Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: Health Privacy

Subscribe to Health Privacy RSS Feed

Anthem Insurance Set to Brief Congress Two Days after Disclosing Cyber Attack

Posted in Health Privacy

Just two days after disclosing publicly that it was “the target of a very sophisticated external cyber attack” in which the personal information of over 80 million customers was compromised, officials of Anthem Inc., the nation’s second largest health insurance company, are to brief staffers of the House Energy and Committee on the security breach. … Continue Reading

HIPAA 2015 Enforcement Priorities Highlight Cyber Threats, But Timing of HIPAA Compliance Audits Still Uncertain

Posted in Health Privacy

On January 13, 2015, Jocelyn Samuels, director of the Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services, briefed reporters on the agency’s HIPAA enforcement priorities, noting a focus on threats to electronic health information, or ePHI.  For more information about the briefing, visit Covington’s eHealth blog.

New California Health Privacy Law Goes into Effect

Posted in Health Privacy

Many individuals are covered by health insurance but are not the policy holders for that coverage (e.g., the policy holder is a spouse or parent of the covered individual).  Routine communications sent by insurers, such as explanation of benefit letters or denial of claims notices, are often sent to the policy holder and may contain… Continue Reading

HHS Releases Guidance Regarding Application of HIPAA Privacy Rule in Emergency Situations

Posted in Health Privacy

In response to the recent Ebola outbreak and other events, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has released guidance regarding the use and sharing of patient information in emergency situations.  The guidance emphasizes that HIPAA requirements are not suspended during an emergency.  However, the Privacy Rule includes several… Continue Reading

GAO Report Outlines Healthcare.gov’s Ongoing Privacy Issues

Posted in Health Privacy

By Randall Friedland According to a GAO report published September 16th, Healthcare.gov, the health insurance exchange rolled out last October, still has significant privacy weaknesses. Specifically, the report outlined that despite the Centers for Medicare & Medicaid Services’ (CMS) efforts to increase the security and privacy of data that it processes, maintains, and shares with… Continue Reading

Schedule of Panelists for FTC’s Upcoming Big Data & Discrimination Workshop

Posted in Advertising & Marketing, Emerging Technologies, Federal Trade Commission, Health Privacy, Marketing, United States

As we have previously reported, in less than two weeks the FTC will host its anticipated workshop on big data and discrimination.  Today the FTC announced a full agenda and panelists for the September 15th event, “Big Data: A Tool for Inclusion or Exclusion?” which will take place in Washington, D.C., at the Constitution Center. … Continue Reading

Ten Key Take-Aways From the White House Big Data Report

Posted in Health Privacy, Privacy Policies, United States

On Thursday, the White House Big Data Working Group, led by senior presidential advisor John Podesta, released a 79-page report that outlines a number of key observations and recommendations for privacy in both the private sector and government.  Although the report does not create binding law, it provides insight into the administration’s  priorities on a… Continue Reading

Two HIPAA Settlements Follow Stolen Laptops

Posted in Health Privacy

Recently, HHS Office of Civil Rights (OCR) announced that it has entered into settlement agreements with two entities following enforcement actions, both arising from stolen laptops that were not encrypted in accordance with the Security Rule.  According to HHS, an unencrypted laptop was stolen from a physical therapy center in Springfield, Missouri.  The center was… Continue Reading

FTC to Examine Impact of “Big Data” on Low-Income and Underserved Communities

Posted in Federal Trade Commission, Marketing, United States

This morning, the FTC announced that it would host a public workshop in September entitled “Big Data: A Tool for Inclusion or Exclusion?” in order to examine the increasing use of big-data analytics and its potential impact on low-income, diverse, and underserved American consumers.  The FTC noted that while predictive-analytic techniques produce tremendous benefits by… Continue Reading

HHS Releases New Tool to Assist with HIPAA Risk Assessments

Posted in Health Privacy

On March 28, HHS released new resources on risk analysis requirements under the HIPAA Security Rule.  The HIPAA Security Rule governs how electronic individually identifiable health information is maintained by covered entities and business associates.  In short, it requires covered entities and business associates to implement certain physical, administrative, and technical safeguards to protect the… Continue Reading

WEDI Issues Guidance for Assessment of Potential Breaches under HIPAA

Posted in Health Privacy

Recently, the Workgroup for Electronic Data Interchange (WEDI) published a Breach Risk Assessment Issue Brief for stakeholders to use in analyzing whether a breach of  protected health information (PHI) has occurred under the Health Insurance Portability and Accountability Act (HIPAA).  Background Under HIPAA’s breach notification rule, covered entities and business associates are required to notify… Continue Reading

FTC Announces Settlement With Accretive Health Over Data Breach

Posted in Data Breaches, Data Security, Health Privacy

The Federal Trade Commission (FTC) recently announced a settlement with Accretive Health, Inc., a provider of medical billing and revenue management services to hospitals.  The FTC’s complaint alleged that Accretive failed to provide reasonable and appropriate security for consumers’ personal information, and this failure constituted an unfair act or practice in violation of Section 5… Continue Reading

HHS Issues Proposed Rule on HIPAA and Firearm Background Check Reporting

Posted in Health Privacy

By Rachel Grunberger and Anna Kraus On January 7, 2014, the Department of Health and Human Services (HHS) published a notice of proposed rulemaking to modify the HIPAA Privacy Rule to expressly allow certain disclosures to the National Instant Criminal Background Check System (NICS).  As we previously reported, this was one of the executive actions in… Continue Reading

House Republicans Signal Push for Data Breach Legislation

Posted in Congress, Data Breaches, Health Privacy

In the wake of the recent Target Corp. credit card data breach, Congress is once again turning its attention to data breach legislation. In a memorandum to Republican lawmakers on January 2, House Majority Leader Eric Cantor (R-Va.) stated that he intends to schedule legislation on security and breach notification requirements for federally facilitated healthcare… Continue Reading

HHS Announces First HIPAA Settlement Based on Lack of Breach Notification Policies and Procedures

Posted in Health Privacy

By Rachel Grunberger and Anna Kraus On December 27, 2013, the Office for Civil Rights (OCR) within the Department of Health and Human Services (HHS) announced a HIPAA settlement with Adult & Pediatric Dermatology, P.C. (APDerm), a private dermatology practice with locations in Massachusetts and New Hampshire.  According to HHS, this is the first settlement… Continue Reading

HHS OIG Releases Report on HIPAA Enforcement Efforts

Posted in Health Privacy

Recently, the Office of Inspector General (OIG) at HHS released a report on the HIPAA enforcement efforts of HHS’s Office for Civil Rights (OCR).  Specifically, the OIG looked at whether OCR’s efforts to enforce HIPAA’s Security Rule were adequate.  The OIG’s findings may lead to increased enforcement efforts by OCR.  Background on the Security Rule… Continue Reading

Key Takeaways from Last Week’s FTC Workshop on Native Advertising: Many Questions and Few Answers

Posted in Marketing, Social Media, Uncategorized

By Katharine Goodloe and Morgan Kennedy Last week, the FTC hosted a public workshop on native advertising to examine how best to address occasions in which certain media outlets blur the traditional line between advertisements and editorial content.  The workshop brought together a collection of brand-name companies that use native advertising, content-placement companies that help… Continue Reading

FTC to Hold Seminars on Mobile Device Tracking, Alternative Scoring, and Consumer Health Information

Posted in Federal Trade Commission, Financial Privacy, Health Privacy, United States

The Federal Trade Commission (“FTC”) announced today that it will hold a series of three seminars in the spring focused on retail tracking, alternative scoring, and consumer health information.  The seminars are designed to shed light on new trends in big data and their impact on consumer privacy, according to the FTC.  The seminars will… Continue Reading

CA Governor Signs Bill Providing Online Protections For Minors

Posted in Advertising & Marketing, Children's Privacy, Marketing, Online, Social Media, State Legislatures, United States

Earlier this month, we blogged about the California Senate’s passage of the bill titled “Privacy Rights for California Minors in the Digital World”, which prohibits certain targeted advertising to California minors and requires that minors be allowed to delete materials they have posted online.  Yesterday, California Governor Jerry Brown signed the legislation, and it will… Continue Reading

HHS Issues Guidance on Refill Reminders under HIPAA

Posted in Health Privacy, Marketing

On September 19, HHS released additional guidance on the “refill reminder exception” in HIPAA, which allows — in some circumstances — paid communications regarding a drug or biologic currently prescribed to a patient. Background In January 2013, HHS finalized new restrictions on marketing as part of the final omnibus rule implementing changes to HIPAA under… Continue Reading

HHS to Issue Guidance on HIPAA Marketing Restrictions

Posted in Health Privacy, Litigation, Marketing

In a court filing on September 11, 2013, attorneys for the U.S. Department of Health and Human Services (HHS) announced that HHS intends to issue further guidance on certain new marketing restrictions under HIPAA, finalized last January as part of the final HITECH omnibus rule, and to delay enforcement of those new marketing restrictions until… Continue Reading