PRIVACY + SECURITY BLOG

News, Developments, and Insights

The Failure of HIPAA’s Right of Access

HIPAA Right to Access PHI - TeachPrivacy 02

One of the biggest sore spots in HIPAA compliance has been providing individuals with their right to access their medical records. In addition to the countless anecdotal accounts about the painful process of getting medical records, a recent study demonstrated just how far there is to go for providers to be in compliance.  More than […]

Read More…

Strategic Privacy by Design: An Interview with Jason Cronk

Privacy by design — or “Data Protection by Design” as it is referred to in the General Data Protection Regulation (GDPR) — is essential to meaningful privacy protection. Yet, it is often quite thin and incomplete. As I wrote a few years ago about privacy by design, “The ‘privacy’ the designers have in mind might be […]

Read More…

HIPAA Training Overview Page

HIPAA Training - TeachPrivacy 01

We recently developed a new overview page that discusses my approach to HIPAA training.  The page discusses several dimensions about our training, including: different comprehensive annual HIPAA privacy and security modules depending upon whether an entity is a covered entity or business associate courses to cover the material at different lengths short modules (most 5 […]

Read More…

Did the LabMD Case Weaken the FTC’s Approach to Data Security?

Federal Trade Commission - Washington, DC

Co-Authored by Prof. Woodrow Hartzog On Wednesday, the U.S. Court of Appeals for the 11th Circuit issued its long-awaited decision in LabMD’s challenge to an FTC enforcement action: LabMD, Inc. v. Federal Trade Commission (11th Cir. June 6, 2018). While there is some concern that the opinion will undermine the FTC’s power to enforce Section 5 […]

Read More…