Lessons from the first enforcement action of 2020: (1) No covered entity is immune from HIPAA enforcement. (2) Craft factual breach reports that leave no unanswered questions and do not unnecessarily grab OCR’s attention.
Author Archives: Dena M. Castricone, CIPP/US, CIPM
Consider the following: “It’s time to eat, Grandma!” versus “It’s time to eat Grandma!” Punctuation saves lives. It also potentially saved AT&T and Hilton many millions of dollars in two Telephone Consumer Protection Act suits.
A relatively new kind of ransomware is targeting law firms and publicly shaming them into paying the ransom or risk having the firm’s data dumped on the internet. In other ransomware news, instead of money, some hackers are demanding photos of women’s body parts.
Career day. Second grade. In my brown, corduroy blazer and matching briefcase (don’t judge – it was the early ‘80s), I was surrounded by football players and ballerinas.
The proposed modifications provide much-needed clarity to covered businesses in advance of the enforcement deadline and show that the AG seriously considered the comments and feedback it received. This post offers a very brief summary of some of the notable changes.
Just over a week ago, a federal district court invalidated part of HHS’s 2016 guidance on the fees a covered entity can charge for patient records. The court found that HHS exceeded its authority when it declared that only a limited fee could be charged for records sent to a third party at a patient’s direction.
Yesterday afternoon, Facebook announced its settlement of a biometric privacy class action for $550 million, the largest privacy class action settlement to date.
It appears that the 2019 HIPAA enforcement year is over with a lot less fanfare (and cash) than last year but it did provide important insights into enforcement trends. *Distributed by Law360 on January 22, 2020 and included in its Health Law and Cybersecurity and Privacy Law. newsletters.
Just two weeks into the new year and at least three states already have proposed privacy legislation boasting CCPA and GDPR-like provisions. This flurry of early legislative activity is just a preview of what we are likely to see during state legislative sessions throughout the year.
It appears that the 2019 HIPAA enforcement year is over with a lot less fanfare (and cash) than last year. The total in settlements and penalties for 2019 is $12.2 million, which is substantially less than OCR’s highest ever total of $28.7 million just one year ago.