Key Takeaway: Organizations must conduct a fact-based analysis to determine whether health data collection and tracking technology deployed on their websites and mobile apps complies with the federal Health Insurance Portability and Accountability Act (“HIPAA”) and other applicable laws and guidance. Cookies, web beacons, and similar technology are used to collect and analyze data about … Continue Reading
On November 23rd, a Squire Patton Boggs partner will lead a panel of industry thought leaders in a discussion of transcontinental health research and data issues. Topics to be explored include: What are the challenges that companies need to face in order to promote research with health data? What should evolve in the legal framework … Continue Reading
On June 1, an SPB Partner and other industry experts will co-present on the ABA Webinar: Got Data?: How the Health Data Rules are Changing. The program, organized by the American Bar Association (ABA) will address recent and upcoming developments impacting health data including, CMS and ONC final rules on information blocking and interoperability, HIPPA and guidance … Continue Reading
Capital One has been ordered to disclose its cybersecurity report about a data breach. We provide tips on how to keep such reports under protection of the attorney client privilege in our post here at the Consumer Privacy World blog by Colin Jennings, Ericka Johnson, and Dylan Yépez. … Continue Reading
The Illinois Biometric Information Privacy Act (“BIPA”) went into effect in 2008 and has been a steady source of litigation ever since. BIPA regulates how “private entities” collect, use and share biometric data and imposes certain security requirements. The stated intent of BIPA was to address the heightened risk of identity theft associated with the processing … Continue Reading
A medical imaging company is paying for its flawed data security system. In addition to its system failures, the company failed to investigate and respond properly when alerted to problems by the FBI. As a result, the Office of Civil Rights imposed a $3 million penalty and required a corrective action plan. This yet another … Continue Reading
The Food and Drug Administration (“FDA”) has greatly increased its activity around cybersecurity initiatives and medical devices. As we approach the end of the year, this is a great opportunity to review recent developments. FDA Medical Device Cybersecurity Guidance On October 18, 2018, the FDA published draft guidance, “Content of Premarket Submissions for Management of … Continue Reading
Let’s hope you don’t pay that much to encrypt electronic Protected Health Information (ePHI). How about a total of $4.3 million over two years? Well, that’s the total penalty for encryption violations assessed by Health and Human Services (HHS). An Administrative Law Judge found the penalty could have been much worse. The facts are sobering. … Continue Reading
In a May 22, 2018 article that appeared in Law360 Expert Analysis piece, Squire Patton Boggs partner Elliot Golding writes, “There is no shortage of attention on health care data privacy and cybersecurity, with an avalanche of new and proposed government and regulatory initiatives underway. Although health care has long been a key target for … Continue Reading
On Wednesday 25 April, the EU Commission unveiled a new strategy to boost Europe’s capabilities and related industries around artificial intelligence. As you know, this is a “hot topic” that has the potential to affect many businesses and sectors across Europe and beyond. Many of our clients are very interested in this technology development (and … Continue Reading
In a podcast interview with Healthcare InfoSecurity, Squire Patton Boggs Partner Elliot Golding addresses evolving healthcare privacy and security issues, particularly complex issues involving Internet of Things (IoT) devices. This includes addressing new risks when connected devices link to legacy systems, the applicable regulatory environment, and other key issues companies operating in the health care … Continue Reading
On 25 April 2018, the European Commission (EC) issued a Communication on enabling the digital transformation of healthcare, outlining the European Union’s (EU) priorities and actions towards digital health. The EU’s plan focuses on the following core priorities: Ensuring citizens’ access to their health data and introducing the possibility to share their data across borders; … Continue Reading
As part of its ongoing implementation of the 21st Century Cures Act (Public Law 114-255), the Department of Health and Human Services last month released a number of new HIPAA guidance tools, including additional information about research uses and disclosures. The research guidance contains helpful tips for covered entities regarding authorizations, revocations, and “reviews preparatory … Continue Reading
The recent WannaCry ransomware attack and the bevy of breaches over the past few years demonstrate that cyber risks in the healthcare arena are substantial and widespread. The Department of Health and Human Services (HHS) Health Care Industry Cybersecurity (HCIC) Task Force Report (HCIC Report), required under the federal Cybersecurity Information Sharing Act of 2015, … Continue Reading
The Department of Health and Human Services Office of Civil Rights (HHS OCR) recently settled with a notable covered entity – a nonprofit Federally Qualified Community Health Center (FQHC) – over alleged Health Information Portability and Accountability Act (HIPAA) Privacy and Security Rule violations. With the FQHC agreeing to pay $400,000 to HHS and entering … Continue Reading
Hospital systems are on notice for ransomware attacking their health IT systems after three hospital systems are reported to be victims of computer viruses. In response, one hospital system paid almost $17,000 in Bitcoin to retrieve their EHR, while the other two hospital systems worked off paper records and backup systems for a few days … Continue Reading
The United States Department of Health and Human Services (HHS) recently entered into a $750,000 resolution agreement with the University of Washington (UW) following an investigation. The investigation was prompted by UW reporting a breach of about 90,000 people’s personal health information (PHI) after an employee unknowingly downloaded malicious malware from an email attachment. Similar … Continue Reading
Another month, another round of data breaches – seem like a familiar refrain when healthcare providers, health plans and their counsel think about cybersecurity? But what if instead we could get organized and manage this growing business risk in a more proactive manner? It sounds like a good idea, but for many counsel, who view … Continue Reading
News of the data breach suffered by Anthem continues to dominate the news (here, here, and here for example). And, further raising the stakes, class action lawsuits from individuals whose information has potentially been compromised are beginning to roll into courthouses across the country (California, Alabama, Indiana, Georgia, California (again), and California (again)). Because health care data is such a … Continue Reading
Florida enacted a new data breach reporting law, the Florida Information Protection Act (“FIPA”), which will affect most, if not all, healthcare businesses. The law became effective the first of this month (July 1, 2014). The deadline for data breach reporting under FIPA is now 30 days, shortened from 45 days in the previous version … Continue Reading
Most organizations would agree that data privacy must be treated as a priority issue, not least because of the financial and reputational consequences of a data breach. Squire Patton Boggs has a global team of specialists advising clients on local and global data issues. Two members of our team, Tom Zeno and Lindsay Holmes have written a two … Continue Reading