Category Archives: COVID-19

HHS OCR Issues Guidance on HIPAA, COVID-19 Vaccinations, and the Workplace

On September 30, 2021, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) issued guidance to help the public understand when the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule applies to disclosures and requests for information about whether a person has received a COVID-19 vaccine.

The guidance reminds the public that the HIPAA Privacy Rule does not apply to employers or employment records.… More

Privacy and COVID-19 Contact Tracing – Lessons from South Korea?

Very interesting discussion in the most recent Journal of the American Medical Association, “Information Technology–Based Tracing Strategy in Response to COVID-19 in South Korea—Privacy Controversies.”

The sources of information are staggering in their breadth:  mobile phone carriers, immigration services, law enforcement, credit card companies, public transit companies, government agencies, health insurers and health care providers.  It is difficult to imagine this type of tracing in the United States.… More

Best Privacy and Security Practices, COVID-19 Edition (Hint: Fewer Differences than You Might Think)

Businesses scrambling to move their workforces into remote environments are rightly concerned about the smooth and productive flow of information, including question about whether there will be any government support for building out a remote infrastructure, and what limitations are there on the kinds of information employers may obtain or share to minimize the health impacts on their employees (both questions, among many others, that Foley Hoag’s COVID-19 Task Force was built to help answer). … More

Beware of COVID-19-Based Cyber Attacks, Say US and UK Agencies

Malicious cyber actors have been exploiting the COVID-19 crisis, warn the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC) in a joint release issued April 8. Bad actors have done so in two main ways: first, by grafting COVID-19-related themes onto standard cyberattack practices; second, by exploiting vulnerabilities in services that have seen increased use since the pandemic began.… More