Almost exactly a year ago, the first COVID-19 tuition reimbursement lawsuits were filed against higher education institutions across the United States and we warned of the continued onslaught of such litigation. With the filing of those reimbursement class actions decreasing, higher education institutions should be cognizant of a potential new wave of COVID-19 class actions: privacy class action lawsuits related to the COVID-19 vaccine.
Continue Reading Colleges Should Brace for Next Phase of COVID-19 Class Actions
U.S. Supreme Court Adopts Narrow Autodialer Definition in 9-0 Defense Victory
On April 1, 2021, the U.S. Supreme Court issued its long-awaited opinion in Facebook v. Duguid, which resolved a circuit split regarding the meaning of “automatic telephone dialing system” (autodialer or ATDS) under the Telephone Consumer Protection Act (TCPA). In a decision authored by Justice Sonia Sotomayor, the court adopted the narrow, pro-defendant definition of autodialer.
Continue Reading U.S. Supreme Court Adopts Narrow Autodialer Definition in 9-0 Defense Victory
HHS Extends Public Comment Period for Proposed HIPAA Privacy Rule Changes
On March 9, the Department of Health and Human Services announced it was extending until May 6, 2021, the comment period for proposed changes to regulations implementing the Health Insurance Portability and Accountability Act of 1996 and the Health Information Technology for Economic and Clinical Health Act of 2009.
Read our complete alert to learn
SEC Announces 2021 Information Security Examination Priorities – Five (5) Steps Every Firm Should Take to Prepare!
“Information security is critical to the operation of the financial markets and the confidence of its participants. . . The Division is acutely focused on working with firms to identify and address information security risks, including cyber-attack related risk . . .” SEC Division of Examinations, 2021 Examination Priorities, at 24.
On March 3, 2021, the Securities and Exchange Commission’s newly renamed Division of Examinations (EXAMS) (formerly the Office of Compliance Inspections and Examinations (OCIE)) announced its 2021 examination priorities. Information security and operational resiliency ranked number two out of the top five priorities sending a clear message that the SEC is focused on emergent security threats, particularly cyber-attacks, resulting from the sudden and unprecedented increase in remote operations.Continue Reading SEC Announces 2021 Information Security Examination Priorities – Five (5) Steps Every Firm Should Take to Prepare!
DOJ Indictment Highlights Attack Methods Used by State-Sponsored Cybercriminals
The U.S. Department of Justice announced an indictment in the U.S. Attorney’s Office for the Central District of California against a North Korea-sponsored international cybercriminal organization that infiltrated public and private computer networks, fundamentally compromised these systems, and sought to obtain over a billion dollars from this illicit access.
Read the full article on our
CISA, FBI, Treasury Issue Guidance on State-Sponsored Malware Targeting Cryptocurrency
This week, the FBI, the Cybersecurity and Infrastructure Security Agency, and the Department of the Treasury released a joint advisory report on HIDDEN COBRA — the cyber threat North Korea poses to cryptocurrency — and provided mitigation recommendations for addressing this ongoing threat.
Read our full article on our Subject to Inquiry blog for highlights
OCR Continues to Crack Down on Right of Access Violations
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and specifically the Privacy Rule under HIPAA’s implementing regulations, patients have a right to access their health information held by health care providers. In 2016, the Department of Health and Human Services’ Office for Civil Rights (OCR) issued guidance stressing the importance of this right. The OCR also implemented a HIPAA Right of Access Initiative as an enforcement priority in 2019, and the OCR has since actively pursued violations under the right of access standard.
Continue Reading OCR Continues to Crack Down on Right of Access Violations
Department of Health and Human Services Announces Proposed Changes to the HIPAA Privacy Rule
On January 21, 2021, the Department of Health and Human Services (HHS) published proposed modifications to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH).
The proposed rule is part of HHS’ Regulatory Sprint to Coordinated Care, which seeks to promote value-based healthcare by examining federal regulations that impede efforts among healthcare providers and health plans to better coordinate care for patients. Specifically, HHS aims to amend the regulations implemented pursuant to HIPAA and HITECH where the rules present barriers to coordinated care and case management or where they otherwise impose burdens on covered entities that do not increase individuals’ privacy protections.Continue Reading Department of Health and Human Services Announces Proposed Changes to the HIPAA Privacy Rule
Information Blocking Compliance: What Providers Need To Know As Deadlines Approach
On November 4, 2020, the Office of the National Coordinator for Health Information Technology (ONC) published an Interim Final Rule with Comment Period (IFC) that delays compliance dates necessary to meet certain requirements related to information blocking initially finalized in the ONC Cures Act Final Rule (Final Rule) in March of 2020. The Final Rule implemented health IT provisions enacted under the 21st Century Cures Act (the Cures Act) to achieve ubiquitous interoperability among health IT systems and to improve patient’s ability to access their electronic health information (EHI). Among these provisions is a prohibition of information blocking. This article will define information blocking, provide and explain exceptions to such practice, detail the IFC’s deadline extensions, and highlight key compliance concerns and solutions regarding these reforms.
Information Blocking
The term “Information Blocking” is broadly defined by the Cures Act as any practice that is likely to interfere with, prevent, or materially discourage access, exchange, or use of EHI when the entity knows (or should know) that it is likely to do so. The Cures Act specifies four types of “actors” that must comply with the information blocking rule:
- Healthcare Providers
- Health information technology companies that have a certified health IT system
- Health information networks (HINs)
- Health information exchanges (HIEs)
Continue Reading Information Blocking Compliance: What Providers Need To Know As Deadlines Approach
Data Privacy Day 2021: Privacy and Cybersecurity Are On Our Minds, Too
Data privacy is a top concern for many in-house legal professionals – and for good reason – data privacy and cybersecurity legal requirements are complex and continually evolving. Data Privacy Day is a great day to start addressing your organization’s data privacy and cybersecurity needs.
On Data Privacy Day 2021, here is what is top of mind for some of our Data Privacy & Security Team members:
- Andrew Konia – A Federal Privacy Law: “Calls (pleas?) for federal privacy legislation are nothing new, and last year we came close, with both parties presenting draft bills for consideration (surprise, neither passed!). But now, with the White House and both chambers of Congress under Democratic control, there appears to be renewed (and more serious) interest in a federal privacy law. We have seen (admittedly narrow) hints of the federal government taking a stronger stance on cybersecurity standards with the IoT Cybersecurity Improvement Act of 2020, which applies to federal agency purchases. But you take the recent and intense backlash on “Big Tech’s” use/sharing of data and perceived lack of data transparency, and mix in the Biden Administration’s prioritization of consumer protection generally, and you have the recipe – and a strong political appetite – for a comprehensive federal privacy law.”
- Bethany Lukitsch – California: “CPRA will be here before we know it, and most companies are going to have a lot to do to get ready. Updating privacy policies and adding ‘do-not-share’ links are one thing, but as with CCPA, it’s the behind-the-scenes work that is really going to take some time. It’s certainly not too early to get started.”
Continue Reading Data Privacy Day 2021: Privacy and Cybersecurity Are On Our Minds, Too