Exactly 12 days before Christmas, the U.S. Department of Health and Human Services’ Office of the National Coordinator (ONC) gave the health industry a unique gift buried in a 900+ page rule adoption. The gift? The first...more
According to this article, 2021 has been a “particularly dire year” for health care data breaches. So, it may not seem shocking that a hacker gained access to the protected health information of approximately 400,000...more
Fox Rothschild LLP partner Beth Larkin listened to the HHS Office for Civil Rights 4/24/20 webinar (which should be posted on its website at some point) regarding HIPAA and COVID-19 and took notes. Here’s my summary of key...more
Fox Rothschild partner Bill Maruca’s article, “Protecting Privacy During an Infectious Disease Panic”, is (unfortunately) as relevant today as it was when it was posted more than 5 years ago. Swap Ebola for COVID-19, and the...more
More than eleven years have passed since the U.S. Department of Health and Human Services (HHS), the agency responsible for the privacy of protected health information under HIPAA, and the U.S. Department of Education (DOE),...more
Fox Rothschild’s Privacy and Data Security practice group maintains this searchable PDF document as well as the Data Breach 411 app to inform businesses of the breach notification statutes in each of the 50 states, Guam,...more
Why Covered Entities and Business Associates Cannot Ignore the New California Data Privacy Law-
The California Consumer Privacy Act (CCPA) applies to a wide range of for-profit businesses that collect the personal...more
“TMI” usually means “too much information”, but it was used aptly by the Office for Civil Rights (OCR) as an acronym for a covered entity that exposed protected health information (PHI) of more than 300,000 patients through...more
HHS Office for Civil Rights (OCR)’s April 3, 2019 cybersecurity newsletter highlights one of the more challenging cybersecurity vulnerabilities faced by covered entities and business associates. OCR reminds covered entities...more
If you are a U.S.-based entity that is subject to the EU Data Protection Regulation (GDPR), and you store personal data of EU residents and personally identifiable information of U.S. residents in a commingled database, you...more
The new Apple Watch Series 4® is one of the more recent and sophisticated consumer health engagement tools. It includes a sensor that lets wearers take an electrocardiogram (ECG) reading and detect irregular heart rhythms....more
The recent criminal conviction of a Massachusetts physician provides a stark reminder that violating HIPAA can result in more than civil monetary penalties and the financial and reputational fall-out that results from a...more
The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Whereas HIPAA applies to particular types or classes of data creators, recipients, maintainers or transmitters (U.S. covered...more
Text messaging is a convenient way for busy doctors to communicate, but for years, the question has remained: are doctors allowed to convey sensitive health information with other members of their provider team over SMS? The...more
Long gone are the days when social media consisted solely of Myspace® and Facebook®, accessible only by logging in through a desktop computer at home or personal laptop. With every single social media platform readily...more
In some respects, HIPAA has had a design problem from its inception. HIPAA is well known today as the federal law that requires protection of individually identifiable health information (and, though lesser-known, individual...more