Proposition 24 is known as the California Privacy Rights Act of 2020 (CPRA). It is on the ballot in California on November 3, and if it passes it will amend and expand certain provisions of the California Consumer Privacy Act (CCPA). Some say it’s CCPA 2.0, however, there are some provisions that make the CPRA
HITECH
CCPA Amendments Signed by Governor Newsom
Recently we wrote about two amendments to the California Consumer Privacy Act of 2018 (CCPA) that were awaiting signature on Governor Newsom’s desk: AB 1281, which extends the one-year exemptions for employee information and business to business information for another year until January 1, 2022; and AB 713, which provides an exemption from…
OCR Issues Fact Sheet Listing Circumstances in which Business Associates May Face Direct Liability for HIPAA Violations
In a development that may – understandably – have been overlooked by many heading into Memorial Day weekend, on May 24, 2019, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a Fact Sheet on Direct Liability of Business Associates under the Health Insurance Portability and Accountability Act (HIPAA).…
HHS Exercises Discretion to Reduce Maximum Annual Civil Money Penalties for Certain HIPAA Violations
On April 26, 2019, the U.S. Department of Health and Human Services (HHS) issued a Notification of Enforcement Discretion (Notice) regarding imposition of Civil Money Penalties (CMPs) under HIPAA. In the Notice, HHS announces that it has revisited its prior interpretation of the standards for assessment of CMPs under the HITECH Act, and is exercising…
Ciox Health, LLC Initiates Lawsuit against the Department of Health and Human Services Over Medical Records Request Fees under HIPAA and HITECH
On January 8, 2018, Ciox Health, LLC (Ciox) filed a complaint against the Department of Health and Human Services (HHS) and then-acting Secretary Eric D. Hargan, alleging that the Department’s rules and guidance, under HIPAA and HITECH, “impose[] tremendous financial and regulatory burdens on health care providers and threatens to upend the medical-records industry that…
Deadline for reporting 2015 data breaches to OCR quickly approaching
Pursuant to HIPAA/HITECH, covered entities are required to report breaches of unsecured protected health information that occurred in 2015 and affected less than 500 individuals to the Office for Civil Rights no later than 60 days after the end of the calendar year.
To be safe, covered entities may wish to complete their online reporting…
Seventh Circuit rules hospital system is not a Consumer Reporting Agency under FCRA
Is a hospital a “consumer reporting agency”? Can a health care provider be liable under the Fair Credit Reporting Act (FCRA) in the event of a data breach? The Seventh Circuit Court of Appeals recently considered these significant questions in the case of Tierney v. Advocate Health & Hosps. Corp. (7th Cir., No. 14-3168, August…
Hospital CFO Must Pay $4.4 Million For Falsely Attesting To Meaningful Use
The Health Information Technology for Economic and Clinical Health Act, adopted in 2009, pumped billions of dollars into hospitals and physicians (through the Centers for Medicare and Medicaid) in order to stimulate them to adopt electronic health records. To receive the economic incentives, hospitals and physicians had to “attest” to using electronic health records in…
HHS/Office of the National Coordinator issues report that health information sharing is being blocked to gain a competitive edge
In a scathing report released last Friday, the Department of Health and Human Services Office of the National Coordinator (ONC) accused hospitals and software vendors of preventing the sharing of health information in order for hospitals to prevent patients from being referred to or seeking treatment at nonaffiliated providers and electronic medical record vendors to…