The Office for Civil Rights, which is the HIPAA enforcement arm of U.S Department of Health and Human Services (HHS), issued guidance today on how entities subject to HIPAA (covered entities) may disclose protected health information (PHI) about an individual who has been exposed to COVID-19 to law enforcement, paramedics, other first responders, and public […]
THE ADA’s Dental Debacle
By: Joel A. Holt, Esq., CIPP/US Talk about the ever changing world of information security and data privacy. Literally, something new, interesting, or terrible occurs daily. The latest giant balloon in the “parade of horribles” is the American Dental Association (“ADA”) providing its members with a free, electronic copy of the 2016 Dental Procedure […]
Clapper Claptrap…Data Breach Class Actions Are Alive and Kicking.
While attending the recent ABA Internet of Things Institute, I heard something troubling from a particular panelist, a data breach class action defense attorney. This attorney, from a monolithic law firm, proclaimed that data breach class-actions were, essentially, on life support as result of the U.S. Supreme Court’s (“SCOTUS”) decision in Clapper v. Amnesty Int’l […]
Hungry, Hungry HIPAA
One recent case that didn’t get much attention, but should have, clarifies Ohio health care providers’ potential exposure for the unauthorized disclosure of patient health information (“PHI”). On August 14, 2015, the Second District Court of Appeals decided Sheldon v. Kettering Health Network. [i] In Sheldon, the Second District addressed patients’ rights related to the […]
Information Governance: Culture of Security vs. Culture of Compliance
Organizations can, and often do, make the mistake of classifying information security as only a compliance matter. Much like taxes, workplace safety, and human resources, information security is governed by a complex set of statutes and regulatory rules. However, unlike the aforementioned areas, information security cannot adequately be solely addressed as a compliance matter.