health information, healthcare, HIPAA, HITECH, medical data, PHI, protected health information
HHS Release Final Omnibus Rule Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
By InfoLawGroup LLP on January 18, 2013
California, children, data mining, First Amendment, health information, Info Law Group, InfoLawGroup, information law group, InformationLawGroup, Nicole Friess, pharmaceutical companies, privacy, privacy legislation, Supreme Court, Vermont, video games
Supreme Court Pro-Business and First Amendment - Targeted Regulations in Trouble
By InfoLawGroup LLP on June 28, 2011
access, Boris Segalis, Health Care, health information, HHS, HITECH, InfoLawGroup, information law group, InformationLawGroup, Nicole Friess, NPRM, privacy, privacy rule, protected health information, Regulation, Security, security rule
Changes to HIPAA Privacy Rule Proposed by HHS - Find Out Who Has Accessed Your Health Records
By InfoLawGroup LLP on June 01, 2011
baa, business associate, enforcement rule, fundraising, HHS, HIPAA, marketing, modifications, notice of privacy practices, npp, NPRM, privacy rule, protected health information, research, restrictions, sale, security rule, subcontractors
FAQ on the Proposed Modifications to the HIPAA Rules: Part Two
By InfoLawGroup LLP on July 15, 2010
This post is Part Two of my FAQ on the proposed modifications to the HIPAA Rules issued by HHS last week. Part Two focuses on the proposed modifications to the Privacy Rule.
baa, business associate, enforcement rule, HHS, HIPAA, modifications, NPRM, privacy rule, protected health information, security rule, subcontractors
FAQ on the Proposed Modifications to the HIPAA Rules: Part One
By InfoLawGroup LLP on July 12, 2010
As reported last week, on Thursday the Department of Health and Human Services ("HHS") issued its long-anticipated Notice of Proposed Rulemaking ("NPRM") on Modifications to the Health Insurance Portability and Accountability Act ("HIPAA") Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health Act (the "HITECH" Act). For those of us who subscribe to numerous technology and law listservs, this meant emailboxes flooded with opinions, criticism, speculation, and flat-out fear mongering. We thought people might like to know what the proposed modifications actually say, and what they mean. So, this post provides Part One of a FAQ on the 234 page NPRM. This post, Part One, addresses general issues (including significant changes involving subcontractors) and proposed modifications to the HIPAA Security and Enforcement Rules. Part Two, later this week, will address the proposed modifications to the HIPAA Privacy Rule.
health information, HHS, HIPAA, HITECH, privacy, Regulation, Security
InfoLaw Alert: HHS Issues Proposed Mofications to HIPAA Security and Privacy Rules
By InfoLawGroup LLP on July 08, 2010
1st Amendment, 4th Amendment, Apple, Breach, Facebook, health information, Kroll, litigation, opt-in, opt-out, Quon, security breach, security schedule
Quickhits: 4th Amendment & the Cloud; Dept. of Commerce Explores Privacy; Apple Plays Hardball; Kroll on Healthcare Data Security; The Senate on Facebook Privacy
By InfoLawGroup LLP on April 26, 2010
210 CMR 17-00, breach notification, creditors, driver's license, FACTA, Fair Credit Reporting Act, FCRA, financial account, FIPS, FTC, generally accepted, health information, HIPAA, HITECH, key management, laptops, Massachusetts, medical data, Nevada, payment card, Payment Card Industry Digital Security Standard, PCI DSS, portable devices, public networks, Red Flags, Red Flags Rule, Security, social security number, SSN, wireless
Code or Clear? Encryption Requirements (Part 2)
By W. Scott Blackmer on October 01, 2009
In the last post, I talked about the role of encryption in fashioning a "reasonable" security plan for sensitive personal information and other protected data routinely collected, stored, and used by an enterprise. But lawmakers and regulators are getting more specific about using encryption and managing data that is risky from an ID-theft perspective. Here are some leading examples of this trend.
