Amy C. Pimentel
Subscribe to Amy C. Pimentel's Posts
Amy C. Pimentel focuses her practice on privacy and data security and general health law. Her clients operate in a variety of industries, including health care, consumer products, retail, food and beverage, technology, banking and other financial services. Read Amy Pimentel's full bio.
HHS Issues Guidance on Requirements Under HIPAA for Online Tracking Technologies, Addressing Privacy and Security Concerns Related to Health Information
By Jennifer S. Geetter, Elliot R. Golding, Amy C. Pimentel, Scott Weinstein, Edward G. Zacharias and Marine Margaryan on Dec 20, 2022
Posted In Privacy and Data Security
On December 1, 2022, the Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) issued a Bulletin on the obligations of covered entities and business associates (regulated entities) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules (HIPAA Rules) when using online tracking...
Continue Reading
VIDEO: Transfers of Health Data from the European Union to the United States in a Post-Schrems II World
By Amy C. Pimentel and Romain Perray on May 27, 2021
Posted In Employee Benefits, Health and Welfare Plans, Privacy and Data Security
In this video, McDermott Will & Emery partner Amy C. Pimentel explains the significance of health data transfers from the European Union to the United States in a post-Schrems II world. The recent Schrems II ruling invalidated the EU-US Privacy Shield, holding that the US legal regime on access to personal data does not contain...
Continue Reading
GDPR 6 Months After Implementation: Where are We Now?
By Amy C. Pimentel and Mark E. Schreiber on Nov 13, 2018
Posted In Privacy and Data Security
The General Data Protection Regulation (GDPR) was the biggest story of 2018 in the field of global privacy and data protection. The GDPR became enforceable in European Union Member States on May 25, 2018, significantly expanding the territorial reach of EU data protection law and introducing numerous changes that affected the way organizations globally process...
Continue Reading
The Privacy Shield: September 30, 2016, Deadline for Early Self-Certification Offers Compliance Opportunity and Risk
By Anthony A. Bongiorno, Amy C. Pimentel and Michael G. Morgan on Sep 6, 2016
Posted In Privacy and Data Security
The European Commission recently determined that the Privacy Shield Framework is adequate to legitimize data transfers under EU law, providing a replacement for the Safe Harbor program. The Privacy Shield is designed to provide organizations on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data...
Continue Reading
HHS Office of Inspector General Calls for Increased Oversight and Enforcement of HIPAA
By Amy C. Pimentel, Edward G. Zacharias and Daniel F. Gottlieb on Nov 19, 2015
Posted In Employment, Health and Welfare Plans, Privacy and Data Security
On September 29, 2015, the U.S. Department of Health and Human Services Office of the Inspector General (OIG), Office of Evaluation and Inspections, released two studies calling on the HHS Office for Civil Rights (OCR) to strengthen its efforts in both general enforcement of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Standards and...
Continue Reading
Privacy and Security Concerns for Employee Benefit Plans with Service Provider Relationships
By Anthony A. Bongiorno, Andrew Liazos and Amy C. Pimentel on Jul 21, 2015
Posted In Benefit Controversies, Employment, Fiduciary and Investment Issues, Health and Welfare Plans, Labor, Privacy and Data Security, Retirement Plans
Recent cyber-attacks on health insurers have heightened awareness that sensitive participant and beneficiary information may not be adequately secure. There will undoubtedly be other attacks on databases maintained by service providers to employee benefit plans, which raises an important question for Employee Retirement Income Security Act of 1974 (ERISA) fiduciaries: what should be done now...
Continue Reading
Update on State Breach Notification Laws
By Amy C. Pimentel on May 7, 2015
Posted In Privacy and Data Security
In the first few months of 2015, a number of states have introduced data breach notification bills and proposed legislative amendments designed to enhance consumer protection in response to increasingly high profile data breaches reported in the media. This activity at the state level seems to indicate that protecting consumers from data breaches is one...
Continue Reading
Employers with Group Health Plans: Have You Notified State Regulators of the Breach?
By Anthony A. Bongiorno and Amy C. Pimentel on Feb 23, 2015
Posted In Health and Welfare Plans, Privacy and Data Security
Data security breaches affecting large segments of the U.S. population continue to dominate the news. Over the past few years, there has been considerable confusion among employers with group health plans regarding the extent of their responsibility to notify state agencies of security breaches when a vendor or other third party with access to participant...
Continue Reading