Lynn Sessions

Lynn Sessions


Contact  |  View Bio  |  RSS

Latest Publications


ALJ Issues Sweeping Decision Dismissing FTC’s Action Against LabMD

On November 13, 2015, the chief administrative law judge (“ALJ”) handling the Federal Trade Commission’s (“FTC” or “Commission”) complaint against LabMD Inc. (“LabMD”) dismissed the case in its entirety. As we previously...more

11/24/2015 - ALJ Data Breach Dismissals FTC LabMD Personal Data

OIG Emphasizes Proactive Enforcement of Privacy Rule and Monitoring of Repeat Offenders

The Office of Inspector General’s (OIG) recently released Privacy Standards report assessed the Office for Civil Rights’ (OCR) oversight of covered entities’ compliance with the Privacy Rule as well as the extent to which...more

11/12/2015 - Audits Covered Entities HIPAA OCR OIG

OIG Emphasizes Proactive Enforcement of Privacy Rule and Monitoring of Repeat Offenders

The Office of Inspector General’s (OIG) recently released Privacy Standards report assessed the Office for Civil Rights’ (OCR) oversight of covered entities’ compliance with the Privacy Rule as well as the extent to which...more

11/11/2015 - Healthcare HIPAA Medicare Part B PHI Privacy Rule

Meaningful Use Stage 3 Final Rule Reduces Provider Burdens

CMS and the Office of the National Coordinator for Health Information (ONC) recently released the 752-page final rule for Meaningful Use Stages 2 (MU2) and 3 (MU3). The final rule provides a flexible timeline for providers...more

10/29/2015 - CMS Health Care Providers Healthcare Meaningful Use Medicare Access and CHIP Reauthorization (MACRA) ONC Reporting Requirements

HIPAA Fine Underscores OCR’s Focus on Physician Group Compliance

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced a $750,000 fine and resolution agreement, including a Corrective Action Plan (CAP), for Cancer Care Group, P.C. (CCG), a...more

10/14/2015 - Compliance Corporate Fines Corrective Actions Data Breach Data Protection Enforcement Actions Health Care Providers Healthcare HHS HIPAA OCR Personally Identifiable Information PHI Privacy Concerns Security Risk Assessments Security Rule

Deeper Dive: Healthcare Incidents Involving More Than 500 Individuals Are Investigated 100 Percent of the Time

We have released the inaugural BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our attorneys advised on in 2014. The report confirms the...more

6/12/2015 - Attorney Generals Covered Entities Data Breach Electronic Medical Records Government Investigations Healthcare HHS HIPAA HITECH Medical Records OCR PHI

The BakerHostetler Data Security Incident Response Report 2015

The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 “the year of the breach.” Most incidents are described publicly with attention-grabbing terms such as...more

5/13/2015 - Annual Reports Best Management Practices Cybersecurity Data Breach Data Protection Risk Assessment Risk Mitigation

FAQs by Employers Regarding the Anthem Breach

Do we have any legal obligations under HIPAA? It depends on your contractual relationship with Anthem and whether the group health plan offered by your company is self-insured. If your company’s group health plan is...more

2/9/2015 - Anthem Insurance Breach Notification Rule Corporate Counsel Data Breach Employer Group Health Plans Health Insurance HIPAA Personally Identifiable Information PHI Popular Self-Insured Health Plans

OCR Updates Breach Report Web Portal — Changes Could Impact Annual Breach Reports

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently launched an updated version of the portal covered entities must use to notify OCR regarding a breach of unsecured protected health...more

2/4/2015 - Breach Notification Rule Covered Entities HHS OCR PHI Websites

Ebola Information Quarantine: Balancing Patient Privacy With Public Health

Of all the complex legal issues raised by the recent cases of Ebola in the U.S., those concerning the delicate balance between preserving patients’ privacy rights and the need to disseminate information to protect public...more

11/3/2014 - Ebola EHR Healthcare HIPAA PHI Right to Privacy

Medical Information More Valuable to Hackers Than Credit Card Numbers

In light of the recently reported large healthcare data breaches that have resulted in the potential theft of the personal information of millions of patients, the FBI warned healthcare providers yet again of the dangers of...more

10/20/2014 - Cyber Attacks Electronic Medical Records FBI Hackers Health Care Providers Hospitals Personally Identifiable Information PHI Physicians

Health System Pays $800,000 Fine for Leaving PHI in Doctor’s Driveway

While enforcement activity by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has focused primarily on a covered entity’s safeguard of electronic protected health information (ePHI),...more

6/27/2014 - Enforcement HHS HIPAA Medical Records OCR PHI

HHS Attorney: Major HIPAA Fines and Enforcement Coming

As regularly blogged about on the Data Privacy Monitor, the past 12 months have seen record-breaking HIPAA enforcement activity by HHS OCR. But according to recent remarks by a high-ranking HHS attorney, if you thought these...more

6/16/2014 - Data Protection Enforcement Enforcement Actions Healthcare HHS HIPAA

Proposed $6.8M Fine Related to Puerto Rico Breach Incident

Triple-S Salud, Inc. (“Triple-S”), a Puerto Rico Health Insurance Administration (“PRHIA”) contractor, filed a Form 8-K indicating that the PRHIA intended to impose a civil monetary penalty of $6,768,000 and other...more

3/7/2014 - Data Breach EHR Fines Form 8-K Healthcare Medicare PHI

HHS Rule Grants Patients Direct Access to Lab Test Results

The U.S. Department of Health and Human Services (HHS) recently published a Final Rule granting patients and their personal representatives access to the patient’s completed laboratory test reports directly from the lab...more

2/24/2014 - CDC CLIA CMS EHR Healthcare HHS HIPAA PHI

NICS and HIPAA: Where Mental Health Privacy and Gun Control Overlap; HHS Releases Notice of Proposed Rulemaking

On January 7, 2014, the U.S. Department of Health and Human Services (HHS) issued a notice of proposed rulemaking (NPRM) for the purpose of modifying the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to...more

2/4/2014 - Criminal Background Checks Gun Laws Healthcare HHS HIPAA NICS

Healthcare Privacy – 2013 Year in Review

On January 25, 2013, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the long-awaited HIPAA Omnibus Final Rule (Final Rule), which includes the most sweeping changes to HIPAA...more

1/3/2014 - Civil Monetary Penalty EHR Healthcare HHS HIPAA HIPAA Omnibus Rule OCR PHI Privacy Laws Subcontractors

Texas to Launch Nation's First Privacy and Security Certification "Safe Harbor"

The Texas Health Services Authority (THSA) recently announced its selection of the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), the most widely adopted information privacy and security...more

12/19/2013 - Certifications Data Protection HHS HIPAA PHI Safe Harbors

Telemarketing: HIPAA Can Reverse the Charges Under the TCPA

The Telephone Consumer Protection Act (TCPA) generally limits automatically dialed and prerecorded telemarketing calls to wireless and residential phones. In the past, healthcare providers and other "advertisers" could rely...more

10/23/2013 - Exemptions FCC HIPAA Robocalling Spam TCPA Telemarketing Written Consent

Computer Crime Insurance Coverage: Can It Cover Fraudulent Entries Submitted by an Authorized User?

In a recent decision, New York's appellate court considered whether a "Computer Systems Fraud" insurance policy rider (Policy) covered losses that Universal American suffered as a result of fraudulent claims electronically...more

10/21/2013 - Crime Insurance Policies Fraud

New Survey Underscores Providers' Responsibility for Preventing Medical ID Theft

The Ponemon Institute's recent publication of its fourth annual 2013 Survey on Medical Identity Theft (Survey) confirmed what many in the healthcare industry already knew: identity theft is a serious and often overlooked...more

9/24/2013 - Fraud Health Care Providers Healthcare Identity Theft

HIPAA Violation Results in $1.44M Jury Verdict Against Walgreens, Pharmacist

Although HIPAA does not create a private cause of action, a recent Indiana Superior Court jury verdict demonstrates that HIPAA still could play an important role in private causes of action in state court based on negligence...more

8/27/2013 - HIPAA Jury Verdicts Negligence Pharmacies Professional Liability Professional Negligence Walgreens

Business Associate Agreements: More Readily Accepted by Cloud Service Providers? Maybe

Although the HIPAA Omnibus Final Rule's expansion of business associate liability could create difficulties for healthcare providers and other covered entities seeking to negotiate business associate agreements with vendors...more

6/21/2013 - Amazon Business Associates Cloud Computing Data Protection Health HHS HIPAA HIPAA Omnibus Rule PHI

Texas Bill Allows Doctors to Collect Patient Data by Swiping Driver's Licenses

The Texas Legislature recently approved S.B. 166, a bill that would allow healthcare providers, including physicians, nurses, dentists and others to collect and verify patient data by simply swiping a patient's driver's...more

5/23/2013 - Data Collection Driver's Licenses HIPAA Physicians

HHS Considers Amending HIPAA Privacy Rule to Permit Disclosure of Mental Health Information for Firearm Background Checks

Adding yet another wrinkle to the nation’s contentious gun control debate, the U.S. Department of Health and Human Services (HHS) has released an Advance Notice of Proposed Rulemaking (ANPRM) soliciting information and public...more

5/8/2013 - Background Checks Data Protection Firearms Gun Laws HHS HIPAA Mental Illness PHI

36 Results
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.