Archives: Privacy

Subscribe to Privacy RSS Feed

Recent Guidance by ONC and SAMHSA Sheds Light on Compliance Requirements for 42 CFR Part 2

In the face of the ongoing opioid crisis in the United States, the Office of the National Coordinator for Health Information Technology (“ONC”) and the Substance Abuse and Mental Health Services Administration (“SAMHSA”) recently released two fact sheets to clarify how the requirements of 42 CFR Part 2 apply in different provider contexts, including via … Continue Reading

Law360 Expert Analysis: Health Tech Is The New Focus For Cybersecurity Policy

In a May 22, 2018 article that appeared in Law360 Expert Analysis piece, Squire Patton Boggs partner Elliot Golding writes, “There is no shortage of attention on health care data privacy and cybersecurity, with an avalanche of new and proposed government and regulatory initiatives underway. Although health care has long been a key target for … Continue Reading

Key Health Care Technology Privacy and Cybersecurity Considerations

In a podcast interview with Healthcare InfoSecurity, Squire Patton Boggs Partner Elliot Golding addresses evolving healthcare privacy and security issues, particularly complex issues involving Internet of Things (IoT) devices.  This includes addressing new risks when connected devices link to legacy systems, the applicable regulatory environment, and other key issues companies operating in the health care … Continue Reading

Malicious Malware Brings On a Major HIPAA Headache

The United States Department of Health and Human Services (HHS) recently entered into a $750,000 resolution agreement with the University of Washington (UW) following an investigation.  The investigation was prompted by UW reporting a breach of about 90,000 people’s personal health information (PHI) after an employee unknowingly downloaded malicious malware from an email attachment. Similar … Continue Reading

Thinking About Cybersecurity – How to Get Organized & Better Manage Risk

Another month, another round of data breaches – seem like a familiar refrain when healthcare providers, health plans and their counsel think about cybersecurity?  But what if instead we could get organized and manage this growing business risk in a more proactive manner? It sounds like a good idea, but for many counsel, who view … Continue Reading

Anthem Data Breach: A Dramatic Reminder about Data Security

News of the data breach suffered by Anthem continues to dominate the news (here, here, and here for example).  And, further raising the stakes, class action lawsuits from individuals whose information has potentially been compromised are beginning to roll into courthouses across the country (California, Alabama, Indiana, Georgia, California (again), and California (again)).  Because health care data is such a … Continue Reading

FBI Warns of “Spear Phishing” for Your Data and Ideas

The widely reported data breach at Community Health Systems, Inc. (CHS) appears to have relied upon a “spear phish email” to launch the initial malware, according to a recent alert from the FBI. Experts engaged by CHS believe that the attacker is an “Advanced Persistent Threat.” The FBI alert provides tips for organizations to prevent … Continue Reading

Business Associate Agreement Update Deadline

September 22, 2014 is the deadline to have business associate and data use agreements updated to conform to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Final Omnibus Rule  (the Omnibus Rule), which became effective September 23, 2013.  The Omnibus Rule’s transition provisions  protect eligible business associate agreements and data use agreements until … Continue Reading

Florida’s New Data Breach Notification Law Shortens the Time Period for Reporting Data Breaches

Florida enacted a new data breach reporting law, the Florida Information Protection Act (“FIPA”), which will affect most, if not all, healthcare businesses.  The law became effective the first of this month (July 1, 2014).  The deadline for data breach reporting under FIPA is now 30 days, shortened from 45 days in the previous version … Continue Reading

Best Practice on Data Privacy

 Most organizations would agree that data privacy must be treated as a priority issue, not least because of the financial and reputational consequences of a data breach.  Squire Patton Boggs has a global team of specialists advising clients on local and global data issues. Two members of our team, Tom Zeno and Lindsay Holmes have written a two … Continue Reading
LexBlog