PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Is HIPAA Enforcement Too Lax?

By Daniel J. Solove ProPublica has been running a series of lengthy articles about HHS Office for Civil Rights (OCR) enforcement that are worth reading. A Sustained and Vigorous Critique of OCR HIPAA Enforcement A ProPublica article from early in 2015 noted that HIPAA fines were quite rare. The article noted that from 2009 through […]

Modernizing Electronic Surveillance Law

By Daniel J. Solove Next year, there will be a milestone birthday for the Electronic Communications Privacy Act (ECPA) – the primary federal law that regulates how the government and private parties can monitor people’s Internet use, wiretap their communications, peruse their email, gain access to their files, and much more. This is no ordinary […]

Lessons from the Latest HIPAA Enforcement Action

HIPAA Training OCR Enforcement

by Daniel J. Solove Recently, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) publicized its resolution agreement in its HIPAA enforcement action against St. Elizabeth’s Medical Center (SEMC).  SEMC agreed to pay $218,000. The case began with a complaint filed with OCR back in 2012 that employees […]

OPM Data Breach Fallout, Fingerprints, and Other Privacy + Security Updates

By Daniel J. Solove Co-authored by Professor Paul Schwartz This post is part of a post series where we round up some of the interesting news and resources we’re finding. For a PDF version of this post, and for archived issues of previous posts, click here. We cover health issues in a separate post. News […]

The Most Alarming Fact of the HIPAA Audits

by Daniel J. Solove Are privacy and security laws being enforced effectively? This post is post #5 of a series called Enforcing Privacy and Security Laws. Under the Health Insurance Portability and Accountability Act (HIPAA), various organizations can be randomly selected to be audited – even if no complaint has been issued against them and […]

The Brave New World of HIPAA Enforcement

by Daniel J. Solove Are privacy and security laws being enforced effectively? This post is post #4 of a series called Enforcing Privacy and Security Laws. The Health Insurance Portability and Accountability Act (HIPAA) regulations govern health information maintained by various entities covered by HIPAA (“covered entities”) and other organizations that receive health information from […]

Who Are the Privacy and Security Cops on the Beat?

by Daniel J. Solove Are privacy and security laws being enforced effectively? This post is post #3 of a series called Enforcing Privacy and Security Laws.

The Privacy Pillory and the Security Rack: The Enforcement Toolkit

by Daniel J. Solove Are privacy and security laws being enforced effectively? This post is post #2 in a series called Enforcing Privacy and Security Laws. See the end of this post for links to other posts in this series. What kind of sanctions do privacy and security laws use for enforcement? In this post, […]

Why Enforce Privacy and Security Laws?

by Daniel J. Solove PART 1 Are privacy and security laws being enforced effectively? This post is part of a series called Enforcing Privacy and Security Laws. How are privacy and security laws enforced? How should they be enforced? What enforcement works well? What doesn’t? What are the various agencies that are enforcing privacy laws […]

The Best Preventative Medicine for Health Data Breaches

by Daniel J. Solove Last week, I gave a keynote address at a conference called Safeguarding Health Information: Building Assurance through HIPAA Security, sponsored by the National Institute of Standards and Technology (NIST) and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR). I’d like to summarize my remarks here for […]