Photo of Brad Rostolsky

On October 10th, the Attorney General of California, Xavier Becerra, delivered the highly anticipated text of the proposed California Consumer Privacy Act (CCPA) regulations. However, untouched and unexplained were the Health Insurance Portability and Accountability Act, California Medical Information Act, and clinical research exemptions. The industry has and will continue to grapple with

The U.S. Department of Health and Human Services (“HHS”) filed a Notice of Enforcement Decision (the “Notice of Enforcement”) on April 26, 2019, confirming the agency’s reconsideration of its prior interpretation of the Health Information Technology for Economic and Clinical Health Act’s (the “HITECH Act’s”) penalty structure. Effective immediately, the maximum penalty that the HHS

State attorneys general (AGs) continue to emerge as major regulators of privacy, and increasingly, with respect to compromises of health-related data.

Businesses concerned with U.S. customer or employee data have long known of the importance of the roles of the Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services, among other federal agencies, in privacy regulation and enforcement; but the keen interest by state attorneys general in the area of privacy, and increasingly private health information, has received less attention.

That tide appears to be turning. In an international data privacy conference taking place this week in Washington, D.C., sponsored by the International Association of Privacy Professionals, both federal and state privacy regulators emphasized the importance of state AGs in privacy regulation and enforcement.
Continue Reading State AGs Upping the Ante on Health (and Other) Information Data Incidents – Expect Increased Enforcement Actions

Gov. Chris Christie has signed into law S. 562, which, as its title states, “Requires health insurance carriers to encrypt certain information.”

Violation of this new law constitutes a facial violation of the New Jersey Consumer Fraud Act, a powerful consumer remedies statute. The NJCFA can be enforced by the state attorney general, or

A November 21, 2013 report published by the Office of the Inspector General (OIG) concluded that The Department of Health & Human Services (HHS) Office for Civil Rights (OCR) is not fully enforcing the HIPAA Security Rule and laid out recommendations for the OCR to implement. The OIG’s report also concluded separately that OCR is

This post was also written by John E. Wyand.

The Department of Health and Human Services’ Office for Civil Rights (OCR) opened an investigation of Adult & Pediatric Dermatology, P.C. (APDerm) after a report was made regarding the theft of an unencrypted flash drive. To settle potential violations of the Health Insurance Portability and Accountability

The long awaited final rule, released yesterday by the Office for Civil Rights (OCR) of the Department of Health and Human Services, modifies the HIPAA Privacy, Security, Breach and Enforcement Rules and is comprised of four final rules which implement the statutory requirements of the Health Information Technology for Economic and Clinical Health Act (HITECH)

As the year is coming to an end, the industry is speculating the release date of the Health Information Technology for Economic and Clinical Health Act (“HITECH”) final rule. The final rule is expected to address modifications to the Privacy, Security, Enforcement, and Breach Notification Rules, and with the release date yet to be determined,

On March 13, 2012 the Department of Health and Human Services (HHS), Office of Civil Rights (OCR) announced its settlement with Blue Cross Blue Shield of Tennessee (BCBST), marking the first enforcement action resulting from a breach self-report required by HITECH’s Breach Notification Rule.

For a more detailed analysis, please click here.