Aetna will pay almost $17.2 million to settle a federal class action lawsuit stemming from a 2017 mailing that disclosed the HIV status of health plan members. Aetna also agreed last week to pay a $1.15 million fine to the state of New York after the Attorney General Eric Schneiderman’s (NY AG) investigation into Aetna’s alleged violations of federal and … Continue Reading
After a year-long investigation into mobile health apps claiming to be able to measure vital signs or health indicators through smartphone sensors, the New York Attorney General (NY AG) settled claims against three developers alleged to have engaged in “misleading” marketing claims and “irresponsible” privacy practices. Mobile health apps … Continue Reading
Please join us for our March 2017 Privacy and Cybersecurity Events.
Representatives from government and the private sector discussed the present state of healthcare cybersecurity, and experts discussed practical strategies for implementing the HIPAA Security Rule at the ninth annual “Safeguarding Health Information: Building Assurance through HIPAA Security” conference held from October 19–20, 2016 and co-hosted by the National Institute of Standards and Technology (NIST) and the Department of … Continue Reading
Cloud service providers are on notice: you are HIPAA business associates, even if you are unable to access the HIPAA protected information in your cloud. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released guidance making clear that cloud service providers (CSPs) that create, receive, maintain, or transmit electronic protected health information (PHI) are covered … Continue Reading
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is taking an aggressive stand on HIPAA enforcement and targeting violations related to security risk assessments and business associate agreements. Three resolution agreements posted in the last month make clear that the agency expects entities subject to HIPAA to take appropriate steps to secure their data, regardless … Continue Reading
The Department of Health and Human Services (HHS) released guidance on July 11, 2016, intended to help the healthcare industry prepare for and respond to ransomware attacks. Specifically, this guidance clarifies: (1) that a ransomware attack is considered a “security incident” under HIPAA, and (2) that a ransomware attack will typically be considered a “breach” by HHS unless entities are … Continue Reading
Hogan Lovells hosted the second annual Health Privacy Law Forum (HPLF) for health privacy professionals. Participants spoke with Deven McGraw, Deputy Director of Health Information Privacy at the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and former Federal Trade Commissioner (FTC) Julie Brill, now a partner at Hogan Lovells and co-chair of its Privacy … Continue Reading
Following the launch of its mHealth Developer Portal last October, the HHS Office for Civil Rights (OCR) has released guidance clarifying how HIPAA applies to mobile health apps. Ensuring that developers understand their legal obligations is critical to protecting consumer privacy and security, especially now that there are more than 165,000 health apps available in the iTunes and Android app … Continue Reading
Last month, tucked into a 2,000-page spending bill, the Cybersecurity Information Sharing Act of 2015 (CISA) was enacted into law. Years in the making, CISA is intended to incentivize organizations to share cyber threat indicators with the federal government and to promote the dissemination of this information to organizations facing similar threats. CISA sponsors and supporters hope that such information … Continue Reading
The HHS Office for Civil Rights (OCR) has launched an online portal designed to solicit questions from mHealth developers regarding compliance with Health Insurance Portability and Accountability Act (HIPAA) privacy and security requirements. The portal is designed to demystify HIPAA for app developers while providing guidance to regulators about which aspects of HIPAA may require clarification.
OCR emphasized that the … Continue Reading
Government officials and experts from the private sector discussed enabling precision medicine and efforts to bolster patients’ rights to access medical records, and also emphasized the importance of controlling access to protected health information (PHI) at the eighth annual “Safeguarding Health Information: Building Assurance Through HIPAA Security” conference held from September 2–3, 2015, and co-hosted by the National Institute of … Continue Reading