Amy C. Pimentel

Subscribe to Amy C. Pimentel's Posts
Amy C. Pimentel focuses her practice on privacy and data security and general health law. Her clients operate in a variety of industries, including health care, consumer products, retail, food and beverage, technology, banking and other financial services. Read Amy Pimentel's full bio.

HHS Issues Guidance on Requirements Under HIPAA for Online Tracking Technologies, Addressing Privacy and Security Concerns Related to Health Information


By , , , , and on Dec 20, 2022
Posted In Privacy and Data Security

On December 1, 2022, the Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) issued a Bulletin on the obligations of covered entities and business associates (regulated entities) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules (HIPAA Rules) when using online tracking...

Continue Reading



VIDEO: Transfers of Health Data from the European Union to the United States in a Post-Schrems II World


By and on May 27, 2021
Posted In Employee Benefits, Health and Welfare Plans, Privacy and Data Security

In this video, McDermott Will & Emery partner Amy C. Pimentel explains the significance of health data transfers from the European Union to the United States in a post-Schrems II world. The recent Schrems II ruling invalidated the EU-US Privacy Shield, holding that the US legal regime on access to personal data does not contain...

Continue Reading



GDPR 6 Months After Implementation: Where are We Now?


By and on Nov 13, 2018
Posted In Privacy and Data Security

The General Data Protection Regulation (GDPR) was the biggest story of 2018 in the field of global privacy and data protection. The GDPR became enforceable in European Union Member States on May 25, 2018, significantly expanding the territorial reach of EU data protection law and introducing numerous changes that affected the way organizations globally process...

Continue Reading



The Privacy Shield: September 30, 2016, Deadline for Early Self-Certification Offers Compliance Opportunity and Risk


By , and on Sep 6, 2016
Posted In Privacy and Data Security

The European Commission recently determined that the Privacy Shield Framework is adequate to legitimize data transfers under EU law, providing a replacement for the Safe Harbor program. The Privacy Shield is designed to provide organizations on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data...

Continue Reading



HHS Office of Inspector General Calls for Increased Oversight and Enforcement of HIPAA


By , and on Nov 19, 2015
Posted In Employment, Health and Welfare Plans, Privacy and Data Security

On September 29, 2015, the U.S. Department of Health and Human Services Office of the Inspector General (OIG), Office of Evaluation and Inspections, released two studies calling on the HHS Office for Civil Rights (OCR) to strengthen its efforts in both general enforcement of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Standards and...

Continue Reading



Privacy and Security Concerns for Employee Benefit Plans with Service Provider Relationships


By , and on Jul 21, 2015
Posted In Benefit Controversies, Employment, Fiduciary and Investment Issues, Health and Welfare Plans, Labor, Privacy and Data Security, Retirement Plans

Recent cyber-attacks on health insurers have heightened awareness that sensitive participant and beneficiary information may not be adequately secure. There will undoubtedly be other attacks on databases maintained by service providers to employee benefit plans, which raises an important question for Employee Retirement Income Security Act of 1974 (ERISA) fiduciaries: what should be done now...

Continue Reading



Update on State Breach Notification Laws


By on May 7, 2015
Posted In Privacy and Data Security

In the first few months of 2015, a number of states have introduced data breach notification bills and proposed legislative amendments designed to enhance consumer protection in response to increasingly high profile data breaches reported in the media.  This activity at the state level seems to indicate  that protecting consumers from data breaches is one...

Continue Reading



Employers with Group Health Plans: Have You Notified State Regulators of the Breach?


By and on Feb 23, 2015
Posted In Health and Welfare Plans, Privacy and Data Security

Data security breaches affecting large segments of the U.S. population continue to dominate the news. Over the past few years, there has been considerable confusion among employers with group health plans regarding the extent of their responsibility to notify state agencies of security breaches when a vendor or other third party with access to participant...

Continue Reading



STAY CONNECTED

TOPICS

ARCHIVES

Top ranked chambers 2022
US leading firm 2022