Employers will soon see the national debate about abortion popping up in some unexpected places: the HIPAA privacy policies and procedures and notices of privacy practices they use for their health benefit plans....more
5/6/2024
/ Abortion ,
Benefit Plan Sponsors ,
Compliance ,
Covered Entities ,
Dobbs v. Jackson Women’s Health Organization ,
Employer Group Health Plans ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Notice Requirements ,
Reproductive Healthcare Issues ,
Substance Abuse
On February 14, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published a new, final version of their guidance for...more
2/26/2024
/ Biden Administration ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Final Guidance ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
NIST ,
OCR ,
Popular ,
Risk Assessment ,
Risk Management
The U.S. Department of Health and Human Services (HHS) has announced a plan to provide resources and incentives for the healthcare industry to adopt cybersecurity measures and to increase potential regulatory penalties for...more
On December 13, 2022, President Joe Biden signed H.R. 8404, known as the Respect for Marriage Act, into law, guaranteeing marriage equality for same-sex and interracial couples under federal law. The law passed both houses of...more
On November 7. 2022, the Supreme Court of the United States declined to review a case by a Georgia fire chief alleging she was discharged for being transgender in violation of Title VII of the Civil Rights Act of 1964 and the...more
12/6/2022
/ Americans with Disabilities Act (ADA) ,
Appeals ,
Civil Rights Act ,
Dismissals ,
Employment Discrimination ,
Employment Litigation ,
Equal Employment Opportunity Commission (EEOC) ,
Fort Bend County Texas v Davis ,
Petition for Writ of Certiorari ,
Title VII ,
Transgender ,
Verification Requirements
On November 29, 2022, the U.S. Senate passed the Respect for Marriage Act, which would guarantee marriage equality, including for interracial and same-sex couples, under federal law. The bill, H.R. 8404, passed the Senate in...more
On June 4, 2021, the European Commission adopted two new sets of standard contractual clauses (SCCs): one for data transfers from data controllers to data processors and one for data transfers from data exporters to data...more
6/14/2021
/ Compliance ,
Corporate Counsel ,
Data Controller ,
Data Processors ,
Data Protection ,
Data Transfers ,
Employee Privacy Rights ,
EU ,
European Commission ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
Human Resources Professionals ,
International Data Transfers ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Retirement plans are increasingly subject to cybersecurity issues, and the U.S. Department of Labor (DOL) is taking notice. On April 14, 2021, the DOL published cybersecurity guidance “for plan sponsors, plan fiduciaries,...more
5/18/2021
/ Benefit Plan Sponsors ,
Best Practices ,
Class Action ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Department of Labor (DOL) ,
Electronic Communications ,
Employee Retirement Income Security Act (ERISA) ,
Fiduciary ,
IRS ,
Plan Participants ,
Popular ,
Retirement Plan ,
Third-Party Service Provider
The Court of Justice of the European Union (CJEU) recently declared that the EU-U.S. Privacy Shield is invalid because it does not provide an adequate level of protection for the transfer of personal data from the European...more
In addition to the potential uses of contact-tracing apps, discussed recently in episode 1 of the Global Solutions series, most employers now conduct some form of employee screening or monitoring to help prevent the spread of...more
An employer’s response to COVID-19 involves numerous privacy issues. Below are some answers to frequently asked questions (FAQs) about these issues within the United States and globally, based on laws such as the Americans...more
Much has happened since the European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Many EU countries have enacted national legislation to implement and expand the requirements of the...more
5/22/2019
/ Austria ,
CCTV ,
CNIL ,
Data Breach ,
Data Protection ,
Data Protection Authority ,
Employer Liability Issues ,
Enforcement Actions ,
EU ,
European Data Protection Board (EDPB) ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Human Resources Professionals ,
Netherlands ,
Personal Data ,
Personnel Records ,
Portugal ,
Regulatory Violations ,
Risk Management ,
Social Networks ,
Surveillance ,
Video Recordings
Much has happened since the European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Many EU countries have enacted national legislation to implement and expand the requirements of the...more
Much has happened since the European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Many EU countries have enacted national legislation to implement and expand the requirements of the...more
4/24/2019
/ Biometric Information ,
Criminal Records ,
Email ,
Employee Monitoring ,
Employee Privacy Rights ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Hiring & Firing ,
Human Resources Professionals ,
Member State ,
Personal Data ,
Personally Identifiable Information
Much has happened since the European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Many EU countries have enacted national legislation to implement and expand the requirements of the...more
Data breaches continue to be an unfortunate risk that companies face with increasing frequency. In this podcast, Rebecca Bennett, Stephen Riga, and Justin Tarka discuss data breaches from both a U.S. and EU perspective,...more
12/17/2018
/ Best Practices ,
Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Employer Liability Issues ,
EU ,
General Data Protection Regulation (GDPR) ,
Hackers ,
Personal Data ,
Personally Identifiable Information ,
Risk Mitigation ,
Third-Party Service Provider
The Affordable Care Act (ACA) introduced mandatory coverage for a wide array of preventive care services. Section 2713 of the ACA requires most health plans to provide coverage for various preventive care services without...more
On April 19, 2018, the Article 29 Working Party (Working Party), which is comprised of representatives from the data protection authorities in each of the 28 European Union (EU) member states, issued a position paper stating...more
On March 27, 2018, Helen Dixon, the data protection commissioner for Ireland, outlined the enforcement priorities of the Irish data protection authority (DPA) for the General Data Protection Regulation (GDPR) during the...more
With less than six months until the May 25, 2018, effective date for the European Union (EU) General Data Protection Regulation (GDPR), companies are assessing their GDPR readiness and concentrating their compliance efforts...more
The creation and implementation of the Patient Protection and Affordable Care Act (ACA or Obamacare) was a long, strange trip beset throughout by policy disagreements, shifting political winds, backroom legislative dealings,...more
The last couple of years have brought a steady rain of bad news for the healthcare industry when it comes to data security: Insurers faced with massive data breaches affecting thousands of health plans and millions of...more
6/20/2016
/ Cyber Threats ,
Data Breach ,
Data Security ,
Electronic Medical Records ,
Employer Group Health Plans ,
Health Care Providers ,
Health Insurance ,
HIPAA Audits ,
Hospitals ,
OCR ,
PHI ,
Popular ,
Ransomware
Last Friday, the Supreme Court of the United States issued its highly-anticipated decision in the case of Obergefell v. Hodges, ruling that all 50 states must license marriages between two people of the same sex and must...more
This morning, Anthem Blue Cross and Blue Shield, one of the largest health insurers in the country, notified its policyholders, members, and business partners that it was recently the target of an external cyber attack that...more
Finally, some guidance on mid-year cafeteria plan changes that many employers have already permitted in the wake of United States v. Windsor. On December 16, 2013, the Internal Revenue Service (IRS) released Notice 2014-1,...more