On August 12, 2021, the United States District Court for the District of South Carolina issued an opinion denying in part and granting in part a motion by Blackbaud to dismiss seven statutory claims brought by plaintiffs in a multidistrict consolidated action stemming from a ransomware attack. The most notable aspect of the opinion is the Court’s interpretation of the California Medical Information Act (CMIA), which may have the effect of broadening the scope of liability for California-based cloud service providers that suffer data breaches.
Continue Reading  Federal Court Holds that Cloud Service Provider is Subject to CMIA

The new year began with an unusual amount of activity related to the Health Insurance Portability and Accountability Act (HIPAA). Health care providers, health plans, health care clearinghouses, and business associates subject to HIPAA will need to consider three significant developments—one regulatory, one legislative, and one judicial—relating to the Privacy and Security Rules under HIPAA and the related Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH).
Continue Reading  A Fast Start: 2021 Begins With Major HIPAA Developments

On December 18, 2020, the United States Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) issued guidance specific to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the COVID-19 public health emergency. The guidance addresses permitted HIPAA disclosures of Protected Health Information (“PHI”) by covered entities and business associates via health information exchanges (“HIEs”) for certain public health purposes.
Continue Reading  OCR Issues Guidance Related to PHI Disclosures During COVID