Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: health privacy

Posted in Health Privacy/HIPAA

FPF Releases Guide for Consumer Wearables and Wellness Apps and Devices

On Wednesday, August 17, 2016, the Future of Privacy Forum released a set of detailed guidelines for the collection and use of consumer-generated wellness data. The document, Best Practices for Consumer Wearables & Wellness Apps & Devices, was drafted by FPF with input from a wide range of stakeholders, including privacy advocates, companies, and regulators. The Best Practices guidelines set forth a Fair Information Practice Principles-based trust framework that builds on existing legal expectations to provide a set of best practices providing appropriate protections given the nature and sensitivity of the data.

Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA

OCR Emphasizes Security Obligations of Business Associates with Latest Enforcement

The Department of Health and Human Services Office for Civil Rights is taking an aggressive stand on HIPAA enforcement and targeting violations related to security risk assessments and business associate agreements. Three resolution agreements posted in the last month make clear that the agency expects entities subject to HIPAA to take appropriate steps to secure their data, regardless of the size or type of the entity.

Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA

HHS Issues New Guidance on Ransomware and HIPAA

The Department of Health and Human Services released guidance on July 11, 2016, intended to help the healthcare industry prepare for and respond to ransomware attacks. Specifically, this guidance clarifies: (1) that a ransomware attack is considered a “security incident” under HIPAA, and (2) that a ransomware attack will typically be considered a “breach” by HHS unless entities are able to demonstrate that there is a “low probability of compromise.” The guidance also clarifies that covered entities must implement the same risk assessment processes as they would with other types of cyber threats, including malware. At a time when ransomware attacks are on the rise, this guidance heightens the potential regulatory enforcement consequences of these events.

Posted in International/EU Privacy

UK Government Consults on Data Security Standards and Data Sharing in the Health Sector

On 6th July, the UK Government published two independent reviews concerning data security and data sharing in the health and care system in England. At the same time the UK Government launched a public consultation on proposals resulting from these reviews. The public consultation will be of interest to organisations that regularly interact with the public health sector in the UK and in particular to those organisations that rely on access to health data from the NHS for research purposes.

Posted in News & Events

Hogan Lovells Brings Together Industry and Government Leaders for Second Annual Health Privacy Law Forum

Hogan Lovells hosted the second annual Health Privacy Law Forum for health privacy professionals yesterday. Participants spoke with Deven McGraw, Deputy Director of Health Information Privacy at the U.S. Department of Health and Human Services Office for Civil Rights , and former Federal Trade Commissioner Julie Brill, now a partner at Hogan Lovells and co-chair of its Privacy and Cybersecurity practice.

Posted in Health Privacy/HIPAA, International/EU Privacy

The Final GDPR Text and What It Will Mean for Health Data

The EU General Data Protection Regulation has been called the most lobbied piece of legislation in the history of the EU. Before Christmas last year, what is likely to be the final text of the GDPR emerged from the EU trilogue negotiations. Victoria Hordern, Senior Associate at Hogan Lovells, explores what the new GDPR will mean for those collecting and handling health data, and examines a number of the provisions and themes that impact the use of health data.

Posted in Health Privacy/HIPAA

As Business Associate Agreements Amendment Deadline Approaches, OCR Discusses Upcoming HIPAA Audits

The 2009 HITECH Act mandated that the U.S. Department of Health and Human Services Office for Civil Rights conduct periodic audits of covered entities and business associates for compliance with HIPAA privacy and security requirements. In 2012, OCR conducted a pilot audit program involving 115 covered entities. In February 2014, the agency issued a notice in the Federal Register announcing its plan to survey up to 1,200 covered entities and business associates to select organizations for the next round of HIPAA audits.

Posted in Consumer Privacy, Health Privacy/HIPAA

FTC Examines Benefits and Risks of Consumer Generated and Controlled Health Data

On May 7, 2014, the Federal Trade Commission (FTC) held a seminar on Consumer Generated and Controlled Health Data (CGHD) that included participants from government, industry, and advocacy organizations. The seminar—which consisted of opening remarks by FTC Commissioner Julie Brill, brief presentations by FTC representatives on health information data flows and sharing of CGHD with third parties, and a panel discussion moderated by FTC attorneys Kristen Anderson and Cora Han—examined the potential benefits and risks of CGHD.

Posted in Health Privacy/HIPAA

HHS Issues Final HITECH Regulations

The Department of Health and Human Services (HHS) just released the highly anticipated final regulations implementing the privacy and security provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act.  The regulations address: Final modifications to the HIPAA Privacy, Security and Enforcement Rules mandated by the HITECH Act; Final rule adopting changes […]

Posted in News & Events

Hogan Lovells Lawyers Speaking at IAPP

Hogan Lovells is proud to have six lawyers from its Privacy and Information Management group presenting at various sessions of this year’s IAPP Global Privacy Summit. For those attending the Summit, please consider attending the sessions this week to hear from members of the Hogan Lovells team about various cutting edge topics, as well as about how you can get involved in the IAPP’s public service initiative.