Posts about Health Privacy by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
A recent article in The Atlantic discusses the risk of 23andMe selling its vast stockpile of DNA data on 15 million individuals: 23andMe is not doing well. Its stock is on the verge of being delisted. It shut down its in-house drug-development unit last month, only the latest in several rounds of layoffs. Last week, the entire […]
If you couldn’t make it to my recent webinar on Washington’s My Health My Data Act (MHMDA) and the new state health privacy laws, you can watch the replay here. I had a great discussion with Mike Hintze (Hintze Law).
If you couldn’t make it to my recent webinar on HIPAA and health privacy developments in 2023, you can watch the replay here. I had a great discussion with Deborah Gersh, Adam Greene, and Kate Black.
The U.S. Court of Appeals for the 5th Circuit just issued a blistering attack on HIPAA enforcement by the U.S. Department of Health and Human Services (HHS). In University of Texas M.D. Anderson Cancer v. Department of Health and Human Services (No. 19-60226, Jan. 14, 2021), the 5th Circuit struck down a fine and enforcement […]
In this video, Daniel Solove and Tracy Mitrano (former IT Policy at Cornell and now Democratic candidate for US Senate in New York’s 23rd district) discuss Covid, privacy, education, work-from-home, and other privacy, security, and technology issues.
HIPAA training is an specific requirement of HIPAA. HIPAA requires that covered entities (CEs) and business associates (BAs) provide HIPAA training to members of their workforce who handle protected health information (PHI). This means administrative and clinical personnel need to be trained. Business associates — and any of their subcontractors — must have training. Basically, […]
This cartoon is about de-identifying PHI under HIPAA. De-identifying personal data is quite complicated. Researchers have been able to re-identify sets of personal data with just names, birth dates, and gender. The reason why de-identifying data is difficult is that there is more and more identified personal data online that can be matched up […]
Days after my recent blog post on the HIPAA Right of Access, the OCR released details of their first enforcement action for violation of the Right of Access. The complaint, received in August 2018, involved a mother who waited over 9 months to receive prenatal records from Bayfront Health in St. Petersburg. She requested the […]
One of the biggest sore spots in HIPAA compliance has been providing individuals with their right to access their medical records. In addition to the countless anecdotal accounts about the painful process of getting medical records, a recent study demonstrated just how far there is to go for providers to be in compliance. More than […]
Quietly, at the end of April, HIPAA was significantly weakened. HHS published what sounds like an innocuous notification in the Federal Register: Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties. This notification is actually an enormous change to the HIPAA penalty structure, a drastic reduction in HIPAA fines. The existing penalty structure under HIPAA […]