- Published Articles
- In the Press
- Press Releases
Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
October 20th, 2015
Federal Government Announces New HIPAA Privacy Audits for Companies That Handle Healthcare Data
Here's some news for companies that have to comply with the privacy provisions of the Health Insurance Portability and Accountability Act ("HIPAA"). The U.S. Department of Health and Human Services ("HHS") has announced plans to begin auditing compliance in early 2016.
The announcement of a new, permanent audit program follows criticism from the HHS Office of Inspector General ("OIG") in two reports examining HIPAA enforcement. OIG expressed the need for a permanent audit program, noting that "[w]ithout fully implementing such a program, OCR [the HHS Office of Civil Rights] cannot proactively identify covered entities that are noncompliant with the privacy standard." Currently, HHS relies primarily on complaints or tips, and voluntary disclosures of data breaches, as the bases for investigating alleged HIPAA violations.
Covered entities under HIPAA include health care providers, insurers, clearinghouses - and their "business associates". HIPAA requires covered entities to adopt safeguards to protect the privacy and physical security of protected health information or "PHI" (defined broadly under HIPAA as individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral).
OCR indicated that it will target high-risk areas and entities which have consistently been non-compliant, and include both onsite visits and remote desk reviews. The audits will also include both covered entities and their business associates.
With the audits expected to begin in early 2016, covered entities and their business associates should consider reviewing and following the HIPAA Audit Program Protocol, which addresses privacy, security, and breach notification. HHS is in the process of updating the protocol, and you may keep up with new developments here.
As a first step, entities should conduct a security risk assessment, and then take the necessary steps to address any identified instances of noncompliance.
For more information about how this program may affect health care providers and other covered entities, or for answers to other privacy and data security law questions, please contact S. Gregory Boyd, CIPM and CIPT at (212) 826 5581 or email@example.com, Rayna S. Lopyan, at (212) 705 4842 or firstname.lastname@example.org, or any other member of Frankfurt Kurnit's Privacy & Data Security Group. For more information about the program, visit the HHS website here.
Other Privacy & Data Security Law Alerts
iOS 15 Brings New Privacy Controls That Will Impact Advertising Initiatives
After months in beta, Apple is releasing iOS 15 to the public. Building upon the Privacy Nutrition Labels and App Tracking Transparency (ATT) framework introduced in iOS 14.5, iOS 15 introduces new privacy controls that will impact brand marketing initiatives and the ad tech ecosystem. Although these controls are not an iOS 14.5-caliber seismic event, they are yet another example of how platform providers have become de facto regulators of privacy. Read more.
September 20 2021
New York City Restricts Collection of Biometric Identifiers
Major US municipalities are lining up to regulate business use of technologies to collect biometric identifiers and information. For example, Portland, Oregon, banned the use of face recognition technologies earlier this year. Now, New York City businesses must comply with a new law too: Effective July 9, 2021, any commercial establishment in New York City that collects, retains, converts, stores or shares biometric identifier information of customers must disclose such activity using clear and conspicuous signage near all customer entrances. Read more.
July 7 2021
Business Takeaways from the FTC $5 Billion Settlement with Facebook
On July 24, 2019, the FTC announced a $5 billion settlement with Facebook to address Facebook’s alleged violations of the FTC Act and its 2012 consent order with the FTC. Read more.
July 26 2019