Tag Archives: Medical Privacy

Risk Management Strategies to Reduce Risk Associated with Telehealth

By Paulette Thomas on September 11, 2019 Posted in HHS, Medical Privacy

The use of technology to provide healthcare has existed for decades; however, recent advances in technology and changes in reimbursement have increased the prevalence of telehealth for diagnosing and treating patients. Telehealth is an emerging and promising method of providing healthcare in areas where healthcare may be limited or unavailable. Telehealth provides quality, cost-effective healthcare … Continue Reading

11th Circuit Issues Opinion Vacating Order That Required LabMD to Overhaul Its Data Security Program

By Kathryn Carey and Aaron Lancaster on June 8, 2018 Posted in Cybersecurity, Medical Privacy

On June 6, the 11th Circuit issued its long-awaited decision on LabMD Inc. v. Federal Trade Commission, vacating as unenforceable the Federal Trade Commission’s (FTC’s) cease and desist order that required LabMD to create and implement a variety of protective measures with respect to data security. Notably, however, the decision did not address the most … Continue Reading

Massachusetts AG Settlement Bars Geofencing Near Medical Facilities

By Melinda L. McLellan and Stephanie Lucas on April 10, 2017 Posted in Behavioral Advertising, Geolocation, Marketing, Medical Privacy, Mobile Privacy, State Legislation

On April 4, 2017, the Massachusetts Attorney General’s office announced that it had settled with a digital advertiser following allegations the company was using geolocation technology to target ads to women visiting reproductive health facilities. Although the company denied that it geofenced clinics in Massachusetts, the AG indicated that such targeting would violate the Massachusetts … Continue Reading

Business Associates in the Crosshairs: Catholic Health Care Services Settles for $650,000 for Failure to Safeguard PHI

By Lynn Sessions and Suchismita Pahi on July 7, 2016 Posted in HIPAA/HITECH, Medical Privacy

Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) recently agreed to enter into a $650,000 resolution agreement and a two-year corrective action plan (CAP) with the Office for Civil Rights (OCR). CHCS provides management and information technology services as a business associate to six nursing homes. The OCR settlement follows a finding that … Continue Reading

OCR Clarifies “Reasonable, Cost-Based” Fee Calculations for Access to Medical Records

By Lynn Sessions and Suchismita Pahi on June 9, 2016 Posted in Medical Privacy

By couching its position in an individual’s right to access protected health information (PHI), beginning on January 7, 2016, the U.S. Department of Health & Human Services’ Office for Civil Rights (OCR) issued guidance to covered entities clarifying access to PHI set forth in the Health Insurance Portability and Accountability Act of 1996 (HIPAA). §45 … Continue Reading

Use of File-Sharing Service Leads To $218,400 Fine For HIPAA Violations

By Eric A. Packel on July 14, 2015 Posted in HIPAA/HITECH, Medical Privacy

Internet-based file-sharing services such as Dropbox and Google Drive can be easy and convenient to use, whether via the touch of an app on a mobile device or by opening a browser on a PC. Healthcare professionals are often tempted to use such services to store or share documents, since the stored documents can be … Continue Reading

North Dakota Breach Notification Law – Personal Information Includes Health Information

By Kimberly M. Wong on September 29, 2013 Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, HIPAA/HITECH, Medical Privacy, State Legislation

North Dakota has amended its Notice of Security Breach for Personal Information statute, North Dakota Century Code Section 51-30 et seq., to expand the definition of “personal information” to include “medical information” and health insurance information.” Pursuant to the amended statute, “medical information” includes any information regarding an individual’s medical history, mental or physical condition, … Continue Reading

Healthcare Privacy and Data Protection – Year in Review

By Lynn Sessions on February 4, 2013 Posted in HIPAA/HITECH, Medical Privacy

BakerHostetler’s Privacy and Data Protection Team has handled some of the largest and most complex privacy incidents and regulatory investigations in the healthcare industry. This Year in Review gives a summary of the team’s activity in 2012.… Continue Reading

Be Prepared: Redline Version of the HIPAA/HITECH Final Rule

By Theodore J. Kobus III on January 22, 2013 Posted in HIPAA/HITECH, Medical Privacy

The final rule is significant for any organization that is considered to be a HIPAA covered entity (“CE”) (health systems, health care providers, health plans, etc.) or the more broadly defined business associate (“BA”). During our initial analysis of the final rule, we note significant changes to the way a breach is defined and we … Continue Reading

WEBINAR: The HIPAA/HITECH Final Rule is Out

By BakerHostetler on January 18, 2013 Posted in HIPAA/HITECH, Medical Privacy

The long awaited HIPAA/HITECH final rule is out. Please join Data Privacy Monitor contributors, Theodore J. Kobus III and Lynn Sessions for a webinar that will cover what stands out as big changes and how healthcare organizations need to prepare. Have the standards just been juggled or will healthcare organizations need to change their approach? A … Continue Reading