CPW is pleased to announce that today David Oberly joins Squire Patton Boggs (US) LLP’s globally-recognized Data Privacy, Cybersecurity & Digital Assets Practice from Blank Rome, where he played an instrumental role in launching the firm’s Biometric Privacy Practice. As a recognized thought leader in the biometric privacy space, David serves as a go-to expert
The FTC’s recent policy statement on the Health Breach Notification Rule (the “Rule”) substantially impacts the consumer-facing digital health industry by significantly expanding (a) the scope of entities subject to the Rule and (b) data practices that constitute a breach. Under the new guidance, any entity that collects health data from both a connected device and the consumer (excluding entities already subject to HIPAA) will be treated as a “vendor of Personal Health Records” (“PHR Vendor”) subject to the Rule. Moreover, PHR Vendors that share such information without the individual’s authorization will trigger the Rule’s breach notification requirements.
Continue Reading FTC Policy Statement Substantially Expands Scope of Personal Health Record Vendor Rules
In re Mednax Services, MDL No. 2994, is an MDL (multidistrict litigation) pending in the Southern District of Florida, currently in its early stages. 2021 U.S. Dist. LEXIS 195342, *8-9 (S.D. Fla. Oct. 9, 2021). In a striking move late last week, a federal court ordered a stay of the proceedings pending resolution of
In case you missed it, below is a summary of recent posts from CPW. Please feel free to reach out if you are interested in additional information on any of the developments covered.
In June, we discussed a putative class action filed in the Eastern District of Pennsylvania concerning a data breach involving COVID-contact tracing data. Following the Plaintiff’s filing of an amended complaint, the remaining Defendant has now moved to dismiss on both standing and substantive grounds. Read on below.
To recap the alleged facts underlying this
Join Elliot Golding, a data privacy partner at SPB along with Joanne Charles (Microsoft) and Trinity Car (eHealth) for a must-attend webinar sponsored by the ABA next Thursday, September 9, at 1 pm EST.
In this era of digital health, the panelists will look “beyond HIPAA” and highlight other federal and state laws governing
Last month, a putative class action lawsuit was filed in federal court concerning a data breach resulting from the alleged improper disclosure of COVID-contact tracing data. Read on to learn more, and how this case fits more broadly into a trend of data breaches involving the healthcare industry. Chapman v. Commonwealth of Pennsylvania, et al.
CPW has previously covered the proliferation of data breaches, including in the healthcare context. In a dramatic rebuttal of how the Department of Health and Human Services Office of Civil Rights’ (“OCR”) has historically enforced HIPAA, the Fifth Circuit Court of Appeals recently handed down a landmark decision vacating a multi-million dollar penalty that
Yesterday CPW covered how one hospital was recently hit with two data breach class actions after a former employee accessed patient records without authorization. Well, for entities in the healthcare space looking to reduce their cybersecurity risk search no further-CPW’s Elliot Golding and Kristin Bryan published an article earlier this year in Law360 explaining
Healthcare data breaches are on the rise-recent estimates peg the number of patient records breached in 2019 as exceeding 41 million individuals. Additionally, approximately 60% of all healthcare data breaches are caused by internal actors—a statistic underscored by consecutive data breach class actions filed against the Mayo Clinic concerning the unauthorized access of patient records.