Tag Archives: Health Privacy

Anthem Insurance Set to Brief Congress Two Days after Disclosing Cyber Attack

Just two days after disclosing publicly that it was “the target of a very sophisticated external cyber attack” in which the personal information of over 80 million customers was compromised, officials of Anthem Inc., the nation’s second largest health insurance company, are to brief staffers of the House Energy and Committee on the security breach.  … Continue Reading

HIPAA 2015 Enforcement Priorities Highlight Cyber Threats, But Timing of HIPAA Compliance Audits Still Uncertain

On January 13, 2015, Jocelyn Samuels, director of the Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services, briefed reporters on the agency’s HIPAA enforcement priorities, noting a focus on threats to electronic health information, or ePHI.  For more information about the briefing, visit Covington’s eHealth blog.… Continue Reading

New California Health Privacy Law Goes into Effect

Many individuals are covered by health insurance but are not the policy holders for that coverage (e.g., the policy holder is a spouse or parent of the covered individual).  Routine communications sent by insurers, such as explanation of benefit letters or denial of claims notices, are often sent to the policy holder and may contain … Continue Reading

Client Event – Cyber Security Series, ‘Mitigating Information Loss in the Healthcare Industry: the Insider Threat’

Please note that this event, originally scheduled for December 10, is being rescheduled for February 2015 – date TBC Covington’s London office will be hosting a breakfast seminar for clients on ‘Mitigating Information Loss in the Healthcare Industry: the Insider Threat’ with The Chertoff Group.… Continue Reading

GAO Report Outlines Healthcare.gov’s Ongoing Privacy Issues

By Randall Friedland According to a GAO report published September 16th, Healthcare.gov, the health insurance exchange rolled out last October, still has significant privacy weaknesses. Specifically, the report outlined that despite the Centers for Medicare & Medicaid Services’ (CMS) efforts to increase the security and privacy of data that it processes, maintains, and shares with … Continue Reading

HHS Releases New Tool to Assist with HIPAA Risk Assessments

On March 28, HHS released new resources on risk analysis requirements under the HIPAA Security Rule.  The HIPAA Security Rule governs how electronic individually identifiable health information is maintained by covered entities and business associates.  In short, it requires covered entities and business associates to implement certain physical, administrative, and technical safeguards to protect the … Continue Reading

FTC Announces Settlement With Accretive Health Over Data Breach

The Federal Trade Commission (FTC) recently announced a settlement with Accretive Health, Inc., a provider of medical billing and revenue management services to hospitals.  The FTC’s complaint alleged that Accretive failed to provide reasonable and appropriate security for consumers’ personal information, and this failure constituted an unfair act or practice in violation of Section 5 … Continue Reading

House Republicans Signal Push for Data Breach Legislation

In the wake of the recent Target Corp. credit card data breach, Congress is once again turning its attention to data breach legislation. In a memorandum to Republican lawmakers on January 2, House Majority Leader Eric Cantor (R-Va.) stated that he intends to schedule legislation on security and breach notification requirements for federally facilitated healthcare … Continue Reading

FTC to Hold Seminars on Mobile Device Tracking, Alternative Scoring, and Consumer Health Information

The Federal Trade Commission (“FTC”) announced today that it will hold a series of three seminars in the spring focused on retail tracking, alternative scoring, and consumer health information.  The seminars are designed to shed light on new trends in big data and their impact on consumer privacy, according to the FTC.  The seminars will … Continue Reading

HHS to Issue Guidance on HIPAA Marketing Restrictions

In a court filing on September 11, 2013, attorneys for the U.S. Department of Health and Human Services (HHS) announced that HHS intends to issue further guidance on certain new marketing restrictions under HIPAA, finalized last January as part of the final HITECH omnibus rule, and to delay enforcement of those new marketing restrictions until … Continue Reading

HITECH Update #9: Omnibus Rule Revises Individual Rights to Request Restrictions, Access to Protected Health Information

This post is part of our series on key aspects of the final HITECH omnibus rule published by the U.S. Department of Health and Human Services (HHS) in the Federal Register on January 25, 2013. Previous posts are available here. The regulations are effective March 26, 2013, but covered entities and business associates have until … Continue Reading

HITECH Update #2: HHS Finalizes Privacy Rules to Protect Genetic Information

This post is part of our series on key aspects of the final HITECH omnibus rule issued by the U.S. Department of Health and Human Services (HHS) on January 17, 2013 (available here), and scheduled to be published in the Federal Register on January 25.  Previous posts are available here.  The regulations are effective March 26, 2013, … Continue Reading

EDPS Suggests Amendments to the Commission Proposal for a new Regulation on Clinical Trials on Medicinal Products for Human Use

On 19 December 2012, the European Data Protection Supervisor (EDPS) and the Assistant Supervisor, M. Giovanni Buttarelli, published a new Opinion that sets out their views on the Commission proposal for a new Regulation on Clinical Trials on Medicinal Products for Human Use (the Regulation).  The Commission proposal, released in July 2012, touches on a … Continue Reading

Health Officials Emphasize Data Security for Providers’ Mobile Devices

Recently, officials from the Office of the National Coordinator for Health Information Technology (ONC) in the Department of Health and Human Services stressed the need for data security in connection with providers’ use of mobile devices for health care delivery.  Approximately 81 percent of physicians use smart phones or mobile devices.  The need for data … Continue Reading

HHS Encourages Patients to Exercise Right to Access Health Records

The Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) recently released a one-page message from OCR Director Leon Rodriguez encouraging patients to exercise the right to access their medical records. Generally, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) grants patients the right to request and receive a copy … Continue Reading

Final HIPAA/HITECH Rule Expected by July

By Anna Kraus The Department of Health and Human Services (HHS) has submitted to the Office of Management and Budget (OMB) the long-awaited final rule implementing changes to the Health Insurance Portability and Accountability Act (HIPAA) regulations mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act.  The OMB has up to … Continue Reading

Minnesota AG Files First HIPAA Enforcement Action Against Business Associate

Last month, the Minnesota Attorney General filed a lawsuit in federal court against Accretive Health, Inc. alleging that the company violated various provisions of HIPAA as well as Minnesota consumer privacy and protection law.  Although HIPAA-covered entities have been the subject of enforcement actions by state AGs and the Department of Health and Human Services, … Continue Reading

Senate Hearings Focus on Lack of HIPAA Enforcement, Final HITECH Rule

The Senate Judiciary Subcommittee on Privacy, Technology, and Law recently held a hearing to discuss federal enforcement of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, entitled “Your Health and Your Privacy: Protecting Health Information in a Digital World.” In that hearing, Subcommittee … Continue Reading

HHS Regulatory Review Plan Contemplates Modifications to HIPAA

 By Anna Kraus Last Thursday, the Office of Management and Budget (OMB) released the preliminary regulatory review plans of 30 federal agencies, including the Department of Health and Human Services (HHS).  The regulatory review plans were mandated by President Obama in an executive order issued earlier this year, and are intended to identify initiatives to … Continue Reading

OIG Criticizes HHS Oversight of the HIPAA Security Rule, Data Security Controls in Health IT Standards

By Anna Kraus Last week, the Office of Inspector General (OIG) within the Department of Health and Human Services (HHS) issued two audit reports regarding federally mandated data security measures for health information.  Both reports are highly critical of HHS’s efforts to protect the security of electronic health information. In the first report, available here, … Continue Reading

Supreme Court Justices Seem Skeptical of Vermont Law Restricting Use of Prescriber-Identifiable Data

The U.S. Supreme Court heard oral argument last week in Sorrell v. IMS Health, Inc.  As described in our earlier post, the case involves a constitutional challenge to a Vermont law prohibiting the use or sale of doctors’ identifying information in prescription records—i.e., prescriber-identifiable data—without the doctor’s express consent. The key legal issue, as framed … Continue Reading

Saskatchewan Information and Privacy Officer Issues Advisory on Health Record Disposition

Improper disposition of medical records appears to be an international problem.  The Saskatchewan Information and Privacy Officer recently issued regulatory guidance to health care providers on complying with the province’s health data protection law.  The guidance is being sent to all health regulatory bodies and health care organization privacy boards in Saskatchewan to remind them … Continue Reading
LexBlog