Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Melissa Bianchi

Posts by Melissa Bianchi
Posted in Consumer Privacy

California AG Submits CCPA Regulations for Approval – Requests Expedited Review Ahead of July 1 Enforcement Deadline

On June 1, The California Attorney General submitted the final text of the CCPA regulations to the California Office of Administrative Law for approval. Though regulations submitted to the OAL in June ordinarily would not become effective—if approved—until October 1, the CA AG has requested an expedited review. According to the CA AG, the expedited review would allow the regulations to become effective by July 1, which still is the date his office plans to begin enforcing the CCPA according to a public statement.

Posted in Consumer Privacy, News & Events

Second Modified CCPA Draft Regulations Released—Comments Due March 27

On March 11, The California Attorney General released a second set of modifications to the proposed regulations implementing the California Consumer Privacy Act. These modifications update the initial draft regulations published on October 11, 2019 as well as the first set of modified draft regulations published on February 10, 2020. The second set of modifications contain a small number of impactful changes, which we summarize in this post.

Posted in Consumer Privacy

Washington State to Try Again for a Comprehensive Privacy Law

Washington State is already shaping up as a center of state privacy legislation for 2020. Last year, SB 5376 gained significant traction in the legislature, passing the state Senate almost unanimously but ultimately failing in the House due to discussions around facial recognition and compliance challenges. State Senator Reuven Carlyle, chair of the state’s Senate Energy, Climate & Technology Committee, has now released a revised draft of the WPA for 2020. If enacted as drafted, this new version of the WPA would come into effect on July 31, 2021.

Posted in Consumer Privacy

California AG Releases Proposed CCPA Regulations

On October 10, California Attorney General Xavier Becerra released proposed regulations to implement certain provisions of the California Consumer Privacy Act. The proposed regulations would create many new requirements. They provide clarifications to businesses and consumers in five key CCPA areas as summarized within this post.

Posted in Health Privacy/HIPAA

California Consumer Privacy Act: The Challenge Ahead – Four Key Considerations for Health and Life Sciences Companies

The California Consumer Privacy Act of 2018 (CCPA) adds another set of privacy requirements for health and life sciences companies.  Managing the interaction of these new requirements with existing obligations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), California’s Confidentiality of Medical Information Act (CMIA), and other health privacy laws will continue to be an area of focus in the health privacy community for years to come. In the latest installment of the CCPA blog series, we describe these issues and outline four important steps health and life sciences companies may consider to assess the CCPA’s operational impact.

Posted in Health Privacy/HIPAA

HHS Issues New Guidance, Delays Enforcement on “Refill Reminders” Under HIPAA

On September 19, the Department of Health and Human Services issued new guidance on the “refill reminder” requirements under HIPAA. The new final HIPAA regulations, most of which go into effect on September 23, 2013, limit the remuneration that a covered entity may receive in exchange for making communications to patients about a drug or biologic currently prescribed to that patient.

Posted in Health Privacy/HIPAA

HHS issues a model privacy notice for Personal Health Records and proposed regulations to grant patients the right to access lab results directly

Today the U.S. Department of Health and Human Services (HHS) issued a voluntary privacy notice for Personal Health Records (PHRs) as well as new proposed rules that would expand the rights of patients to access test result reports directly from clinical laboratories covered by HIPAA.  Both announcements were part of a HHS Consumer Health IT […]

Posted in Health Privacy/HIPAA

ONC Launches New Privacy and Security Workgroup

The Office of the National Coordinator for Health IT (ONC) has organized a workgroup under the auspices of the HIT Policy Committee to move forward on and maintain consistency with respect to a range of privacy and security issues. This new “Privacy & Security Tiger Team” will be co-chaired by Deven McGraw, Center for Democracy […]

Posted in Health Privacy/HIPAA

HIT Policy Committee Workgroup Recommends Encryption Mandate

The Health IT Policy Committee’s Privacy and Security workgroup has recommended that patient data exchanged between providers for treatment purposes be governed by policies that “at least” include encryption. The HIT Policy Committee is a federal advisory committee established to provide guidance to the Office of the National Coordinator for Health IT (ONC) on health […]

Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA

Enforcement of HHS and FTC Breach Notification Rules Begin Today

Enforcement of the Department of Health and Human Services’ (“HHS’”) and the Federal Trade Commission’s (“FTC’s”) Breach Notification rules begin today. Both agencies initially exercised their enforcement discretion and delayed enforcement until February 22, 2010, to provide entities subject to the rules with time to implement compliance processes and procedures. HHS’ interim final rule on breach […]

Posted in Health Privacy/HIPAA

CMS and ONC Issue Regulations Proposing “Meaningful Use” Definition, Setting EHR Certification Standards

Today the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health IT (ONC) released two regulations relating to the Medicare and Medicaid incentives authorized by the American Recovery and Reinvestment Act of 2009 (ARRA).  Both rules have public comment periods of 60 days and are scheduled to be […]

Posted in Health Privacy/HIPAA

Federal Agencies Release New Genetic Information Privacy Rules

Several federal agencies released new rules yesterday implementing the Genetic Information Nondiscrimination Act of 2008 (GINA). GINA prohibits discrimination based on genetic information in health coverage and employment. The Departments of Labor, Treasury, and Health and Human Services (HHS) issued Interim Final Rules, and HHS separately, through the Office of Civil Rights (OCR), issued a Proposed […]

Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA

HHS Issues Form and Instructions for Submitting Notice of a Breach to the Secretary

The Department of Health & Human Services (“HHS”) published an electronic notification form for covered entities to submit notice of a breach of security to the Secretary. The electronic form, available on HHS’ website, is for notification of breaches affecting 500 or more individuals and for breaches affecting fewer than 500 individuals. The on-line form includes […]

Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA

FTC Breach Notification Rule Is Now in Effect

The health breach notification rule issued by the Federal Trade Commission (“FTC”) went into effect on Thursday, September 24, 2009. The FTC final rule, issued on August 17, 2009, applies to vendors of personal health records (“PHR vendors”), PHR-related entities and third-party service providers. HIPAA covered entities and business associates (when engaging in business associate activities) […]

Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA

HHS Breach Notification Rule Goes into Effect Today

  The breach notification rule issued by the Department of Health and Human Services (“HHS”) goes into effect on Wednesday, September 23, 2009.  HHS’ interim final rule on breach notifications, issued on August 24, 2009, requires entities covered by HIPAA to notify individuals, the HHS Secretary, and, in limited circumstances, the media following discovery of a […]