A recently unsealed qui tam action further demonstrates the growing focus on the propriety of incentive payments made under Medicare and Medicaid's Electronic Health Records (EHR) Incentive Programs. Health care providers...more
A multi-year discovery dispute regarding the adverse medical incident reports of a Jacksonville, Florida hospital concluded on October 2, 2017 when the United States Supreme Court denied a petition for a writ of certiorari in...more
11/13/2017
/ Appeals ,
Data Collection ,
Data Reporting ,
Discovery Disputes ,
FL Supreme Court ,
Health Care Providers ,
Healthcare Facilities ,
Hospitals ,
Medical Errors ,
Medical Malpractice ,
Medical Records ,
Motion to Compel ,
Patient Safety ,
Peer Review ,
Petition for Writ of Certiorari ,
Reporting Requirements ,
Reversal ,
SCOTUS ,
State and Local Government ,
Work-Product Doctrine
States continue to amend their Data Protection and Breach Notification Requirements. Maryland and Delaware are the most recent states to pass legislation designed to bring additional precision to an organization's...more
Regardless of whether you have experienced any disruptions to date, you cannot ignore the major global cybersecurity attack that continues to plague organizations. A particularly destructive piece of malicious software, the...more
New York Attorney General Eric T. Schneiderman announced on Friday that the AG's office reached settlements with three mobile application developers who marketed their apps without possessing sufficient information to back up...more
On November 22, 2016, the University of Massachusetts Amherst (UMass) agreed to pay $650,000 and enter into a corrective action plan to settle allegations that it violated the HIPAA Privacy and Security Rules in connection...more
Ransomware, a specialized form of malware used for extortion attempts, has been around the internet for more than a decade but now, because of a rash of recent attacks, has moved to the forefront as the most problematic cyber...more
On April 14, 2016 the European Parliament approved the European Union General Data Protection Regulation (GDPR), which replaces the EU Data Protection Directive (95/46/EC), the privacy law originally established in 1995. The...more
All companies with Tennessee employees or customers need to revise their data incident policies and procedures. Tennessee has revised their breach notification statute to remove the encryption safe harbor, which previously...more
On March 21, 2016, the Office for Civil Rights (OCR) formally announced the start of its 2016 Phase 2 Health Insurance Portability and Accountably Act (HIPAA) Audit Program. Unlike Phase 1, in which OCR's 2012 pilot program...more
Hollywood Presbyterian Medical Center in Los Angeles recently paid a $17,000 ransom in bitcoins to a malware hacker who seized control of the hospital's computer systems and demanded money ransom as a condition to returning...more
United States and European Union Commission negotiators announced today that they have reached a political agreement on a new data transfer framework that will replace the Safe Harbor Program, which was invalidated in 2015 by...more
On December 18, 2015, President Obama signed the 2016 Consolidated Appropriations Act. Included in this must-pass federal funding legislation is the Cybersecurity Act of 2015, which represents the most significant federal...more
On October 6, 2015, the Court of Justice of the European Union declared invalid the more than 15-year-old EU-U.S. Safe Harbor Framework. Thousands of U.S. businesses have complied with, and thus relied upon, the Safe Harbor...more
10/8/2015
/ Binding Corporate Rules ,
Cybersecurity ,
Data Protection Authority ,
Edward Snowden ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Ireland ,
National Security ,
National Security Agency (NSA) ,
Personal Data ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework
On July 10, 2015, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a settlement agreement with St. Elizabeth's Medical Center (SEMC) in Brighton, Massachusetts, regarding potential...more
7/16/2015
/ Compliance ,
Corrective Actions ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
Electronically Stored Information ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Passwords ,
Settlement Agreements
The Office of the National Coordinator for Health IT (ONC) released an updated version of the 2011 Guide to Privacy and Security of Electronic Health Information (Guide). The 62-page Guide provides significant guidance to...more
On December 18, 2014, President Barack Obama signed several significant cybersecurity bills into law. These bills include the Federal Information Security Modernization Act, the Border Patrol Agent Pay Reform Act, the...more
The title of this alert, which comes straight from the Department of Health and Human Services Office for Civil Rights' (OCR) announcement of its most recent settlement, again underscores the critical need for covered...more
On November 6, 2014, the U.S. Department of Labor, Employee Benefits Security Administration (DOL) published Technical Release 2014-01, which provides technical guidance to States concerning stop-loss insurance. Stop-loss...more
It has long been established that there was no private right of action with regard to HIPAA. All providers must be aware that state courts are beginning to turn the tide regarding such liability. On November 11, 2014, the...more
The Centers for Medicare & Medicaid Services (CMS) Innovation Center intends to award $840 million in grants to test methodologies to improve clinical practices and care. CMS's Transforming Clinical Practice Initiative (TCPI)...more
California Governor Jerry Brown signed into law on September 30, three amendments to California's privacy laws of which every business must be aware. The amendments to the Civil Code (i) significantly broaden the scope of...more
The list of states requiring the disposal or destruction of personal data is growing, and companies need to respond accordingly by adopting data destruction plans. Delaware recently became the latest in a series of states to...more
Companies commonly utilize Facebook as part of their online social media advertising strategy. Companies should revisit this strategy in light of a recent finding in the Northern California U.S. District Court (In re Hulu...more
On August 18, 2014, Community Health Systems, Inc. (CHS) publicly confirmed, in a filing with the Securities and Exchange Commission (CHS filing), that its computer network was attacked between April and June 2014 by hackers...more
8/21/2014
/ China ,
Corporate Counsel ,
Cyber Attacks ,
Data Breach ,
Data Protection ,
EHR ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Malware ,
PHI ,
Popular