Employers are poised to collect health data from their workforces daily as they adopt temperature checks and other screening protocols to fight the coronavirus, triggering concerns about workers’ privacy and whether the practices will continue beyond the pandemic. “The temperature checks give employees and customers the feeling of safety and the idea that the company is doing everything possible, even if the screenings don’t protect the workplace,” said Michael Sheehan, a partner with McDermott Will & Emery, in a recent Bloomberg Law article. Access the full article.
With rapid developments in local, state and federal guidance and law, the appropriate approach for each employer in relation to COVID-19 will vary depending on the nature of their work, the industries served and their location and size, among other considerations. This article outlines what employers need to know about employees experiencing symptoms and employee absences. Access the full article.
On Monday March 6, 2017, the House Republican leadership in the Energy and Commerce and Ways and Means Committees unveiled their signature bill to “repeal and replace” the Affordable Care Act (ACA). The “American Health Care Act” (AHCA) is an effort to make good on President Trump’s promise to dismantle the ACA. Democrats are united in their opposition to the AHCA and other stakeholders have also come out against the bill – while the proposed legislation is subject to modification as it is marked up in committee and debated in Congress, certain provisions of the AHCA, if enacted, will be of particular importance to employers and provide the framework for a strategic road map as employers plan and design future health care benefits for their employees. Read the full article.
The US Department of Health and Human Services has recently issued guidance under the Health Insurance Portability and Accountability Act on what covered entities and business associates can do to prevent and recover from ransomware attacks; however, other state data breach notification laws can also be triggered by a ransomware attack. The authors of this article explain the guidance and what to do if you are subject to a ransomware attack. Read the full article here.
On July 28, 2016, US Department of Health and Human Services (HHS) issued guidance (guidance) under the Health Insurance Portability and Accountability Act (HIPAA) on what covered entities and business associates can do to prevent and recover from ransomware attacks. Ransomware attacks can also trigger concerns under state data breach notification laws. Ransomware is a type of malware (malicious software). It is deployed through devices and systems through spam, phishing messages, websites and email attachments, or it can be directly installed by an attacker who has hacked into a system. In many instances, when a user clicks on the malicious link or opens the attachment, it infects the user’s data. Ransomware attempts to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware. After the user’s data is encrypted, the ransomware attacker directs the user to pay a ransom in order to receive a...
On September 29, 2015, the U.S. Department of Health and Human Services Office of the Inspector General (OIG), Office of Evaluation and Inspections, released two studies calling on the HHS Office for Civil Rights (OCR) to strengthen its efforts in both general enforcement of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Standards and enforcement of security breach reporting requirements. OIG commissioned both studies out of concern for the increased risk of an invasion of privacy and exposure to fraud, identity theft and other harm that patients face in an ever-expanding digital health environment. Read the full On the Subject.
With no Congressional consensus to adopt a federal data privacy and breach notification statute, states are updating and refining their already-existing laws to enact more stringent requirements for companies. Two states recently passed updated data privacy laws with significant changes. Read the full post here.