With apologies to John Donne, ask not for whom the bells tolls, HIPAA business associates, it tolls for thee! While it has been the law for some time that business associates could be held directly liable for breaches,...more
9/28/2020
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Electronic Medical Records ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Security Rule ,
OCR ,
Personally Identifiable Information ,
PHI ,
Settlement Agreements
Massachusetts Attorney General Maura Healey recently announced the creation of the Data Privacy and Security Division within her office, with the stated goal of “protect[ing] consumers from the surge of threats to the privacy...more
The U.S. Attorney’s Office in Massachusetts is ramping up its effort to combat fraud related to the Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”) through an agreement to work with the Office of the Special...more
In the wake of the Schrems II decision invalidating the the EU-US Privacy Shield, the US Department of Commerce has decided it should make lemonade out of the Schrems lemons. The Department recently issued a set of FAQs,...more
8/4/2020
/ Binding Corporate Rules ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Economic Area (EEA) ,
International Data Transfers ,
Personal Data ,
Privacy Laws ,
Risk Assessment ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
In an effort to make it easier for laboratories to be reimbursed by insurers for COVID-19 testing, the Massachusetts Division of Insurance has issued a bulletin stating that it expects “carriers to relax” restrictions on...more
On July 16, 2020, the European Court of Justice issued one of its most important decisions on data privacy law (Schrems II), holding that the EU-US Privacy Shield is no longer a viable mechanism for EU-US data transfers under...more
7/17/2020
/ Corporate Counsel ,
Data Privacy ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Commission ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
National Security ,
Personal Data ,
Safe Harbors ,
Standard Contractual Clauses
The Massachusetts Board of Registration in Medicine (BORIM) recently issued two orders that update prior guidance regarding licensure of physicians from outside Massachusetts and telemedicine...more
On May 18, 2020, Governor Baker announced a four-phase reopening plan for Massachusetts. Of particular importance for Massachusetts business, the Reopening Plan will allow many businesses to reopen in a phased manner, albeit...more
April 30, 2020 The announcement is not altogether surprising, as Governor Baker has long urged a cautious approach to re-opening and stressed the need for additional testing. At the same time he extended the Order, Governor...more
Very interesting discussion in the most recent Journal of the American Medical Association, “Information Technology–Based Tracing Strategy in Response to COVID-19 in South Korea—Privacy Controversies.”
The sources of...more
On March 27, 2020, Congress passed the Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”), the third and by far the largest stimulus package passed by Congress to respond to the COVID-19 outbreak. As discussed...more
On March 27, 2020, Congress passed the Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”), the third and by far the largest stimulus package passed by Congress to respond to the COVID-19 outbreak. As discussed...more
The Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”) is a comprehensive economic relief plan designed to stabilize and uplift the American economy during the COVID-19 pandemic. It is unique not only because...more
4/3/2020
/ 1135 Waivers ,
Airlines ,
Amended Legislation ,
CARES Act ,
Direct Payments to Families and Individuals ,
Eviction ,
Families First Coronavirus Response Act (FFCRA) ,
Federal Grants ,
Federal Loans ,
Financial Assistance Policies ,
Foreclosure ,
Health Care Providers ,
Medical Supplies ,
Moratorium ,
Paycheck Protection Program (PPP) ,
Small Business Loans ,
Student Loans ,
Tax Credits ,
Tax Deferral ,
Telehealth
If you are among the many people turning to video-teleconferencing (VTC) to stay connected during the COVID-19 pandemic, you need to protect yourself from “Zoom-bombing” – the entrance of uninvited individuals into your VTC. ...more
On March 24, 2020, the Office for Civil Rights (OCR) at the Department of Health and Human Services issued guidance on how HIPAA covered entities may disclose protected health information (PHI) about an individual who has...more
On the evening of Wednesday, March 18, 2020 the President signed into law the Families First Coronavirus Response Act, which provides various forms of emergency relief to directly address the effects of the COVID-19 pandemic....more
On March 23, 2020, in response to the growing COVID-19 pandemic, Massachusetts Governor Charlie Baker ordered all businesses not providing “COVID-19 Essential Services” to close their physical, brick-and-mortar premises to...more
On Friday, March 20, 2020, the Department of Health and Human Services Office for Civil Rights (“OCR”) announced it will “exercise its enforcement discretion and will not impose penalties for noncompliance with the regulatory...more
The coronavirus and Covid-19 are impacting everything and everyone, and certainly health information privacy. Here is a useful summary of health information issues to be mindful of from HHS OCR on HIPAA privacy and the...more
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) just completed a stakeholder security briefing. This was recorded and should soon be available on the CISA website...more
3/16/2020
/ Coronavirus/COVID-19 ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Emergency Management Plans ,
Employer Responsibilities ,
Incident Response Plans ,
Infectious Diseases ,
Public Health ,
Virtual Private Networks
On Friday, February 7, 2020, California’s Attorney General’s Office released revisions to the proposed regulations (the “Modified Draft Regulations”) for the California Consumer Privacy Act (“CCPA”). The CCPA is a...more
On January 4, 2020, the US Department of Homeland Security posted at National Terrorism Advisory System Bulletin, in the wake of the killing of a senior Iranian military leader by a US drone. That DHS advisory states:
The...more
1/6/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Foreign Relations ,
Hackers ,
Iran ,
National Security ,
Phishing Scams ,
State Sponsors of Terrorism ,
Terrorist Threats
For the first time in over a decade, the U.S. Department of Education (DoE) and the Office for Civil Rights at the U.S. Department of Health and Human Services (OCR) have released updated joint guidance addressing the...more
12/23/2019
/ Colleges ,
Consent ,
Department of Education ,
Department of Health and Human Services (HHS) ,
Educational Institutions ,
FERPA ,
Health Care Providers ,
HIPAA Privacy Rule ,
New Guidance ,
OCR ,
PHI ,
Student Privacy ,
Student Records ,
Students ,
Universities ,
Written Consent
InfoTrax Systems, a Utah-based technology company, has agreed to implement a comprehensive data security program to settle Federal Trade Commission allegations that the company failed to put in place reasonable security...more
12/2/2019
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Hackers ,
Information Security ,
Personally Identifiable Information ,
Popular ,
Settlement ,
Websites
Physicians Talking With Their Domestic Partners About Patients -
? Health care institutions often require that physicians and medical students click through annual online modules or attend lectures about HIPAA.
- But...more
11/4/2019
/ California Consumer Privacy Act (CCPA) ,
Centers for Medicare & Medicaid Services (CMS) ,
Cybersecurity ,
Data Collection ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
New Rules ,
Patient Privacy Rights ,
PHI ,
SAMHSA