Archives: Health Privacy

Subscribe to Health Privacy RSS Feed

EU Cyber Security Directive To Enter Into Force In August

The EU Network and Information Security (NIS) Directive now looks likely to enter into force in August of this year.  Member States will then have 21 months to implement it into national law before the new security and incident notification obligations will start to apply to the following entities: designated* “operators of essential services” within … Continue Reading

OCR Steps Up HIPAA Enforcement Following Breaches of Protected Health Information

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has been busy.  In addition to its recent efforts to begin audits of covered entities and business associates, OCR has announced a slew of enforcement actions against covered entities for alleged HIPAA violations.… Continue Reading

FTC Releases Online Tool to Help Health App Developers Identify Applicable Laws

A new post on the Covington eHealth blog discusses the new web-based interactive tool released by the FTC, in conjunction with HHS and the FDA, to assist mobile health app developers in navigating applicable federal laws and regulations in the areas of advertising and marketing, medical devices, and data security and privacy.  As part of … Continue Reading

SAMHSA Proposes Changes to Confidentiality Rules

On Tuesday, February 9, the Substance Abuse and Mental Health Services Administration (SAMHSA) published a proposed rule to update regulations at 42 C.F.R. Part 2 that protect the confidentiality of alcohol and drug abuse patient records.  The regulations were originally promulgated in 1975 and last substantively updated in 1987.  SAMHSA intends for these updates to … Continue Reading

HHS Issues Final Rule on HIPAA and Firearm Background Check Reporting

On January 6, as part of President Obama’s executive action to combat gun violence, HHS promulgated a final regulation modifying the HIPAA Privacy Rule to allow certain HIPAA covered entities to disclose limited information to the National Instant Criminal Background Check System (NICS).  We previously discussed the proposed rule here. Background:  The NICS, maintained by … Continue Reading

CEA Releases Guidelines on Privacy and Security of Personal Wellness Data

Last week, the Consumer Electronics Association (“CEA”) announced its Guiding Principles on the Privacy and Security of Personal Wellness Data, a set of baseline, voluntary guidelines for private-sector organizations that handle the type of data often produced by wearable technologies.  The Guiding Principles are categorized into eight areas and generally include the following recommendations: Security.  Robust … Continue Reading

HHS Launches Portal Seeking Questions from Mobile Health Application Developers

A new post on Covington’s Inside Medical Devices blog discusses a new portal recently launched by HHS seeking questions from mobile health application developers.  The platform allows for individuals to both submit and review questions on the HIPAA implications of these mobile health applications.  To read the post, click here.… Continue Reading

UK Government Launches Cybersecurity Service For Healthcare Organizations

The UK government has announced a new national service providing expert cybersecurity advice to entities within the National Health Service (NHS) and the UK’s broader healthcare system.  The project, called CareCERT (Care Computing Emergency Response Team), is aiming for a full go-live in January 2016. … Continue Reading

Proposed Rule Would Amend Federal “Common Rule” Requirements

On September 8, 2015, sixteen federal agencies published a long-awaited Notice of Proposed Rulemaking (NPRM) to modernize the Federal Policy for the Protection of Human Subjects, known as the “Common Rule.” The proposal, available here, includes a number of changes related to privacy and data security and other changes relevant to entities seeking to conduct … Continue Reading

Cybersecurity Risks with Connected Devices

By Bianca Nunes Cybersecurity vulnerability is becoming an increasing concern as medical devices are becoming more connected to the Internet, hospital networks, and other medical devices. As we previously reported, FDA has increasingly focused on promoting cybersecurity, recognizing that compromised medical devices can pose a risk to patient health and safety and to the confidentiality … Continue Reading

Multistakeholder Group Seeks Comment on Draft Framework for IoT Device Manufactures

Earlier this week, the Online Trust Alliance released a draft framework of best practices for Internet of Things device manufacturers and developers, such as connected home devices and wearable fitness and health technologies.  The OTA is seeking comments on its draft framework by September 14. The framework acknowledges that not all requirements may be applicable … Continue Reading

May 2015 EU mHealth Round-Up

May 2015 saw a number of developments in the EU mHealth sector worthy of a brief mention.  The European Commission announced that it would work on new guidance for mHealth apps, despite the European Data Protection Supervisor and British Standards Institution publishing their own just weeks earlier.  In parallel, the French data protection authority announced … Continue Reading

HHS Updates Health Data Privacy and Security Guide

The  Office of the National Coordinator for Health Information (ONC) recently released an updated Guide to Privacy and Security of Electronic Health Information.  The guide aims to help individuals, providers, and the health IT community understand the role of HIPAA for interoperability of health information. This guide updates the previous version issued by the ONC … Continue Reading

Draft House Cures Legislation Would Amend Federal Privacy Laws (Third Post in a Series)

As we discussed in two prior posts (here and here), the April 29, 2015, draft House 21st Century Cures bill would make several changes to federal health privacy law. This post focuses on provisions that would relax limitations on payment for PHI disclosed for research purposes and that would expand the purposes for which covered … Continue Reading

Draft House Cures Legislation Would Amend Federal Privacy Laws (Second Post in a Series)

As we discussed in a prior post, the April 29, 2015, draft House 21st Century Cures bill would make several changes to federal health privacy law. This post focuses on provisions that would allow remote access to PHI for purposes preparatory to research and that would permit individuals to make a one-time authorization of the … Continue Reading

Draft House Cures Legislation Would Amend Federal Privacy Laws (First Post in a Series)

On April 29, 2015, the U.S. House Energy and Commerce Committee released a revised discussion draft of the 21st Century Cures Act (“Cures”). The Cures bill would make several changes to existing federal privacy regulations promulgated under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health … Continue Reading

Anthem Insurance Set to Brief Congress Two Days after Disclosing Cyber Attack

Just two days after disclosing publicly that it was “the target of a very sophisticated external cyber attack” in which the personal information of over 80 million customers was compromised, officials of Anthem Inc., the nation’s second largest health insurance company, are to brief staffers of the House Energy and Committee on the security breach.  … Continue Reading

HIPAA 2015 Enforcement Priorities Highlight Cyber Threats, But Timing of HIPAA Compliance Audits Still Uncertain

On January 13, 2015, Jocelyn Samuels, director of the Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services, briefed reporters on the agency’s HIPAA enforcement priorities, noting a focus on threats to electronic health information, or ePHI.  For more information about the briefing, visit Covington’s eHealth blog.… Continue Reading

New California Health Privacy Law Goes into Effect

Many individuals are covered by health insurance but are not the policy holders for that coverage (e.g., the policy holder is a spouse or parent of the covered individual).  Routine communications sent by insurers, such as explanation of benefit letters or denial of claims notices, are often sent to the policy holder and may contain … Continue Reading

HHS Releases Guidance Regarding Application of HIPAA Privacy Rule in Emergency Situations

In response to the recent Ebola outbreak and other events, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has released guidance regarding the use and sharing of patient information in emergency situations.  The guidance emphasizes that HIPAA requirements are not suspended during an emergency.  However, the Privacy Rule includes several … Continue Reading

GAO Report Outlines Healthcare.gov’s Ongoing Privacy Issues

By Randall Friedland According to a GAO report published September 16th, Healthcare.gov, the health insurance exchange rolled out last October, still has significant privacy weaknesses. Specifically, the report outlined that despite the Centers for Medicare & Medicaid Services’ (CMS) efforts to increase the security and privacy of data that it processes, maintains, and shares with … Continue Reading

Schedule of Panelists for FTC’s Upcoming Big Data & Discrimination Workshop

As we have previously reported, in less than two weeks the FTC will host its anticipated workshop on big data and discrimination.  Today the FTC announced a full agenda and panelists for the September 15th event, “Big Data: A Tool for Inclusion or Exclusion?” which will take place in Washington, D.C., at the Constitution Center.  … Continue Reading
LexBlog