Health Information Technology for Economic and Clinical Health Act (HITECH)

The Philadelphia Eagles’ Super Bowl aspirations dimmed on a late autumn afternoon when two Ram defenders hammered their star quarterback, Carson Wentz, on a run to the end zone that was called back for a penalty. Wentz stayed in the game and threw a touchdown pass, but soon disappeared into the locker room for the remainder of the game. By mid-week, the medical reports confirmed what most Eagles fans already seemed to know: Wentz had torn ligaments in his knee and was finished for the season.

In the two weeks leading to the Super Bowl, sports media filled time and space with stories about the cut on Tom Brady’s hand and Rob Gronkowski’s expected clearance to play after suffering a concussion.

How, in the world of HIPAA privacy and security was so much medical information available for public consumption?
Continue Reading

With the New Year comes new data breach compliance obligations! Two Mid-Atlantic states have cybersecurity related compliance statutes that have – or will soon – take effect. Are you ready?

New Year’s Day ushered into effect the amended Maryland Personal Information Protection Act, which expands the definition of “personal information,” creates a 45-day deadline for providing notice of a breach, allows for substitute service when the breach enables an individual’s e-mail to be accessed, and increases the class of information subject to Maryland’s destruction of records laws. To the customary litany of data elements comprising “personal information,” Maryland has added personal health and health insurance information, biometric data, online account credentials and passport/government ID numbers. The amended data destruction provision now applies to customer and employee/former employee records containing personal information. See our prior alert detailing the amendments here.
Continue Reading