Health Insurance Portability and Accountability Act of 1996

As consumerism in healthcare increases, companies and the individuals they serve are increasingly sharing data with third-party application developers that provide innovative ways to manage health and wellness, among numerous other products that leverage individuals’ identifiable health data.  As the third-party application space continues to expand and data sharing becomes more prevalent, it is critical that such data sharing is done in a responsible manner and in accordance with applicable privacy and security standards. Yet, complying with applicable standards requires striking the right balance between rules promoting interoperability vis-à-vis prohibiting information blocking vs. ensuring patient privacy is protected. This is especially difficult when data is sent to third party applications that remain largely unregulated from a privacy and security perspective.  Navigating this policy ‘tug of war’ will be critical for organizations to comply with the rules, but also maintain consumer confidence.
Continue Reading Be Aware Before You Share: Vetting Third Party Apps Prior to Data Transfer

As discussed in an earlier blog post, the New York state Stop Hacks and Improve Electronic Data Security Act (or “SHIELD Act”), was signed into law on July 25, 2019.  A potential unintended side effect of the SHIELD Act may require health care companies to provide notification to the NY Attorney General for events that occurred well before its enforcement date. While the SHIELD Act’s data security requirements, which are covered under §4, will not come into effect until March 21, 2020, all other requirements, including the breach notification requirement, became effective on October 23, 2019.  The notification enforcement date is important for any Covered Entity, as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), that has suffered a Breach, as defined by HIPAA, involving fewer than 500 individuals (“Minor HHS Breach”), was a breach of computerized data, and involved a New York resident.
Continue Reading Annual Breach Reporting Required Under NY SHIELD Act for Some Health Care Companies

Data is king!  A robust privacy, security and data governance approach to data management can position an organization to avoid pitfalls and maximize value from its data strategy. In fact, some of the largest market cap firms have successfully harnessed the power of data for quite some time.  To illustrate this point, the Economist boldly