Health Insurance Portability and Accountability Act (HIPAA)

Let’s review:

  • Health information is sensitive.
  • Sharing it with third parties for advertising is more sensitive.
  • Doing it behind a log-in where there is no expectation of such tracking?
  • You’re
Continue Reading A Class Action Lawsuit Claims a Health System Uses Meta Pixel on Its Website. What You Need to Know.

The Health Insurance Portability and Accountability Act of 1996 may be the most well-known privacy law in the United States, but it is also one of the most misunderstood.

Many

Continue Reading HIPAA Covers a Lot Less Than People Think. But Beware of Other US Privacy Laws.

On the sixth day of CCPA the California Senate Health Committee gave to me … a HIPAA carve-out.

AB 713, reported favorably by the California Senate Health Committee, would expand
Continue Reading CA Senate Proposes Expanded CCPA Carve-Outs Related to HIPAA, Biomedical Research

A study shows that “92 percent of 36 mental health apps shared data with at least one third party — mostly services that help with marketing, advertising, or data analytics.”
Continue Reading Mental Health Apps Sharing Health Data Without Disclosure or Consent

“It is important that organizations have appropriate technical and organisational measures in place. This includes having clear data protection policies, taking a ‘data protection by design and default’ approach and
Continue Reading ICO Sweep Shows Companies Need Work on ‘Technical and Organisational Measures’

Elizabeth Litten (Fox Rothschild Partner and HIPAA Privacy & Security Officer) and Mark McCreary (Fox Rothschild Partner and Chief Privacy Officer) will be presenting at the New Jersey Chapter of the Healthcare Financial Management Association on August 30, 2017, from 12:00-1:00 pm eastern time. The presentation is titled: “Can’t Touch That: Best Practices for Health Care Workforce Training on Data Security and Information Privacy.”
Continue Reading Upcoming Webinar: Can’t Touch That: Best Practices for Health Care Workforce Training on Data Security and Information Privacy

On July 23, 2017, Washington State will become the third state (after Illinois and Texas) to statutorily restrict the collection, storage and use of biometric data for commercial purposes. The
Continue Reading Washington State Passes Law Restricting Commercial Collection, Storage and Use of Biometric Data

In one of the best examples we have ever seen that it pays to be HIPAA compliant (and can cost A LOT when you are not), the U.S. Department of Health and Human Services, Office for Civil Rights, issued the following press release about the above settlement. This is worth a quick read and some soul searching if your company has not been meeting its HIPAA requirements.
Continue Reading $2.5 Million Settlement Shows That Not Understanding HIPAA Requirements Creates Risk

Last week we posted about A Brief Primer on the NIST Cybersecurity Framework. Our partner and HIPAA/HITECH expert Elizabeth Litten took the NIST Cybersecurity Framework and created a blog post for the HIPAA, HITECH and Health Information Technology Blog on how How the NIST Cybersecurity Framework Can Help With HIPAA Compliance: 3 Tips. For those facing any HIPAA-related issues, it is a worthwhile read.
Continue Reading How the NIST Cybersecurity Framework Can Help With HIPAA Compliance: 3 Tips

I strongly urge every covered entity and business associate faced with a Business Associate Agreement that includes indemnification provisions to read Michael Kline’s “List of Considerations” before signing.  Michael’s list,
Continue Reading Michael Kline’s “List of Considerations” for Indemnification Provisions in Business Associate Agreements