On November 28, 2022, the Department of Health and Human Services (HHS) issued proposed changes to regulations implementing amendments Congress made in 2020 to the confidentiality of substance use disorder (SUD) records law. These long-awaited (and overdue) proposals paint an important picture of things to come, especially with respect to enforcement. Below are three key […]
Healthcare providers carry a heavy load and it just got heavier. In the wake of the reversal of Roe v. Wade and the prohibition and criminalization of abortion in some states, healthcare providers are now burdened with being more vigilant than ever in defending patients’ privacy rights. This is true in all states, even where […]
After failed attempts in years past, on April 28, 2022, Connecticut became the fifth state to pass a consumer data privacy bill. It is headed to the Governor’s desk for signature, and he is expected to sign. Entitled “An Act Concerning Personal Data Privacy and Online Monitoring,” it enjoyed bipartisan support passing unanimously in the […]
Written in collaboration with Nathaly Tamayo, JD.
Late in the legislative session, both the Connecticut House and Senate passed House Bill 5310 (now Public Act 21-59), An Act Concerning Data Privacy Breaches, which substantially amends Connecticut’s data breach notification statute (CGS §36a-701b). Although the bill implemented a number of revisions, the most notable changes significantly expand the definition of personal information and shorten the notification timeframe.
Two years after issuing a request for information seeking feedback on possible changes to HIPAA and smack dab in the middle of a global pandemic, the Department of Health and Human Services (HHS) and its Office for Civil Rights (OCR) announced major proposed changes to the HIPAA Privacy Rule. The proposed changes focus on coordination of care and significant revisions to the patient right of access provisions, including shortening the timeframe to respond to patient requests for records to 15 days and permitting patients to take photos or videos of their PHI.
We learned early in life from the Three Little Pigs that a house made of straw or sticks, while much easier to build, lacks the safety and security of a brick house. This fable’s lesson applies to many scenarios including the recent rapid deployment of telehealth services. While a pandemic, not laziness, caused the hurried telehealth services implementation for many, that’s irrelevant to the big bad wolf (and there is always a big bad wolf). He will come and he will huff, and he will puff, and he will compromise the privacy of patient information in a system without adequate protections.
In Part I of this mini-series last week, Dayle A. Duran, Esq., CIPP/US articulately described Apple and Google’s COVID-19 contact tracing API. Overall, she concluded that, if used as intended, the technology provides good privacy protections, but flagged that the real privacy risks lie in unintended use and function creep. Recently proposed bipartisan legislation may adequately address these concerns.
This is part one of a two-part series focused on COVID-19 contact tracing technology and its implications for US privacy law. The next installment of this series will examine legislative solutions to protect data subjects from misuse of information collected through contact tracing apps and related technologies.
Consider the following: “It’s time to eat, Grandma!” versus “It’s time to eat Grandma!” Punctuation saves lives. It also potentially saved AT&T and Hilton many millions of dollars in two Telephone Consumer Protection Act suits.