Tag Archives: hitech

SHIELD Act Becomes Law, Expanding Breach Notification and Data Security Requirements

On July 25, 2019, New York Governor Andrew Cuomo signed the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) into law. The SHIELD Act modifies the current Breach Notification Law to expand the types of data elements that are considered “private information” and to expand the data breach disclosure requirements for individuals and businesses. Moreover, the law creates a requirement that owners or licensors of private information meet a new “reasonable security requirement.”…

OCR Issues Fact Sheet Listing Circumstances in which Business Associates May Face Direct Liability for HIPAA Violations

In a development that may – understandably – have been overlooked by many heading into Memorial Day weekend, on May 24, 2019, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a Fact Sheet on Direct Liability of Business Associates under the Health Insurance Portability and Accountability Act (HIPAA).

The Fact Sheet provides an important reminder to covered entities, business associates, and their counselors regarding the circumstances in which OCR may – and may not – take enforcement actions directly against business associates for …

HHS Exercises Discretion to Reduce Maximum Annual Civil Money Penalties for Certain HIPAA Violations

On April 26, 2019, the U.S. Department of Health and Human Services (HHS) issued a Notification of Enforcement Discretion (Notice) regarding imposition of Civil Money Penalties (CMPs) under HIPAA. In the Notice, HHS announces that it has revisited its prior interpretation of the standards for assessment of CMPs under the HITECH Act, and is exercising its discretion to reduce the maximum amount of CMPs that may be assessed annually for HIPAA violations based on culpability.

The official version of the Notice is dated April 30, 2019 and is available here

LexBlog