CPW is proud to share with its readers that Global Data Review, a leading data law and regulation publication, has ranked Squire Patton Boggs among 25 Elite firms in its 2022 edition of the GDR 100. GDR identifies and profiles the world’s leading law firms. GDR notes that firms with the Elite designation in
To stay up to date on the newest developments in data privacy, security and innovation, be sure to register for Team CPW’s speaking engagements in December. Details for the events next month are available below.
December 2: Association of Corporate Counsel Just In Time CLE December 2
Kyle Fath and Kristin Bryan will be speaking
In case you missed it, below is a summary of recent posts from CPW. Please feel free to reach out if you are interested in additional information on any of the developments covered.
Citing “multiple unreported ramsomware attacks” targeting the healthcare sector, last month the California Attorney General (CA AG) issued guidance reminding healthcare entities of their requirements under state and federal health data privacy laws to implement adequate security measures and comply with breach notification requirements. Although the document does not provide any “new” guidance, it signals
Squire Patton Boggs is pleased to announce, Partner Alan Friel will speak at this year’s Privacy + Security Forum Spring Academy. This virtual event will take place May 24-26, 2021.
Alan Friel will join a panel sharing wins and losses on California Consumer Privacy Act (CCPA) preparedness, in retrospect, and apply those learnings to how
Last month California Governor Gavin Newsom signed AB 713 into law, which more closely aligns CCPA to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and other laws governing scientific research. Although these changes may help ease compliance challenges for the health care and life sciences industries, the changes only exempt from the CCPA certain types of data rather than exempt health companies entirely.
Continue Reading CCPA Amended to Address HIPAA Exemption, Deidentified Data Rules
The US Department of Health and Human Services’ Office for Civil Rights (“OCR”) recently announced a settlement with Georgia-based Athens Orthopedic Clinic PA (the “Clinic”) to resolve multiple alleged violations of the Privacy and Security Rules under the Health Insurance Portability and Accountability Act (“HIPAA”).
Under the terms of the settlement, the Clinic agreed to pay $1.5 million to OCR and to adopt a corrective action plan to settle potential violations of the Privacy and Security Rules under HIPAA. The Clinic provides orthopedic services to approximately 138,000 patients annually.
Continue Reading Orthopedic Clinic Settles with HHS OCR for $1.5 Million Over Claims of Systemic HIPAA Noncompliance
The Substance Abuse and Mental Health Services Administration (“SAMHSA”) recently modified 42 CFR Part 2 regulations which sets forth federal confidentiality rules governing substance use disorder information. While these changes bring Part 2 closer in alignment to HIPAA, the additional modifications that the CARES Act requires (which will require aligning Part 2’s consent requirements more
What even might actually manage to have more geeks than Comic-Con?
PrivacyCon!
Ok, probably not, but on July 21, 2020 the FTC hosted their fifth annual PrivacyCon event, and for the first time it was entirely online. This event is designed to provide researched information on various important privacy topics. The FTC curates the event content based on submitted materials and moderates each session. This year’s topics were (1) health apps, (2) artificial intelligence, (3) Internet of Things devices, (4) privacy and security of specific technologies such as digital cameras and virtual assistants, (5) international privacy, and (6) miscellaneous privacy and security issues.
Continue Reading Key Takeaways from the FTC’s PrivacyCon
As explained in a recent post published on Squire Patton Bogg’s Anticorruption Blog, the DOJ is pursuing providers who submit false claims under the electronic health records initiative. This enforcement action should serve as a reminder to examine carefully attestations of EHR compliance, including the requirement to complete a HIPAA-required security risk assessment.