A Not-So-Far-Fetched Seinfeld Episode
In a Seinfeld episode called “The Package” from 1996 (click here to see the scene), airing just months after HIPAA was passed, Elaine goes to see a doctor for a rash.
In a Seinfeld episode called “The Package” from 1996 (click here to see the scene), airing just months after HIPAA was passed, Elaine goes to see a doctor for a rash.
Fellowships can be a great way to kick start a career in privacy law. I have added new fellowships the list I published in February 2016, as well as updated deadlines and other relevant information. Click here to see the fully updated list of privacy fellowships. If you know of others I should add, please email me.
Recently, HIPAA celebrated its 20th birthday. HHS issued a celebratory blog post. HIPAA is 20 years old if you start counting from the date the statute was passed (1996). If we measure HIPAA’s age from the date that the HIPAA Privacy Rule became effective (2003), then HIPAA is 13.
So HIPAA could be 20 years old, eager to become 21 and be able to drink (right now, it just makes people want to drink) or 13 years old and about to begin being an unruly teenager.
A few years ago, I published an article in the Journal of AHIMA to celebrate HIPAA’s 10th birthday (counting from when the Privacy Rule became effective). The article discusses HIPAA’s growth and impact, and is a quick read if you’re interested. You can download it for free here:
HIPAA Turns 10: Analyzing the Past, Present, and Future Impact
84 Journal of AHIMA 22 (April 2013)
As ransomware escalates and poses serious security risks for healthcare institutions, many privacy experts and legislators have called for more specific guidance from the U.S. Department of Health and Human Services (HHS).
A few weeks ago, HHS responded to these calls with a detailed fact sheet to explain ransomware and provide advice. Although most of the document outlines what should be obvious for an organization that already has a solid data security plan (including reliable back-ups, workforce training, and contingency plans), the major headline is HHS’s verdict on whether or not a ransomware attack qualifies as a data breach under HIPAA.
Here’s a cartoon I created to illustrate the importance of security awareness training. I hope you find it amusing.
I was fortunate to see James Graham’s incisive play “Privacy” this past Sunday at the Public Theater in New York City. The play is a witty and immensely engaging examination of all the data being collected about us and being assembled into digital dossiers. Technology is adeptly woven into the play. At many points during the production, audience members are asked to use their smart phones. The script is entertaining and intelligent. There is never a dull moment, and I was laughing throughout. Continue Reading
Yesterday, Microsoft won a huge case against government surveillance, a case with very important implications: In the Matter of a Warrant to Search a Certain E‐Mail Account Controlled and Maintained by Microsoft Corporation.
Recently, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its first HIPAA resolution agreement and monetary penalty against a business associate (BA).
There is a significant degree of confusion and lack of awareness about attorney confidentiality and cybersecurity obligations. This issue is especially acute when it comes to using the cloud to store privileged documents. A common myth is that storing privileged documents in the cloud is a breach of attorney-client confidentiality. In other instances, many attorneys and firms are not paying sufficient attention to their obligation to protect the confidentiality and security of the client data they maintain.