Three Boston-Area Hospitals Settle HIPAA Allegations Arising From On-Site Filming of Television Documentary

Oct 12 2018

Three Boston-area hospitals collectively paid just under $1 million to settle allegations that they violated HIPAA by improperly disclosing patients’ identities and other protected health information during onsite filming of a television network documentary. According to the Department of Health and Human Services Office for Civil Rights (OCR)’s September 20, 2018 press release, the three hospitals – Boston Medical Center (BMC), Brigham and Women’s Hospital (BWH), and Massachusetts General Hospital (MGH) – permitted film crews to film an ABC television network documentary series on premises without first obtaining authorizations from patients. Collectively, the three hospitals paid $999,000 to settle potential violations of the HIPAA Privacy Rule, with BMC paying $100,000, BWH paying $384,000, and MGH paying $515,000.

Enforcement, Health Privacy, HHS

California and Preemption

Oct 10 2018

Alan Charles Raul and Christopher Fonzone

As one of the epicenters of the Information Age and largest state in the Nation, California’s regulatory decisions can have an outsize impact on the data economy. Recently, the State has tried to use this pride of place to stamp its imprint on two important public debates. First, on September 30, 2018, Governor Brown signed into law the California Internet Consumer Protection and Net Neutrality Act of 2018 (Senate Bill 822), which seeks to impose, as a matter of state law, net neutrality regulation even more restrictive than the federal regime the Federal Communications Commission (FCC) repealed earlier this year. Second, earlier this year, California enacted (and then subsequently amended) the California Consumer Privacy of 2018, the broadest privacy law in the United States. As laid out below, these enactments have sparked legal and policy debates over whether California should be able to set rules that could become de facto national standards or whether federal rules do or should preempt California’s efforts.

California, FCC, Litigation, Policy, U.S. State Law

Highlighting the Chinese Cybersecurity Law

Oct 09 2018

Data Matters Contributors

Former Department of Homeland Security Chief Privacy Officer Hugo Teufel III and Sidley’s Edward McNicholas addressed a packed room on Chinese Cybersecurity Law at the 2018 Privacy + Security Forum hosted at George Washington University. The timely presentation highlighted how, with significant attention in the past few years focused on the GDPR, many have not fully appreciated the significant policy and legal developments coming out of Beijing. In particular, China has been creating a materially different approach to cybersecurity which serves the central purpose of defending the Chinese notion of cyber sovereignty. Much uncertainty remains about the newly-effective laws and regulations, but it is clear that foreign technology and other companies operating in China should rapidly focus on its significant restrictions on outbound data transfer, the expansive definitions of “important data”, as well as reviews of network equipment security. Their presentation is available here.

APEC, Asia, Cybersecurity, Information Security, International, National Security, Online Privacy

White House and Pentagon Announce New Cyber Strategies

Oct 05 2018

Christopher Fonzone and Feola Odeyemi

The Trump Administration continued to put its stamp on federal cybersecurity policy last week, as the White House issued its National Cyber Strategy while the Pentagon announced the Department of Defense Cyber Strategy. The former document is a helpful step forward that continues and advances the cyber policies the Trump Administration inherited from the Obama and Bush Administrations, while the Pentagon’s release primarily focused on the Strategy’s endorsement of “Defense Forward,” which was taken as a signal the United States would be adopting a more aggressive operational posture in the future. Data Matters readers will want to study both strategies, as each contains interesting insights into how the Trump Administration envisions the development of the cybersecurity ecosystem and see the public and private sectors working together to mitigate cyber risks.

Cybersecurity, Information Security, National Security, Policy

Data Protection Post-Brexit

Oct 04 2018

William RM Long and Francesca Blythe

Brexit will have fundamental implications for data protection and in particular, the ongoing flow of personal data from the EU to the UK. However, as with many other issues, the precise implications will depend on the type of deal reached between the EU and the UK.

Enforcement, European Union, International

The Trump Administration’s Approach to Data Privacy, and Next Steps

Oct 02 2018

Alan Charles Raul and Christopher Fonzone

* This article originally appeared in Law360 on September 27, 2018.

On Sept. 25, 2018, the Trump administration proposed an approach and initiated a process to modernize U.S. data privacy policy. The administration’s approach is “risk-based” rather than rule-based, and, as such, signals a willingness to move away from a privacy model of mandated notice and choice that has “resulted primarily in long, legal, regulator-focused privacy policies and check boxes.” Rather, the administration is proposing that U.S. privacy policy “refocus” on achieving desirable privacy “outcomes,” such as ensuring that users are “reasonably informed” and can “meaningfully express” their privacy preferences, while providing organizations with the flexibility to continuing innovating with cutting-edge business models and technologies.

California, Children’s Privacy, European Union, FCRA, FTC, GDPR, General, GLBA, HIPAA, International, Legislation, Online Privacy, Policy, U.S. State Law

Senate Hearing on Federal Privacy Law: Question is Not Whether But What Form

Sep 28 2018

Alan Charles Raul, Christopher Fonzone, Clayton G. Northouse and Stephen McInerney

On September 26, the Senate Commerce Committee invited tech and telecom companies to the Hill to discuss safeguards for consumer data privacy. “The question,” noted Chairman John Thune, “is no longer whether we need a federal law to protect consumers’ privacy. The question is what shape that law should take.” The Senators and testifying witnesses expressed strong support for a comprehensive federal privacy law.

California, Data Breaches, Legislation, Online Privacy, Policy, U.S. State Law

Three Boston-Area Hospitals Settle HIPAA Allegations Arising From On-Site Filming of Television Documentary

California and Preemption

Highlighting the Chinese Cybersecurity Law

White House and Pentagon Announce New Cyber Strategies

Data Protection Post-Brexit

Senate Hearing on Federal Privacy Law: Question is Not Whether But What Form

Categories

Archives

Contacts

Upcoming Events

Improving the Transatlantic Privacy Relationship

Women in Privacy