Adherence Communications, Boris Segalis, data protection, Do Not Call Regulations, healthcare, HHS, HIPAA, HITECH, InfoLawGroup, OCR, PHR Portals, privacy, privacy enforcement, privacy rule, security rule
New HIPAA/HITECH Rules Implementation Roadmap: Countdown Begins to September 23, 2013 Compliance Deadline
By InfoLawGroup LLP on March 31, 2013
health information, healthcare, HIPAA, HITECH, medical data, PHI, protected health information
HHS Release Final Omnibus Rule Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
By InfoLawGroup LLP on January 18, 2013
access, Boris Segalis, Health Care, health information, HHS, HITECH, InfoLawGroup, information law group, InformationLawGroup, Nicole Friess, NPRM, privacy, privacy rule, protected health information, Regulation, Security, security rule
Changes to HIPAA Privacy Rule Proposed by HHS - Find Out Who Has Accessed Your Health Records
By InfoLawGroup LLP on June 01, 2011
Act, breach notification, CUTPA, data, HITECH, HIPAA
Health Net Agrees to $250,000 Fine and "Corrective Action Plan" to Settle Loss of PHI
By InfoLawGroup LLP on July 21, 2010
baa, business associate, enforcement rule, fundraising, HHS, HIPAA, marketing, modifications, notice of privacy practices, npp, NPRM, privacy rule, protected health information, research, restrictions, sale, security rule, subcontractors
FAQ on the Proposed Modifications to the HIPAA Rules: Part Two
By InfoLawGroup LLP on July 15, 2010
This post is Part Two of my FAQ on the proposed modifications to the HIPAA Rules issued by HHS last week. Part Two focuses on the proposed modifications to the Privacy Rule.
baa, business associate, enforcement rule, HHS, HIPAA, modifications, NPRM, privacy rule, protected health information, security rule, subcontractors
FAQ on the Proposed Modifications to the HIPAA Rules: Part One
By InfoLawGroup LLP on July 12, 2010
As reported last week, on Thursday the Department of Health and Human Services ("HHS") issued its long-anticipated Notice of Proposed Rulemaking ("NPRM") on Modifications to the Health Insurance Portability and Accountability Act ("HIPAA") Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health Act (the "HITECH" Act). For those of us who subscribe to numerous technology and law listservs, this meant emailboxes flooded with opinions, criticism, speculation, and flat-out fear mongering. We thought people might like to know what the proposed modifications actually say, and what they mean. So, this post provides Part One of a FAQ on the 234 page NPRM. This post, Part One, addresses general issues (including significant changes involving subcontractors) and proposed modifications to the HIPAA Security and Enforcement Rules. Part Two, later this week, will address the proposed modifications to the HIPAA Privacy Rule.
health information, HHS, HIPAA, HITECH, privacy, Regulation, Security
InfoLaw Alert: HHS Issues Proposed Mofications to HIPAA Security and Privacy Rules
By InfoLawGroup LLP on July 08, 2010
Breach, breach notice, HIPAA, HITECH, medical data, notification, Virginia
Virginia Adds Medical Information Breach Notice Law
By InfoLawGroup LLP on April 07, 2010
201 CMR 17-00, AES, anonymity, behavioral advertising, breach notification, California, cloud computing, contracts, DPA, Eavesdropping, encryption, EU Data Protection Directive, GLBA, HIPAA, HITECH, IAPP, Kearney, Massachusetts, personally identifiable information, pii, RFID, social networking, spam, SSN, TCPA, telemarketing, text messages, UK ICO, VPPA
Celebrating Data Privacy from A to Z
By InfoLawGroup LLP on January 28, 2010
In honor of Data Privacy Day and its spirit of education, I thought it might be appropriate (and fun) to celebrate some (but certainly not all) of the A, B, Cs of Data Privacy. Would love to see your contributions, too!
210 CMR 17-00, breach notification, creditors, driver's license, FACTA, Fair Credit Reporting Act, FCRA, financial account, FIPS, FTC, generally accepted, health information, HIPAA, HITECH, key management, laptops, Massachusetts, medical data, Nevada, payment card, Payment Card Industry Digital Security Standard, PCI DSS, portable devices, public networks, Red Flags, Red Flags Rule, Security, social security number, SSN, wireless
Code or Clear? Encryption Requirements (Part 2)
By W. Scott Blackmer on October 01, 2009
In the last post, I talked about the role of encryption in fashioning a "reasonable" security plan for sensitive personal information and other protected data routinely collected, stored, and used by an enterprise. But lawmakers and regulators are getting more specific about using encryption and managing data that is risky from an ID-theft perspective. Here are some leading examples of this trend.
