Protected Health Information

A study shows that “92 percent of 36 mental health apps shared data with at least one third party — mostly services that help with marketing, advertising, or data analytics.”

“About half of those apps did not disclose that third-party data sharing, for a few different reasons: nine apps didn’t have a privacy policy at

“Where the sponsor processes personal data of data subjects in the EU, including in the context of managing the clinical trial, GDPR is fully applicable, including the obligation to designate a representative in the EU.”

The European Commission has updated FAQs on the interplay between the forthcoming Clinical Trials Regulation (CTR) and GDPR.

Key Takeaways:

Data subject access rights and your medical practice.

The UK Information Commissioner’s Office (ICO) issues advice.

Medical practices have reported a significant rise in subject access requests (SARs) since the GDPR came into effect in May last year, which is a similar trend in other sectors.

  • General Practicioners (GPs) cannot query the reason for requesting

Registration for the Privacy Summit is open.

Fox Rothschild’s Minneapolis Privacy Summit on November 8 will explore key cybersecurity issues and compliance questions facing company decision-makers. This free event will feature an impressive array of panelists drawn from cybersecurity leaders in major industries, experienced regulatory and compliance professionals and the Chief

Elizabeth Litten (Fox Rothschild Partner and HIPAA Privacy & Security Officer) and Mark McCreary (Fox Rothschild Partner and Chief Privacy Officer) will be presenting at the New Jersey Chapter of the Healthcare Financial Management Association on August 30, 2017, from 12:00-1:00 pm eastern time. The presentation is titled: “Can’t Touch That: Best Practices for Health Care Workforce Training on Data Security and Information Privacy.”
Continue Reading

Eric Bixler has posted on the Fox Rothschild Physician Law Blog an excellent summary of the changes coming to Medicare cards as a result of the Medicare Access and CHIP Reauthorization Act of 2015. Briefly, Centers for Medicare and Medicaid Services must remove Social Security Numbers from all Medicare cards. Therefore, starting April 1, 2018, CMS will begin mailing new cards with a randomly assigned Medicare Beneficiary Identifier to replace the existing use of SSNs.
Continue Reading

In one of the best examples we have ever seen that it pays to be HIPAA compliant (and can cost A LOT when you are not), the U.S. Department of Health and Human Services, Office for Civil Rights, issued the following press release about the above settlement. This is worth a quick read and some soul searching if your company has not been meeting its HIPAA requirements.
Continue Reading

Last week we posted about A Brief Primer on the NIST Cybersecurity Framework. Our partner and HIPAA/HITECH expert Elizabeth Litten took the NIST Cybersecurity Framework and created a blog post for the HIPAA, HITECH and Health Information Technology Blog on how How the NIST Cybersecurity Framework Can Help With HIPAA Compliance: 3 Tips. For those facing any HIPAA-related issues, it is a worthwhile read.
Continue Reading

The Federal Trade Commission recently announced that it settled charges against a health billing company and its former CEO that they misled consumers who had signed up for their online billing portal by failing to inform them that the company would seek detailed medical information from pharmacies, medical labs and insurance companies.

The Atlanta-based medical

DataSecurityWe are pleased to announce the launch of our Data Breach 411 App, which is available for free download in the iTunes store at:  https://itunes.apple.com/us/app/data-breach-411/id726115837?mt=8

The Data Breach 411 App is a data breach survival guide designed to tackle a general counsel’s worst nightmare:  the loss or theft of sensitive data.

Features of the app