Archives: Privacy and Data Security

Subscribe to Privacy and Data Security RSS Feed

Digital Health Governance: Management and Strategy for the 21st Century Digital Economy

Jennifer Geetter and Dale Van Demark wrote this bylined article on how companies must manage and govern their use of digital healthcare information assets. “Organizations will need to design and implement digital governance structures that … include additional components and organizational stakeholders, in order to meet the business and strategic demands of the digital health … Continue Reading

OIG Reports More than $731 Million in Inappropriate Medicare Meaningful Use Payments

Amanda Enyeart and Lisa Schmitz Mazur wrote this bylined article explaining how the HHS Office of Inspector General used a survey by the Electronic Health Records (EHR) Incentive Program run by Centers for Medicare and Medicaid Services (CMS) to conclude that CMS made $729 million in inappropriate EHR incentive payments to physicians out of some … Continue Reading

Last but Not Least, Texas Takes the Final Steps to Embrace Telemedicine

As one of the last states to retain highly restrictive (and arguably anti-competitive) telemedicine practice standards, health care providers, regulatory boards, technology companies, payors and other stakeholders have been actively monitoring Texas’ approach to telemedicine regulation and the related Teladoc case. Senate Bill 1107, a bill that significantly eases the delivery of care via telemedicine … Continue Reading

Upcoming Employee Benefits Innovators Roundtable Series!

McDermott will be holding its annual Employee Benefits Innovators Roundtable Series this month. The roundtables offer experienced benefits professionals an opportunity to discuss cutting-edge, topical employer-driven benefit programs with their peers and members of McDermott’s employee benefits team. We are meeting in four locations this year. Join us in one of the following cities: May … Continue Reading

Key UK Employment Law Events in 2017 and Beyond

Current indications are that 2017 may be a fairly static year as regards to employment law. Whilst it is anticipated the government will trigger Article 50 to start Brexit negotiations, these are likely to last for at least two years, and existing employment laws are unlikely to feel any ripple effect from leaving the European … Continue Reading

Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws

The US Department of Health and Human Services has recently issued guidance under the Health Insurance Portability and Accountability Act on what covered entities and business associates can do to prevent and recover from ransomware attacks; however, other state data breach notification laws can also be triggered by a ransomware attack. The authors of this … Continue Reading

Protecting Against SEC Whistleblower Enforcement Actions: Employment and Severance Agreements

Large fines have recently been imposed against public companies due to using confidentiality provisions that violate whistleblower provisions under federal securities law. Many standard confidentiality clauses in employment agreements, severance agreements, release agreements, non-compete agreements and other employment related agreements will violate these whistleblower provisions. Recently, the Office of Compliance Inspections and Examinations at the … Continue Reading

The Impact of the EU Data Protection Regulation

The EU General Data Protection Regulation 2016/679 (GDPR) was published in the Official Journal of the European Union on 4 May 2016 following the compromise agreed among the Council of the European Union and the European Parliament. The GDPR will essentially affect any business coming into contact with European personal data. Read the full article … Continue Reading

The Privacy Shield: September 30, 2016, Deadline for Early Self-Certification Offers Compliance Opportunity and Risk

The European Commission recently determined that the Privacy Shield Framework is adequate to legitimize data transfers under EU law, providing a replacement for the Safe Harbor program. The Privacy Shield is designed to provide organizations on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data … Continue Reading

Brexit Update: The Effect of Brexit on Data Transfers between the United Kingdom and the European Union

With the United Kingdom having voted to leave the European Union (Brexit) on 23 June 2016, the free flow of personal data between the United Kingdom and EU and European Economic Area (EEA) countries is at risk. Should the United Kingdom also leave the EEA and thus become a “third country” for the purposes of … Continue Reading

HIPAA Privacy and Security Compliance for Group Health Plan Sponsors

Read our article on final HIPAA rules for privacy enforcement and audit programs, particularly those with additional requirements aimed at group health plan sponsors. This report focuses on the final regulations issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), in January 2013, HIPAA enforcement and audit programs, HIPAA-related additional requirements of … Continue Reading

Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws

On July 28, 2016, US Department of Health and Human Services (HHS) issued guidance (guidance) under the Health Insurance Portability and Accountability Act (HIPAA) on what covered entities and business associates can do to prevent and recover from ransomware attacks. Ransomware attacks can also trigger concerns under state data breach notification laws. Ransomware is a … Continue Reading

Integration of Technology Into Health Care Delivery

The integration of technology into health care delivery is exploding throughout the health industry landscape. Commentators speculating on the implications of the information revolution’s penetration of the health care industry envision delivery models rivaling those imagined by celebrated science fiction authors, and claim that the integration of information technology into even the most basic health … Continue Reading

Developing and Implementing an Effective Telemedicine Informed Consent Form

The search by consumers, payers and providers for more efficient, effective and convenient care delivery models has led to an explosion of technological innovation in the health care sector. This explosion has supported the increased use of telemedicine by providers to reach patients who were previously out of reach, and to provide more timely and … Continue Reading

Webcast: Fiduciary Issues and Data Privacy

Webcast Details: March 23, 2016 1:00 – 2:00 pm EDT / 12:00 – 1:00 pm CDT REGISTER HERE McDermott Will & Emery invites you to a webcast to hear how employers and third-party administrators protect the privacy of employee participants’ personal information. On March 23, 2016, Ann Killilea and Andrew Liazos will discuss complex issues … Continue Reading

HHS Office of Inspector General Calls for Increased Oversight and Enforcement of HIPAA

On September 29, 2015, the U.S. Department of Health and Human Services Office of the Inspector General (OIG), Office of Evaluation and Inspections, released two studies calling on the HHS Office for Civil Rights (OCR) to strengthen its efforts in both general enforcement of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Standards and … Continue Reading

Safe Harbor Not Binding! European Court of Justice Bares Its Teeth

In its decision on October 6, 2015 (file-no. C-362/14), the European Court of Justice (ECJ) stated that the commonly used Safe Harbor Principles, which were previously deemed to be a safe way to legally transfer data to the United States, are non-binding for national data protection authorities. Thus, after this judgment, the harbor is not … Continue Reading

Any Port in a Storm? EU-US Data Transfers After Schrems and Safe Harbor

Last week, the Court of Justice of the European Union (CJEU) gave an important data privacy ruling, which any business transferring personal data between the EU and US should know about – particularly those that have made use of the “Safe Harbor” scheme for data transfer, which the CJEU has now ruled to be invalid. … Continue Reading

Digital Due Diligence: Uncovering Violations in China

China’s current compliance challenges are a continuous source of concern for multi-national companies operating in China.    When conducting internal investigations, China has strong privacy protections for its employees.  Overstepping legal limits can lead to a variety of issues, from inadmissibility of evidence to tort actions, to criminal penalties in extreme cases. For more about the … Continue Reading
LexBlog