Health Law Advisor Thought Leaders On Laws And Regulations Affecting Health Care And Life Sciences

Category Archives: Privacy and Security Law

Subscribe to Privacy and Security Law RSS Feed

OCR Hones in on Smaller HIPAA Breaches

The U.S. Department of Health and Human Services, Office of Civil Rights (“OCR”), the agency tasked with enforcing the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), recently announced that it will redouble its efforts to investigate smaller breaches of Protected Health Information (“PHI”) that affect fewer than five-hundred (500) individuals.

It has been widely known that OCR opens an investigation for every breach affecting more than 500 individuals; this announcement describes OCR’s new initiative to investigate smaller breaches as well.  OCR stated that in determining when it will open an investigation, it will evaluate a number of factors, … Continue Reading

2012 Breach and Lacking Compliance Program Results in $750,000 Settlement for Radiation Oncology Group

By Arthur J. Fried, Patricia M. Wagner, Adam C. Solander, Evan Nagler, and Jonathan Hoerner

On September 2, 2015, the U. S. Department of Health and Human Services (“HHS”) announced a $750,000 settlement with Cancer Care Group, P.C. (“CCG”), a radiation oncology practice in Indiana, for Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules violations. The alleged violations occurred in 2012, but a subsequent HHS Office for Civil Rights (OCR) investigation led to allegations from OCR that there was a lack of compliance with HIPAA Privacy and Security Rules requirements … Continue Reading

The Future of Research Using Electronic Medical Records Data: Precision Medicine Initiative Privacy and Trust Guiding Principles Provide Another Piece of the Puzzle

One thing’s certain – the vast and growing supply of data contained in electronic medical records systems will play a significant role in improving the speed and efficiency of research into new treatments in the years to come.  The challenge will be striking an appropriate balance between the unquestionable promise of this data to enable research – research that will enhance available treatments and save lives – with the rights of individual patients in the privacy of their health information.  Attempts to strike that balance are at the heart of current legislative, regulatory and policy initiatives that will shape the … Continue Reading

FTC Focus on Privacy

At the International Association of Privacy Professionals (“IAPP”) Global Privacy Summit in Washington, D.C. on March 5th and March 6th, the Federal Trade Commission (“FTC”) was clear in its message that privacy was a top priority for the agency.  The FTC had a strong presence at the conference.  Three of the five Commissioners and the Director of the Bureau of Consumer Protection (Jessica Rich) all spoke at the conference and relayed a message of the importance of consumer privacy and security.  In that regard, the FTC speakers stressed the importance of:

  • informing consumers of the collection of
Continue Reading

FTC Focus on Privacy

At the International Association of Privacy Professionals (“IAPP”) Global Privacy Summit in Washington, D.C. on March 5th and March 6th, the Federal Trade Commission (“FTC”) was clear in its message that privacy was a top priority for the agency.  The FTC had a strong presence at the conference.  Three of the five Commissioners and the Director of the Bureau of Consumer Protection (Jessica Rich) all spoke at the conference and relayed a message of the importance of consumer privacy and security.  In that regard, the FTC speakers stressed the importance of:

  • informing consumers of the collection of
Continue Reading

Complimentary Webinar – The Age of Data Breaches: How to Avoid Being the Next Headline

Security Image

Tuesday, March 24, 2015 at 12:00 p.m. – 1:00 p.m. EDT

The past year has demonstrated that no organization is immune to security incidents that could affect its employees, customers, and reputation.  Understanding the complex legal framework governing data privacy and developing a plan to mitigate risk can be the difference between an incident and a disaster.

Join Epstein Becker Green’s Privacy & Security Practice for a comprehensive overview of data breach priorities impacting organizations that deal in electronic data.  Presenters will identify strategies to prepare for and prevent security incidents as well as summarize key takeaways from the biggest … Continue Reading

Complimentary Webinar – Wireless Health Regulatory Issues: A 2015 Roadmap to FDA, FCC, and Privacy and Cyber Security Issues

WHEN: Thursday, February 26, 2015

TIME: 12:00pm – 1:30pm EST

To register for this webinar, please click here.

Please join us for a complimentary webinar addressing wireless health regulatory issues. This session will discuss recent trends in health technology regulation; including Food and Drug Administration (FDA) developments, Federal Communications Commission (FCC) requirements, wireless technology and communication issues, mobile applications, decision support and other Health IT challenges, and privacy and cyber security considerations.

This session is relevant to tech companies, communications companies, entrepreneurs, and developers that are entering the wireless health technologies space or considering acquiring mobile health assets.

Topics Continue Reading

President Obama to Announce New Privacy Initiatives in SOTU

By Evan J. Nagler

The State of the Union Address, scheduled for January 20, 2015, will contain new initiatives related to privacy, White House officials say. The known initiatives are the introduction of a data breach reporting bill, a bill restricting the sale of student information, and a Consumer Privacy Bill of Rights.

SETTING A NATIONAL DATA BREACH REPORTING STANDARD

President Obama is planning on introducing a data breach bill that would standardize the reporting period nationwide at 30 days. The proposed Personal Data Notification and Protection Act would require direct customer notification. The law would also criminalize selling Continue Reading

FDA Announces Cybersecurity Workshop

The Food and Drug Administration (“FDA”) recently announced that it will be hosting a public workshop on October 21 and 22, 2014, in Arlington, Virginia, entitled “Collaborative Approaches for Medical Device and Healthcare Cybersecurity.”

Officials from FDA, the Department of Health and Human Services (“HHS”), and the Department of Homeland Security (“DHS”) will bring together medical device manufacturers, insurers, cybersecurity researchers, trade organizations, government officials, and other stakeholders to discuss the numerous challenges faced in medical device cybersecurity.

CDRH OFFICIAL: BE AWARE OF DEVICE RISKS

On September 23 and 24, 2014, the National Institute of Standards and Technology … Continue Reading