As if compliance with the various federal privacy and data security standards weren’t complicated enough, we may see state courts begin to import these standards into determinations of privacy actions
Continue Reading HIPAA Does Not Preempt State Privacy Cause of Action But May Represent “Standard of Care”, Says Connecticut Supreme Court

The below originally appeared on our HIPAA, HITECH & HIT blog on October 1.  It is authored by our partner, Michael Kline.  You can contact Michael at mkline@foxrothschild.com.
Continue Reading A Business Associate Agreement Dilemma: To Indemnify or Not to Indemnify – Ten Considerations

SAIC’s recent Motion to Dismiss the Consolidated Amended Complaint filed in federal court in Florida as a putative class action highlights the gaps between an incident (like a theft) involving PHI, a determination that a breach of PHI has occurred, and the realization of harm resulting from the breach.
Continue Reading The SAIC Breach and a Look Across the Chasm Between Significant Risk and Actual Harm Resulting from a HIPAA Breach