On September 30, 2021, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR)issued guidance to help the public understand when the Health Insurance Portability and Accountability Act of 1996...more
10/4/2021
/ Americans with Disabilities Act (ADA) ,
Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Mine Safety and Health Administration (MSHA) ,
New Guidance ,
OCR ,
OSHA ,
PHI ,
Privacy Rule ,
Vaccinations ,
Workplace Safety
The Acting Massachusetts DPH Commissioner issued an order on August 26, 2021 authorizing the issuance of temporary licenses for certain providers and renewing the expedited process for issuing those temporary licenses....more
On July 7, 2021, Governor Jared Polis signed into law the Colorado Privacy Act (CPA), making Colorado the most recent state to enact comprehensive privacy legislation. While the CPA does not take effect until July 1, 2023,...more
On June 10, 2021, China adopted a new Data Security Law that will impact every business operating in or doing business with China. The law, which will take effect in less than a month (September 1, 2021), is sweeping in...more
On July 19, 2021, Secretary Becerra of the U.S. Department of Health and Human Services extended the existing public health emergency for 90 days, until October 20, 2021. Without this extension, the declaration would have...more
In response to the spate of ransomware attacks, the United States has launched a website, www.cisa.gov/stopransomware. According to the government press release, the website’s aim is:
to help public and private...more
On March 2, 2021, Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law. This made Virginia the second state to enact a consumer privacy and data security law, and follows hot the heels of...more
If you aren’t following the ransomware attack on Kaseya’s VSA product and approximately 800-1500 of its users, you should be. Like many cyberattacks, this one came on the verge of a holiday weekend. As the company itself...more
On June 10, 2021, the U.S. Labor Department’s Occupational Safety and Health Administration (OSHA) released a nationwide emergency COVID-19 workplace safety rule, accompanied by a 916-page explanatory preamble. President...more
6/25/2021
/ Coronavirus/COVID-19 ,
Department of Labor (DOL) ,
Employees ,
Employer Liability Issues ,
Healthcare ,
Masks ,
New Guidance ,
OSHA ,
Personal Protective Equipment ,
Vaccinations ,
Workplace Safety
On May 27, 2021, the Department of Homeland Security’s Transportation Security Administration (TSA) announced a Security Directive that will enable DHS to better identify, protect against, and respond to threats to critical...more
6/1/2021
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Department of Homeland Security (DHS) ,
Hackers ,
Pipelines ,
Popular ,
TSA
This morning, Governor Charlie Baker made a major announcement accelerating the Massachusetts COVID-19 reopening plan.
On May 29, 2021, the Commonwealth will lift all industry COVID restrictions and lift all capacity...more
On May 12, 2021, President Biden signed an Executive Order which is aimed at improving the nation’s cybersecurity and protecting federal government networks. The Executive Order has been in the works for some time, but the...more
5/13/2021
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Emergency Response ,
Executive Orders ,
Hackers ,
National Security ,
Oil & Gas ,
Pipelines ,
Popular ,
Ransomware ,
Supply Chain ,
Threat Management
On 12 March 2021, the United Nations Open-ended Working Group (“OEWG”), established by General Assembly Resolution 73/27 and consisting of all United Nations Member States, adopted by consensus its Final Substantive Report on...more
On January 7, 2021, Secretary Azar of the U.S. Department of Health and Human Services extended the existing public health emergency for 90 days, until April 21, 2021. Without this extension, the declaration would have...more
You may have forgotten that there is a federal criminal identity theft statute, 18 U.S.C. § 1028A, which says:
Whoever, during and in relation to any felony violation enumerated in subsection (c), knowingly transfers,...more
12/30/2020
/ Appeals ,
Data Breach ,
Felonies ,
Healthcare ,
Healthcare Fraud ,
Identity Theft ,
Medicaid ,
Patients ,
Personal Information ,
SCOTUS ,
Unlawful Means
The First Circuit’s recent opinion in Project Veritas Action Fund v. Rollins, upheld a challenge to the Massachusetts anti-wiretap law, Mass. Gen. Laws ch. 272, § 99, carving out an exception for certain activity protected by...more
December 23, 2020 On December 22, 2020, in response to the escalating concerns about the potential of a post-Christmas COVID-19 surge like that experienced after Thanksgiving, Massachusetts Governor Charlie Baker issued...more
By now, you have heard about the SolarWinds Orion hack. But what do you need to know about it?
First, if you want or need the technical details, the Cybersecurity and Infrastructure Security Agency (CISA) has them. In...more
On December 16, 2020, the U.S. Equal Employment Opportunity Commission (“EEOC”) issued guidance for employers regarding the intersection of employer COVID-19 vaccine policies and various federal equal employment opportunity...more
12/21/2020
/ Americans with Disabilities Act (ADA) ,
Coronavirus/COVID-19 ,
Disability ,
Emergency Use Authorization (EUA) ,
Employees ,
Employer Liability Issues ,
Employment Policies ,
Equal Employment Opportunity Commission (EEOC) ,
GINA ,
Infectious Diseases ,
Reasonable Accommodation ,
Religious Accommodation ,
Title VII ,
Vaccinations ,
Workplace Safety
Nearly 20 years to the day after the first HIPAA privacy regulations were announced, HHS has posted proposed revisions to HIPAA, evidence that even after twenty years, HIPAA privacy remains a work in progress. These proposed...more
The Massachusetts Supreme Judicial Court on December 10, 2020 rejected a broad challenge to Governor Baker’s authority to issue emergency orders intended to combat the ongoing COVID-19 pandemic. Rejecting both the plaintiffs’...more
Halloween or HIPAA: Which is Scarier?
HIPAA and the Pandemic -
Telehealth:
- On Friday, March 20, 2020, OCR announced it will “exercise its enforcement discretion and will not impose penalties for noncompliance with...more
10/29/2020
/ Breach Notification Rule ,
California Consumer Privacy Act (CCPA) ,
Centers for Medicare & Medicaid Services (CMS) ,
Coronavirus/COVID-19 ,
Disclosure ,
First Responders ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Hospitals ,
New Guidance ,
Notification Requirements ,
OCR ,
Patient Access ,
Patients ,
PHI ,
SAMHSA ,
Telehealth ,
Virus Testing
On October 28, 2020, a joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services...more
On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) released an advisory regarding potential sanctions risks related to facilitating ransomware payments...
OFAC is the federal...more
10/16/2020
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
FCPA Guidance ,
Hackers ,
International Emergency Economic Powers Act (IEEPA) ,
Malware ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
Risk Factors ,
Sanctions ,
SDN List ,
TWEA
On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory to alert companies that might pay ransomware attackers of the potential sanctions risks for facilitating...more