M. Scott Koller

This afternoon, HHS released the attached omnibus final rule modifying the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules as required the Health Information Technology Economic and Clinical Health (HITECH) Act and the Genetic Information Nondiscrimination Act (GINA). Notably, the final rule makes business associates of covered entities directly liable for certain HIPAA Privacy and [...]

Covered Entities and HIPAA practitioners should be aware that the Office of Civil Rights (OCR) has issued guidance about methods and approaches to achieve de-identification in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. The full text is available here: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/De-identification/guidance.html

California Attorney General Kamala Harris has reportedly sent out notices warning as many as 100 mobile app developers that they must conspicuously post privacy policies within the next 30 days to be in compliance with the California Online Privacy Protection Act, Bloomberg reports. The new state protocol requires mobile applications that collect personal data within the [...]

The operator of fan Web sites for pop stars Justin Bieber, Selena Gomez, Rihanna and Demi Lovato agreed to pay a $1 million civil penalty to settle federal charges that the sites had illegally collected personal information about thousands of children, the Federal Trade Commission said Wednesday. Artist Arena, a company that operates fan web [...]

In late 2010, Sean Brooks received three e-mails over a span of 30 hours warning that his accounts on LinkedIn, Battle.net, and other popular websites were at risk. He was tempted to dismiss them as hoaxes—until he noticed they included specifics that weren’t typical of mass-produced phishing scams. The e-mails said that his login credentials [...]

Beth Israel Deaconess Medical Center (BIDMC) in Boston is in the process of notifying approximately 3,900 patients of a potential breach of protected health information (PHI) as a result of a physician’s stolen personal laptop computer. The computer was stolen from the office of a BIDMC physician on May 22. The computer, which contained a [...]

Watch out, Silicon Valley, there’s a new startup in town and its gunning for you. California Attorney General Kamala Harris announced Thursday she’s created a unit intended to actually enforce federal and state privacy laws. “The Privacy Unit will police the privacy practices of individuals and organizations to hold accountable those who misuse technology to [...]

On June 7, 2012, at the annual Safeguarding Health Information: Building Assurance through HIPAA Security Conference hosted in Washington, D.C. by the Department of Health and Human Services Office for Civil Rights (“OCR”) and the National Institute of Standards and Technology (“NIST”), OCR Director Leon Rodriguez said that, given HIPAA’s 15-year history and the substantial technical assistance OCR [...]

This morning, the Supreme Court issued its highly anticipated decision on the constitutionality of portions of the Affordable Care Act (Nat. Fed’n Indep. Business v. Sebelius, Florida v. Dept. of HHS; and Dept. of HHS v. Florida).  The majority of the Court concluded the following on the key questions in the case – 1. The individual mandate is constitutional as an exercise of Congress’ [...]

By Amy Crafts Following a two year investigation by the Massachusetts Attorney General’s Office (“AGO”), a local Massachusetts hospital has agreed to pay $775,000 to resolve allegations that it failed to protect the personal and confidential health information of more than 800,000 consumers. The investigation and settlement resulted from a data breach disclosed by South Shore Hospital [...]