And CT Makes Five: The Connecticut Legislature Passes A Consumer Data Privacy Bill

After failed attempts in years past, on April 28, 2022, Connecticut became the fifth state to pass a consumer data privacy bill.  It is headed to the Governor’s desk for signature, and he is expected to sign.  Entitled “An Act Concerning Personal Data Privacy and Online Monitoring,” it enjoyed bipartisan support passing unanimously in the […]

Three Dentists and a Psychiatrist Walk into a Bar: Four HIPAA Enforcement Actions that are No Joke

Three dentists and a psychiatrist walk into a bar . . . and they each walk out with a five-figure tab for HIPAA compliance failures.  It’s not funny, but the five-figure payment part is true and there’s a lot to be learned from their mistakes. The Department of Health and Human Services’ Office for Civil […]

HIPAA Right of Access Video Series

DMC Law is launching Privacy Pointers, which features short and informative videos on various privacy topics.  We begin Privacy Pointers with a series of videos on HIPAA’s Right of Access. There are six videos in this series that explore important aspects of the Right of Access.  Each video is no more than 5 minutes in length. […]

Federal Court Strikes Down Part of Surprise Billing Rule

A federal district court in Texas issued an opinion on February 23, 2022 (Decision) in which it concluded that the involved governmental agencies made some significant missteps in promulgating regulations under the No Surprises Act (NSA).  The NSA took effect on January 1, 2022 and establishes federal protections against surprise medical bills.  The law and […]

A Year in Review: HIPAA Enforcement Action Resolutions in 2021

Here it is!  My annual summary of HIPAA enforcement action resolutions.  I know you all have been eagerly awaiting its arrival.  No plot twists or surprises this year – the enforcement themes are much the same as those in 2020.  As I explain below, Right of Access was again the star. 

CT AG Announces Online Breach Reporting Form

Today, the Connecticut Attorney General’s office announced that it created an online form for data breach reporting.  According to the CT AG’s office, “[t]he need for a standardized, online submission form was also motivated by recent amendments to Connecticut’s data breach notification statute.”  Those amendments, which took effect on October 1, 2021, include a broadened definition of personal information and a reduced timeframe for notification and reporting from 90 days to 60 days. 

The Good Faith Estimate Requirement Under the No Surprises Act

Effective January 1, 2022, healthcare providers and facilities will be subject to the No Surprises Act (NSA), which establishes federal protections against surprise medical bills. While there are several parts of the NSA that impact some but not all healthcare providers or facilities (e.g., balance billing prohibitions), the requirement to provide good faith estimates (GFEs) […]

OCR Announces Five More HIPAA Right of Access Resolutions

Yesterday, the Department of Health and Human Services’ Office for Civil Rights announced the resolution of five more HIPAA Right of Access claims. That brings the total number of Right of Access resolutions this year to 12 (including a civil monetary penalty), edging out last year’s total of 11. As for settlement and penalty amounts, the Right of Access total for 2021 has surpassed 2020 by more than $300,000.

This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies.