Privacy

Subscribe to Privacy RSS Feed

Orthopedic Clinic Settles with HHS OCR for $1.5 Million over Claims of Systemic HIPAA Noncompliance

The US Department of Health and Human Services’ Office for Civil Rights (“OCR”) recently announced a settlement with Georgia-based Athens Orthopedic Clinic PA (the “Clinic”) to resolve multiple alleged violations of the Privacy and Security Rules under the Health Insurance Portability and Accountability Act (“HIPAA”).\ Under the terms of the settlement, the Clinic agreed to … Continue Reading

HHS Eases Federal Substance Use Disorder Confidentiality Rules

Last month the Substance Abuse and Mental Health Services Administration (“SAMHSA”) finalized amendments to the federal Confidentiality of Substance Use Disorder Patient Records regulation, 42 C.F.R. Part 2 (“Part 2”). The changes purport to better facilitate substance use disorder (“SUD”) care coordination and treatment by loosening technical consent requirements, clarifying permissible disclosures, and providing other … Continue Reading

Complimentary Webinar: Privacy Law, Coronavirus, and Post-Pandemic Best Practices

On April 30, 2020, Partner, Elliot Golding will co-present a complimentary webinar,  Privacy Law, Coronavirus, and Post-Pandemic Best Practices.  The program, organized by Bloomberg Law, will address recent HIPAA changes and temporary waivers, telehealth privacy and cyber considerations, and practical tips and recommendations to manage privacy and cyber risk during these challenging times.  Additional information … Continue Reading

The Illinois Biometric Information Privacy Act (“BIPA”): When Will Companies Heed the Warning Signs?

The Illinois Biometric Information Privacy Act (“BIPA”) went into effect in 2008 and has been a steady source of litigation ever since.  BIPA regulates how “private entities” collect, use and share biometric data and imposes certain security requirements.  The stated intent of BIPA was to address the heightened risk of identity theft associated with the processing … Continue Reading

Medical Imaging Company Pays $3 Million Data Security Fine

A medical imaging company is paying for its flawed data security system. In addition to its system failures, the company failed to investigate and respond properly when alerted to problems by the FBI. As a result, the Office of Civil Rights imposed a $3 million penalty and required a corrective action plan. This yet another … Continue Reading

Recent Guidance by ONC and SAMHSA Sheds Light on Compliance Requirements for 42 CFR Part 2

In the face of the ongoing opioid crisis in the United States, the Office of the National Coordinator for Health Information Technology (“ONC”) and the Substance Abuse and Mental Health Services Administration (“SAMHSA”) recently released two fact sheets to clarify how the requirements of 42 CFR Part 2 apply in different provider contexts, including via … Continue Reading

Law360 Expert Analysis: Health Tech Is The New Focus For Cybersecurity Policy

In a May 22, 2018 article that appeared in Law360 Expert Analysis piece, Squire Patton Boggs partner Elliot Golding writes, “There is no shortage of attention on health care data privacy and cybersecurity, with an avalanche of new and proposed government and regulatory initiatives underway. Although health care has long been a key target for … Continue Reading

Key Health Care Technology Privacy and Cybersecurity Considerations

In a podcast interview with Healthcare InfoSecurity, Squire Patton Boggs Partner Elliot Golding addresses evolving healthcare privacy and security issues, particularly complex issues involving Internet of Things (IoT) devices.  This includes addressing new risks when connected devices link to legacy systems, the applicable regulatory environment, and other key issues companies operating in the health care … Continue Reading

Malicious Malware Brings On a Major HIPAA Headache

The United States Department of Health and Human Services (HHS) recently entered into a $750,000 resolution agreement with the University of Washington (UW) following an investigation.  The investigation was prompted by UW reporting a breach of about 90,000 people’s personal health information (PHI) after an employee unknowingly downloaded malicious malware from an email attachment. Similar … Continue Reading

Thinking About Cybersecurity – How to Get Organized & Better Manage Risk

Another month, another round of data breaches – seem like a familiar refrain when healthcare providers, health plans and their counsel think about cybersecurity?  But what if instead we could get organized and manage this growing business risk in a more proactive manner? It sounds like a good idea, but for many counsel, who view … Continue Reading

Anthem Data Breach: A Dramatic Reminder about Data Security

News of the data breach suffered by Anthem continues to dominate the news (here, here, and here for example).  And, further raising the stakes, class action lawsuits from individuals whose information has potentially been compromised are beginning to roll into courthouses across the country (California, Alabama, Indiana, Georgia, California (again), and California (again)).  Because health care data is such a … Continue Reading

FBI Warns of “Spear Phishing” for Your Data and Ideas

The widely reported data breach at Community Health Systems, Inc. (CHS) appears to have relied upon a “spear phish email” to launch the initial malware, according to a recent alert from the FBI. Experts engaged by CHS believe that the attacker is an “Advanced Persistent Threat.” The FBI alert provides tips for organizations to prevent … Continue Reading

Business Associate Agreement Update Deadline

September 22, 2014 is the deadline to have business associate and data use agreements updated to conform to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Final Omnibus Rule  (the Omnibus Rule), which became effective September 23, 2013.  The Omnibus Rule’s transition provisions  protect eligible business associate agreements and data use agreements until … Continue Reading

Florida's New Data Breach Notification Law Shortens the Time Period for Reporting Data Breaches

Florida enacted a new data breach reporting law, the Florida Information Protection Act (“FIPA”), which will affect most, if not all, healthcare businesses.  The law became effective the first of this month (July 1, 2014).  The deadline for data breach reporting under FIPA is now 30 days, shortened from 45 days in the previous version … Continue Reading

Best Practice on Data Privacy

 Most organizations would agree that data privacy must be treated as a priority issue, not least because of the financial and reputational consequences of a data breach.  Squire Patton Boggs has a global team of specialists advising clients on local and global data issues. Two members of our team, Tom Zeno and Lindsay Holmes have written a two … Continue Reading
LexBlog