Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Tag Archives: HHS

Posted in Data Protection & Privacy

New York Regulators Lead the Charge to Fill Health Data Protection Gaps Left by Federal Law

New York AG Settles Data Protection Enforcement Against Mobile Health Apps

After a year-long investigation into mobile health apps claiming to be able to measure vital signs or health indicators through smartphone sensors, the New York Attorney General (NY AG) settled claims against three developers alleged to have engaged in “misleading” marketing claims and “irresponsible” privacy practices. Mobile health apps … Continue Reading

Posted in Data Protection & Privacy

New HHS Guidance Makes Clear HIPAA Applies in the Cloud

Cloud service providers are on notice: you are HIPAA business associates, even if you are unable to access the HIPAA protected information in your cloud. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released guidance making clear that cloud service providers (CSPs) that create, receive, maintain, or transmit electronic protected health information (PHI) are covered … Continue Reading

Posted in Data Protection & Privacy Katherine Gasztonyi

FPF Releases Guide for Consumer Wearables and Wellness Apps and Devices

On Wednesday, August 17, 2016, the Future of Privacy Forum (FPF) released a set of detailed guidelines for the collection and use of consumer-generated wellness data. The document, Best Practices for Consumer Wearables & Wellness Apps & Devices, was drafted by FPF with input from a wide range of stakeholders, including privacy advocates, companies, and regulators. The Best PracticesContinue Reading

Posted in Data Protection & Privacy

OCR Emphasizes Security Obligations of Business Associates with Latest Enforcement

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is taking an aggressive stand on HIPAA enforcement and targeting violations related to security risk assessments and business associate agreements. Three resolution agreements posted in the last month make clear that the agency expects entities subject to HIPAA to take appropriate steps to secure their data, regardless … Continue Reading

Posted in Data Protection & Privacy

HHS Issues New Guidance on Ransomware and HIPAA

The Department of Health and Human Services (HHS) released guidance on July 11, 2016, intended to help the healthcare industry prepare for and respond to ransomware attacks. Specifically, this guidance clarifies: (1) that a ransomware attack is considered a “security incident” under HIPAA, and (2) that a ransomware attack will typically be considered a “breach” by HHS unless entities are … Continue Reading

Posted in Data Protection & Privacy

Hogan Lovells Brings Together Industry and Government Leaders for Second Annual Health Privacy Law Forum

Hogan Lovells hosted the second annual Health Privacy Law Forum (HPLF) for health privacy professionals. Participants spoke with Deven McGraw, Deputy Director of Health Information Privacy at the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and former Federal Trade Commissioner (FTC) Julie Brill, now a partner at Hogan Lovells and co-chair of its Privacy Continue Reading

Posted in Data Protection & Privacy

OCR Highlights Priorities as it Steps Up HIPAA Enforcement

Last week, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) launched the long-awaited Phase 2 HIPAA Audit Program. Earlier this month, the agency posted two resolution agreements that continue the trend toward big dollar settlement amounts and a focus on security risk assessments and business associate agreements. With Phase 2 HIPAA Audits underway and more … Continue Reading

Posted in Data Protection & Privacy

OCR Releases mHealth Guidance for App Developers

Following the launch of its mHealth Developer Portal last October, the HHS Office for Civil Rights (OCR) has released guidance clarifying how HIPAA applies to mobile health apps. Ensuring that developers understand their legal obligations is critical to protecting consumer privacy and security, especially now that there are more than 165,000 health apps available in the iTunes and Android app … Continue Reading

Posted in Data Protection & Privacy Paul OttoJared Bomberg

Key U.S. Cybersecurity Provisions Signed into Law

Last month, tucked into a 2,000-page spending bill, the Cybersecurity Information Sharing Act of 2015 (CISA) was enacted into law. Years in the making, CISA is intended to incentivize organizations to share cyber threat indicators with the federal government and to promote the dissemination of this information to organizations facing similar threats. CISA sponsors and supporters hope that such information … Continue Reading