Rebecca Williams

Rebecca Williams

Davis Wright Tremaine LLP

Contact
View Bio
RSS

Latest Posts › Data Security

Share:

New Washington Law Has Broad Implications For Protecting Consumer Health Data - Landmark ‘My Health My Data’ Act Reaches Beyond...

On April 27, 2023, Washington Governor Jay Inslee signed into law the My Health My Data Act (the "Act"), which will regulate the collection, use, and disclosure of "consumer health data" ("Consumer Health Data" or "CHD"). The...more

5/2/2023  /  Business Associates , Covered Entities , Data Privacy , Data Protection , Data Security , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , OCR , Patient Privacy Rights , PHI , Private Right of Action

The Clock Is Ticking: HIPAA Small Breach Notifications Due March 1

HIPAA-covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of "small" breaches of unsecured protected health information that were discovered during calendar-year 2022 no...more

2/24/2023  /  Corporate Counsel , Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , OCR , PHI

2022 Health Information Privacy and Security New Year's Resolutions

It's that time of the year again: the opportunity to brush off your New Year's resolutions for privacy and security of health information. Here are some potential health information privacy and security resolutions for your...more

1/10/2022  /  Data Privacy , Data Protection , Data Security , Electronic Protected Health Information (ePHI) , Health Insurance Portability and Accountability Act (HIPAA)

Calendar Year 2020 HIPAA Small Breach Notifications Due March 1, 2021

March 1, 2021, is the due date for HIPAA-covered entities to notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) about "small" breaches of unsecured protected health information discovered...more

2/24/2021  /  Breach Notification Rule , Covered Entities , Data Breach , Data Security , Health Insurance Portability and Accountability Act (HIPAA) , OCR , PHI

Tick Tock Tick Tock, When a Breach Occurs, You’re on the Clock!

As a reminder that state attorneys general have enforcement authority over breach notifications, the New York Attorney General recently announced a $130,000 settlement for a failing to provide breach notification in a...more

7/6/2017  /  Corporate Counsel , Data Breach , Data Protection , Data Security , Department of Health and Human Services (HHS) , Notification Requirements , OCR , Personally Identifiable Information

Modernization? SAMHSA Falls Short in Updating 42 C.F.R. Part 2

On January 18, 2017, the Department of Health and Human Services Substance Abuse and Mental Health Services Administration (“SAMHSA”) published a final rule amending 42 C.F.R. Part 2 (“Part 2”), with an effective date that...more

2/20/2017  /  Consent , Data Security , Electronic Protected Health Information (ePHI) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , Medical Records , SAMHSA , Substance Abuse

HIPAA Small Breach Notification Due March 1: “In Like a Lion, Out Like a Lamb” if You Submit Timely

March 1, 2017 is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health information that were...more

2/10/2017  /  Breach Notification Rule , Covered Entities , Cybersecurity , Data Breach , Data Security , Department of Health and Human Services (HHS) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , OCR

[Webinar] HIPAA in the Cloud – OCR Guidance on HIPAA and Cloud Service Providers - Jan. 31st, 1:00pm ET

As the health care sector further embraces the benefits of cloud computing, numerous challenges have arisen with applying HIPAA to cloud computing services....more

1/24/2017  /  Cloud Computing , Cloud Service Providers (CSPs) , Covered Entities , Data Privacy , Data Security , Department of Health and Human Services (HHS) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , Security Breach , Webinars

The Price of PHI – A $2.2 Million USB Drive

A stolen unencrypted USB drive led to a $2.2 million settlement and a Resolution Agreement. The Department of Health and Human Services Office for Civil Rights (OCR) announced on January 18th a settlement with MAPFRE Life...more

1/23/2017  /  Data Breach , Data Security , Department of Health and Human Services (HHS) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , OCR , PHI

OCR Sets Sights on Smaller HIPAA Breaches

Covered entities and business associates can expect increased scrutiny for breaches of unsecured protected health information affecting fewer than 500 individuals. Starting August 2016, the U.S. Department of Health and Human...more

9/8/2016  /  Breach Notification Rule , Business Associates , Covered Entities , Data Breach , Data Security , Department of Health and Human Services (HHS) , Health Insurance Portability and Accountability Act (HIPAA) , OCR , PHI
10 Results
 / 
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide