PRIVACY + SECURITY BLOG

News, Developments, and Insights

First OCR Enforcement of HIPAA’s Right of Access

HIPAA Right to Access

Days after my recent blog post on the HIPAA Right of Access, the OCR released details of their first enforcement action for violation of the Right of Access. The complaint, received in August 2018, involved a mother who waited over 9 months to receive prenatal records from Bayfront Health in St. Petersburg.  She requested the […]

Read More…

The FTC Can Rise to the Privacy Challenge, but Not Without Help From Congress

FTC

Over at Lawfare, I have an essay co-authored by Chris Hoofnagle and Woodrow Hartzog called The FTC Can Rise to the Privacy Challenge, but Not Without Help From Congress.  This piece is also posted at the Brooking Institution’s TechTank.  The essay begins: Facebook’s recent settlement with the Federal Trade Commission (FTC) has reignited debate over whether the […]

Read More…

A Major Move to Weaken HIPAA

HIPAA Penalties Reduced

Quietly, at the end of April, HIPAA was significantly weakened.  HHS published what sounds like an innocuous notification in the Federal Register: Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties.  This notification is actually an enormous change to the HIPAA penalty structure, a drastic reduction in HIPAA fines. The existing penalty structure under HIPAA […]

Read More…

HIPAA Enforcement 2018

HIPAA Enforcement 2018 - TeachPrivacy HIPAA Training 02

Last year was a record-setting year for HIPAA enforcement.  On HHS’s website, OCR has touted its 2018 enforcement: OCR has concluded an all-time record year in HIPAA enforcement activity.  In 2018, OCR settled 10 cases and secured one judgment, together totaling $28.7 million. This total surpassed the previous record of $23.5 million from 2016 by […]

Read More…

Increasing State HIPAA Enforcement: Highlights from 2018

State HIPAA Enforcement - increasing 02

There have been quite a number of state HIPAA enforcement cases this year, and one expert points out a trend toward increasing state enforcement of HIPAA. An article in Data Breach Today discusses a number of state HIPAA enforcement cases.  Here are some of the ones discussed: Massachusetts — $75,000 settlement with McLean Hospital for […]

Read More…