On October 2, 2024, the New York State Department of Health (DOH) published a new cybersecurity regulation (10 NYCRR 405.46) for all general hospitals licensed pursuant to article 28 of the Public Health Law. Although most of the regulation will
HIPAA
Violation of HIPAA Security Rule = Violation of NY SHIELD Act
HHS updates online tracker guidance
On March 18, 2024, the US Department of Health and Human Services (HHS) issued an updated, 17-page Bulletin titled “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates (the Bulletin). Our readers may recall that HHS had…
OCR and FTC Issue a Joint Letter Suggesting Enforcement Actions May Be in the Pipeline
On July 20, 2023 HHS and the Federal Trade Commission (“FTC”) issued a joint letter to approximately 130 companies regarding their online data collection processes. The letter follows the much discussed December 1, 2022, Bulletin that expanded the kinds of…
HHS: Online trackers without prior authorization and BAAs can violate HIPAA
HHS: Online trackers without prior authorization and BAAs can violate HIPAA
By Steve Roosa, Sue Ross, Dan Rosenzweig
On the evening of December 1, 2022, the U.S. Department of Health and Human Services (HHS) issued a 12-page Bulletin titled “…
OCR proposes to share HIPAA data breach settlements with victims
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) plans to issue an advance notice of proposed rulemaking this November on potentially sharing HIPAA breach settlements with victims.
NIST releases latest version of its Cybersecurity Framework
On April 16, 2018, the National Institute of Standards and Technology (NIST) unveiled Version 1.1 of its widely known Cybersecurity Framework, which incorporates changes based on feedback collected through comments, questions, and workshops held in 2016 and 2017.
FCC TCPA order partially upheld and partially set aside
On March 16, 2018, the U.S. Court of Appeals for the District of Columbia Circuit issued its decision on the Federal Communications Commission (FCC) omnibus order of 2015, relating to challenges to four of the FCC’s determinations relating to cell phones. The appellate court upheld the FCC’s determinations that consumers can revoke consent to receive marketing calls by “any reasonable means” that clearly expresses the desire to receive no further messages from the caller, and an exception for certain “emergency” healthcare-related calls. On the other hand, the court set aside the FCC’s decision regarding the definition of an “automatic telephone dialing system” (ATDS), and how callers can deal with reassigned numbers where the previous owner had consented to receive marketing calls.
Uber as a HIPAA business associate
Uber recently announced the launch of Uber Health, a non-emergency ride service that allows healthcare providers to schedule and pay for transportation for their patients. The stated purpose of the service is to expand medical transportation to traditionally underserved areas. Roughly 3.6 million Americans miss medical appointments each year due to lack of reliable transportation, contributing to the roughly $150 billion per year the healthcare industry loses due to missed appointments.
Amended Colorado bill aims to enhance data privacy laws
As Data Protection Report posted on January 29, 2018, lawmakers in Colorado are considering legislation that, if enacted, would significantly strengthen Colorado’s data privacy protections. On Wednesday, February 14, 2018, an amended bill passed unanimously in Colorado’s House Committee on State, Veterans and Military Affairs.