Privacy and Data Security
Subscribe to Privacy and Data Security's Posts

HHS Issues Guidance on Requirements Under HIPAA for Online Tracking Technologies, Addressing Privacy and Security Concerns Related to Health Information

On December 1, 2022, the Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) issued a Bulletin on the obligations of covered entities and business associates (regulated entities) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules (HIPAA Rules) when using online tracking technologies, such as cookies, web beacons and pixels. The Bulletin aims to provide further clarity on when identifiable information collected by such tracking technologies may also constitute protected health information (PHI) as defined and interpreted under the HIPAA Rules. In such instances, the Bulletin instructs that the technology vendor may be seen as providing a service to the regulated entity that would, in light of the use and disclosure of PHI, create a direct or downstream business associate relationship. Accordingly, the Bulletin states that the regulated entities would need to enter into a business associate agreement (BAA) with the vendor of the technology (and the vendor would, in turn, become a regulated entity) and meet other requirements under the HIPAA Rules. The Bulletin provides long-awaited guidance to help regulated entities review their positions and procedures concerning tracking technologies to ensure that the trackers they implement either do not collect PHI or meet the prerequisites outlined in the Bulletin.

Access the full article.




read more

State Law Privacy Video Series | Employee Exemptions

California, Virginia and Colorado have new privacy laws coming into effect in 2023. But now is the time to start preparing your business or organization for compliance. Throughout the State Law Privacy video series, we examine the different aspects of these laws and provide you the knowledge and tools you need for proper compliance.

In the next video of the series, Associate Fran Forte explores one of the notable exemptions under California’s law as it relates to employee data and how employee data is handled under Virginia and Colorado’s privacy laws.

Watch here.




read more

Conflicting State Laws and ‘Unpredictable’ Enforcement Await Providers in Post-Roe America

In the aftermath of the US Supreme Court’s decision to overturn Roe v. Wade, legal experts say health systems and providers must immediately review their operations and prepare for potential enforcement by state prosecutors. According to this article published in Fierce Healthcare, McDermott Partner Stacey Callaghan said organizations should consult with counsel “as soon as possible” to ensure they understand the new post-Roe landscape.

Read more here.




read more

What Employers Should Do Now That Roe Has Fallen

The monumental decision by the Supreme Court of the United States in Dobbs v. Jackson Women’s Health Organization to overturn Roe v. Wade presents significant challenges for employers and health plans. According to this Law360 article, employers should begin reviewing state laws, evaluating internal company policies, gauging employee reactions and preparing for legal challenges. McDermott’s Sarah Raaii called the Supreme Court’s decision “an administrative and potentially employee relations nightmare for employers.”

“It creates a lot of challenges for employers who just want to do right by their employees and continue offering these abortion benefits that they have historically done in the past,” Raaii said.

Access the article.




read more

The Overturning of Roe v. Wade

On June 24, 2022, the Supreme Court of the United States issued its decision in Dobbs v. Jackson Women’s Health Organization (Dobbs), overturning Roe v. Wade (Roe) and upending 50 years of precedent protecting a woman’s right to privacy in choosing to abort a pregnancy prior to the point of viability.

The effect of this decision on US companies cannot be understated. Any organization whose operations touch family planning services in any way (e.g., providers, those that facilitate operations, investors, payors, employers that provide family planning benefits and health plan service providers) should immediately examine their precise services, geographic footprint, corporate structure and organizational priorities.

To determine the best steps to take for you and your business, we invite you to join us for the second program in our new webinar series on Wednesday, June 29, at 2:00-3:00 pm EDT with McDermott Partners Stacey Callaghan, David Gacioch and Caroline Reignley and Associate Sarah Raaii, who will analyze and share the latest developments around the reversal of Roe and its likely impacts on US companies.

Register for the webinar here.




read more

When Are Cryptocurrencies Appropriate Investments for Retirement Plans and IRAs?

The US Department of Labor (DOL) recently issued guidance for the first time on the investment of retirement plan assets in cryptocurrencies. Compliance Assistance Release No. 2022-01 cautions 401(k) plan fiduciaries to “exercise extreme care” before allowing participants to invest plan assets in cryptocurrencies because cryptocurrencies “present significant risks and challenges to participants’ retirement accounts, including significant risks of fraud, theft, and loss.” In this Intellectual Property & Technology Law Journal article, McDermott Partners Andrea S. Kramer and Brian J. Tiemann outline what retirement plan fiduciaries need to know about cryptocurrency investments in the current market.

Access the article.




read more

The Challenges and Opportunities of Hybrid Work

What are some of the challenges and opportunities of hybrid work arrangements? In this Lexology GTDT Market Intelligence article, McDermott Partner Carole Spink offers insight about tracking remote work, navigating local rules, and protecting confidential and propriety information.

Access the article.




read more

Illinois Supreme Court Eliminates Defense to Biometric Privacy Class Actions

Illinois’ Biometric Information Privacy Act (BIPA) has spawned a tsunami of class actions against employers who utilize biometric timekeeping or security systems. Now, the Illinois Supreme Court in McDonald v. Symphony Bronzeville Park, LLC has eliminated a defense invoked by employers facing claims under BIPA: the exclusivity of workers’ compensation.

Read more here.




read more

Digital Health 2021 Year in Review

The continuation of the COVID-19 public health emergency (PHE) and consumer demand for digitally delivered healthcare not only necessitated the shift from in-person to virtual care, but also continued to drive interest, adoption, investment and transactions in digital health in 2021. Digital health funding in 2021 far surpassed 2020’s totals, with no signs of slowing down in 2022, and the potential permanence of some regulatory flexibilities beyond the PHE are charting a course for continued digital health growth in 2022 and beyond.

Access the report.




read more

Internal Trustee Fiduciary Liability

What are an employee stock ownership plan’s (ESOP) internal trustee’s fiduciary duties? What are some of the most common liability areas for trustees? And how can trustees prevent common liability pitfalls?

In this presentation, McDermott Partner J. Christian Nemeth offers insight into fiduciary duties, standards and best practices.

Access the slides.




read more

BLOG EDITORS

STAY CONNECTED

TOPICS

ARCHIVES

Top ranked chambers 2022
US leading firm 2022