Tag Archives: disclosure

COVID-19 and HIPAA: OCR Guidance on Disclosures to Law Enforcement, First Responders, and Public Health Authorities

On March 24, 2020, the Office for Civil Rights (OCR) at the Department of Health and Human Services issued guidance on how HIPAA covered entities may disclose protected health information (PHI) about an individual who has been infected with or exposed to COVID-19 to law enforcement, paramedics, other first responders, and public health authorities in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule.… More

China’s Internet Regulator Drafts COPPA-Like Rules for Children’s Data Privacy

In early June, the Cyberspace Administration of China released for public comment new draft regulations applicable to the collection of personal information relating to children under 14 by online service providers.

The draft regulations share many of the same structures as those utilized by the Children’s Online Privacy Protection Act (“COPPA”) in the United States:

  • online service operators will have to obtain parental consent based on a comprehensive disclosure about the collection,…
  • More

The Cost of a Free Press: Allergy Practice Pays $125,000 to Settle Physician’s Disclosure of Patient Information on TV

Allergy Associates of Hartford, P.C. (“Allergy Associates”), has agreed to pay $125,000 to the Office for Civil Rights (“OCR“) at the U.S. Department of Health and Human Services (“HHS”) and to adopt a corrective action plan to settle potential violations of the HIPAA Privacy Rule.  Allergy Associates is a health care practice that specializes in treating individuals with allergies, and is comprised of three doctors at four locations across Connecticut.… More

Data Breaches, Media Relations, and the Bottom Line

Data breaches are crisis moments that businesses must prepare for in many ways: not just in taking steps at prevention, but also mitigating losses, arranging for business continuity, complying with legal and regulatory requirements, and communicating adequately with customers. Waiting to think about such issues when a data breach occurs can increase costs (including the costs associated with the time needed to restore normal business operations) and harm a company’s reputation.… More

“Once More Unto the Breach, Dear Friends, Once More”: The Increasing Recognition of Complexity in Data Breach Response and Reporting

In an article in today’s New York Times, we get some real-life insight into the difficulties in responding to a data breach.  Even simple questions, like whether or not to report the breach and who is responsible for reporting it, take on unforeseen complexity.

The particular breach in question happened at the Massachusetts eHealth Collaborative, when an employee’s car was broken into and a company laptop stolen. … More