need to balance the benefits and risks of cloud computing is more important than ever. This is especially true when it comes to data security and privacy risks. However, most Cloud customers find it very difficult to secure favorable contract terms when it comes to data security and privacy. While customers may enjoy some short term cost-benefits by going into the Cloud, they may be retaining more risk then they want (especially where Cloud providers refuse to accept that risk contractually). In short, the players in this industry are at an impasse. Cyber insurance may be a solution to help solve the problem.

FTC Takes on Super Cookies

By InfoLawGroup LLP on November 09, 2011

FTC Enforcement Update: "Virtual Worlds" Operators Settle Children's Privacy Violation Charges; Pay $3M Fine

By InfoLawGroup LLP on May 12, 2011

On May 12, 2011, the Federal Trade Commission announced that the operators of 20 online virtual worlds have agreed to pay $3 million to settle charges that they violated the Children's Online Privacy Protection (COPPA) Rule by collecting and disclosing personal information from hundreds of thousands of children under age 13 without their parents' prior consent. The FTC noted that this settlement is the largest civil penalty for a violation of the FTC's COPPA Rule.

FTC Privacy Enforcement Update: Two Companies Allegedly Failed to Protect Sensitive Employee Data

By InfoLawGroup LLP on May 06, 2011

On May 3, 2011, the Federal Trade Commission announced that Ceridian Corporation and Lookout Services, Inc. agreed to settle the FTC's allegations that the companies failed to safeguard their business customers' employee personal information. Ceridian's services include payroll processing, payroll-related tax filing, benefits administration and other human resource services for business customers. Lookout provides a web-based computer product that is designed to help employers comply with their obligations under federal law to complete and maintain a U.S. Citizenship and Immigration Services Form I-9 about each employee in order to verify that the employee is eligible to work in the United States.

Privacy Enforcement Update: FTC Settles with Twitter and Chitika

By InfoLawGroup LLP on March 18, 2011

As we have previously reported on our blog, 2011 has seen a whirlwind of privacy enforcement activity. The FTC, NLRB, EEOC, HHS and FINRA have all taken privacy enforcement actions this year. This March, the FTC has announced privacy settlements with Chitika and Twitter.

February Brings a Privacy Enforcement Storm: HHS, FTC and FINRA Act

By InfoLawGroup LLP on February 22, 2011

This month, federal agencies and FINRA have announced significant privacy enforcement actions that have resulted in millions of dollars in fines. The U.S. Department of Health and Human Services (HHS) imposed a $4.3M fine on a health plan for violations of the HIPAA Privacy Rule; the Federal Trade Commission (FTC) settled with several resellers of consumer reports allegations that the resellers failed to adequately safeguard consumer information; and FINRA imposed a $600K fine on two securities firms for failure to safeguard access to customer records. Here are the details:

FTC Settles Charges that Company Failed to Tell Users -- Parents -- that Children's Information Would be Disclosed to Marketers

By InfoLawGroup LLP on November 30, 2010

On November 30, 2010, the Federal Trade Commission announced a settlement with EchoMetrix, Inc. with respect to charges that the company failed to adequately disclose its privacy practices. EchoMetrix sells software that allows parents to monitor their children's online activities. The FTC alleged that the company engaged in a deceptive act or practice in violation of Section 5 of the FTC Act by failing to inform parents that the information the software collected about their children would be disclosed to third parties for marketing purposes.

Health Net Agrees to $250,000 Fine and "Corrective Action Plan" to Settle Loss of PHI

By InfoLawGroup LLP on July 21, 2010

FAQ on the Proposed Modifications to the HIPAA Rules: Part Two

By InfoLawGroup LLP on July 15, 2010

This post is Part Two of my FAQ on the proposed modifications to the HIPAA Rules issued by HHS last week. Part Two focuses on the proposed modifications to the Privacy Rule.

FAQ on the Proposed Modifications to the HIPAA Rules: Part One

By InfoLawGroup LLP on July 12, 2010

As reported last week, on Thursday the Department of Health and Human Services ("HHS") issued its long-anticipated Notice of Proposed Rulemaking ("NPRM") on Modifications to the Health Insurance Portability and Accountability Act ("HIPAA") Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health Act (the "HITECH" Act). For those of us who subscribe to numerous technology and law listservs, this meant emailboxes flooded with opinions, criticism, speculation, and flat-out fear mongering. We thought people might like to know what the proposed modifications actually say, and what they mean. So, this post provides Part One of a FAQ on the 234 page NPRM. This post, Part One, addresses general issues (including significant changes involving subcontractors) and proposed modifications to the HIPAA Security and Enforcement Rules. Part Two, later this week, will address the proposed modifications to the HIPAA Privacy Rule.

InfoLaw Alert: HHS Issues Proposed Mofications to HIPAA Security and Privacy Rules

By InfoLawGroup LLP on July 08, 2010

Quickhits: Dog Days of Summer Edition

By InfoLawGroup LLP on July 08, 2010

Virginia Adds Medical Information Breach Notice Law

By InfoLawGroup LLP on April 07, 2010

Celebrating Data Privacy from A to Z

By InfoLawGroup LLP on January 28, 2010

In honor of Data Privacy Day and its spirit of education, I thought it might be appropriate (and fun) to celebrate some (but certainly not all) of the A, B, Cs of Data Privacy. Would love to see your contributions, too!

Chicago

Washington D.C.

Los Angeles

Austin