HHS Declares Public Health Emergency in California – HIPAA Waivers Apply

Share

In the aftermath of the California wildfires, the Department of Health and Human Services (HHS) has waived sanctions and penalties against covered entities that fail to comply with provisions of the HIPAA Privacy Rule.

The waiver is similar to HHS’ response to Hurricanes Harvey and Irma, which we discussed in a previous blog post. This waiver only applies (1) in the emergency area and for the emergency period identified in the public health emergency declaration, (2) to hospitals that have instituted a disaster protocol, and (3) for up to 72 hours from the time the hospital implements its disaster protocol. Continue reading “HHS Declares Public Health Emergency in California – HIPAA Waivers Apply”

Department of Education Posts CyberAdvisory on Extortion and Student Data Threats

Share

Acknowledging that schools have “long been targets for cyber thieves,” the Federal Student Aid Office (FSA) of the U.S. Department of Education (ED) posted an alert on October 16, warning school districts and other educational institutions of criminal extortion schemes threatening to release sensitive student data. Recent, similar cyberattacks in Montana and Iowa are being investigated by the FBI.

Continue reading “Department of Education Posts CyberAdvisory on Extortion and Student Data Threats”

OCR Reminder on How to Manage HIPAA Privacy Requirements during Emergency Relief Efforts

Share

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a reminder to its listserv subscribers following the Las Vegas Strip shooting on October 1, 2017, that HIPAA covered entities are permitted to share patient protected health information (PHI) under the HIPAA Privacy Rule  to carry out specific purposes and under certain circumstances.

For most disclosures, however, a covered entity must make reasonable efforts to limit the information disclosed to that which is minimally necessary to accomplish the purpose.  Per OCR’s reminder, covered entities may rely on representations from a public health authority or other public official that the requested information is the minimum necessary for the purpose.

The following is a summary of OCR’s reminder and the uses and disclosures available under 45 C.F.R. §164.510.

Continue reading “OCR Reminder on How to Manage HIPAA Privacy Requirements during Emergency Relief Efforts”

Tech Companies Issue White Paper Recommending a National IOT Strategy

Share

Over the course of the last year, a number of U.S. technology companies and associations, including Intel, Samsung and the Information Technology Industry Council (ITIC) initiated a process dubbed “the National IOT Strategy Dialogue” the purpose of which was to develop strategic recommendations for U.S. government policymakers on the Internet of Things.

The group recently issued a white paper capturing the recommendations they advocate that the U.S. government undertake or implement.  These players suggest that for the U.S. to win the global race to test, develop and deploy beneficial IOT technologies, that the U.S. government needs a strategic roadmap.

Continue reading “Tech Companies Issue White Paper Recommending a National IOT Strategy”

FTC and Department of Education to Co-Host Workshop and Webcast on Privacy Issues in Education Technology

Share

The Federal Trade Commission (FTC) and the U.S. Department of Education (ED) will co-host a live workshop on December 1, 2017 highlighting two intersecting regulatory regimes: the FTC’s rules implementing the Children’s Online Privacy Protection Act (COPPA), which applies to K-12 schools and to children under the age of 13, and the simultaneous application of the Family Education Rights and Privacy Act (FERPA), which also applies to schools and is administered by ED.

Continue reading “FTC and Department of Education to Co-Host Workshop and Webcast on Privacy Issues in Education Technology”

Legislative Spotlight: Self-Driving Cars Part 1

Share

The House of Representatives passed H.R. 3388, the “Safely Ensuring Lives Future Deployment and Research in Vehicle Evolution Act” or the “SELF DRIVE Act” last month. The bill would remove regulatory barriers to develop self-driving or autonomous cars by giving the National Highway Traffic Safety Administration (NHSTA) authority to establish federal safety, design, and performance standards for automated cars, excluding commercial vehicles, such as trucks and buses. States would still be responsible for the vehicle registration, driver’s licensing, insurance, and safety and emissions inspections. The bill would also allow states to impose stricter performance requirements than those set by NHTSA.

We have outlined the privacy and cybersecurity provisions of this bill, as well as the NHTSA’s voluntary security standards for self-driving cars.

Continue reading “Legislative Spotlight: Self-Driving Cars Part 1”

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy