Last week, four different settlement agreements were announced with four different Massachusetts hospitals to settle claims that they had violated HIPAA and state consumer protection and data security laws, by either not obtaining proper patient authorizations before allowing a television documentary to be filmed in the hospital or failing to investigate reports of inappropriate access

Just last month, the National Institute of Standards and Technology (“NIST”), in concert with the National Cybersecurity Center of Excellence (“NCCoE”), jointly published a behemoth guide to securing Electronic Health Records (“EHR”) on mobile devices.

The guide is a reaction to the growing number of issues with EHR in the mobile application context, as healthcare

As the lazy days of summer wind down slowly at first, and then all at once, now is a good time for a reminder that your own employees returning to work full steam may pose the biggest threat to your cybersecurity. According to the U.S. Department of Health and Human Services Office for Civil Rights,

In its August Cyber Security Newsletter, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) issued “Considerations for Securing Electronic Media and Devices.” In this guidance document, OCR reminds HIPAA covered entities and business associates that they are required, under the HIPAA Security Rule, to implement policies and procedures that: (1)

On August 30, 2018, in honor of the 22nd anniversary of the introduction of HIPAA, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) and the Office of the National Coordinator for Health Information Technology (“ONC”) released a blog post entitled “HIPAA & Health Information Portability: A Foundation for Interoperability.” This

Members of Shipman & Goodwin’s Privacy and Data Protection team join their health law colleagues in explaining how health centers can protect their client data as health care transforms with the use of tools like patient portals and telemedicine in the breakout session The Digital Era: Ensuring Data Privacy in the Age of Transformation.

In its July Cybersecurity Newsletter, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) issued “Guidance on Disposing of Electronic Devices and Media,” which reminds HIPAA covered entities and business associates that they are required under the HIPAA Security Rule to dispose of electronic devices and media in a secure manner. 

Bill Roberts will present on May 22nd at the Model Agreements & Guidelines International (MAGI) Clinical Research Conference in Arlington, Virginia, which runs from May 20 through the 23rd. Bill’s session on May 22, “Human Biological Material & Data Transfer Agreements: Ancillary Agreements that Matter” will address key contractual and regulatory concerns faced by research

Massachusetts has enacted a law that seeks to provide health care consumers additional privacy protections regarding communications from their health insurer. Signed into law on March 30, 2018, the Protecting Access to Confidential Health Care Act (PATCH Act) directs the Division of Insurance (DOI) to develop a new summary of payment form and gives covered persons the right to control who will receive that summary of payment form. In particular, the PATCH Act will give spouses and dependents of a policyholder enhanced confidentiality protections by allowing all insureds to direct their carrier to send the summary of payment form directly to the insured him or herself, rather than to the primary policyholder. The PATCH Act also allows all insureds to opt out of receiving the form if no payment is due, select an alternate address to receive the form, and access the form electronically. Last, it prohibits health insurance carriers from specifying or describing “sensitive health care services” in a summary of payment form, a term for which the DOI has been tasked with defining through regulation.
Continue Reading