The town of Westport, Connecticut, is the latest administration to face the challenge of balancing privacy concerns while combating the COVID-19 pandemic. By April 17, 2020, there were 183 confirmed cases of COVID-19 in Westport. For the sake of public health, Westport announced its intent to collaborate with the company Draganfly to use drone technology to monitor social distancing. Draganfly’s drones are allegedly able to detect fevers, heart and respiratory rates, and people sneezing and coughing. The drones would aid in the fight against COVID-19 by alerting officials of any locations where crowds were not properly social distancing, using biometric readings to analyze population patterns.

Photo credit:  Draganfly Screenshot as reported in Hartford Courant, April 23, 2020.  

Continue Reading Connecticut Town’s Drone Program Grounded: What Businesses Can Learn from Latest Battle Balancing Privacy and the Public Good

The Office for Civil Rights (OCR) announced a settlement agreement for $5.5 million dollars with Florida’s Memorial Healthcare Systems (MHS) stemming from allegations it failed to protect patient data. The privacy violation arose out of the unauthorized access of 115,143 patients by MHS employees. The information that was compromised consisted of names, dates of birth and social security numbers. A majority of these impermissible actions occurred when a former employee’s login credentials were used from 2011-2012 which affected 80,000 individuals.
Continue Reading HIPAA’S Privacy Rule: Having a Policy – But Not Enforcing It – Costs Provider $5.5 Million

The Office of Civil Rights (OCR) first HIPAA settlement of 2017 is based on a failure to report a breach of health information in a timely manner. The settlement was reached with Presence Health, a large health care network that operates in approximately 150 locations in Illinois. Presence Health has agreed to settle the potential violations by paying a fine of $475,000 and implementing a corrective action plan to deal with this problem in the future.

The settlement stems from
Continue Reading OCR Penalizes Slow Data Breach Response

On Monday, March 21, 2016, the Health and Human Services Office for Civil Rights (“OCR”) began the long-awaited Phase II of OCR’s random audit program to determine compliance with the patient privacy provisions included in the Health Insurance Portability and Accountability Act (“HIPPA”). As we discussed earlier here, these audits will extend beyond simply covered entities and will also include business associates.

Covered entities and business associates will receive an email from OCR entitled “Audit Entity Contact Verification.”  This
Continue Reading HIPAA Phase II Audits Begin

After several months of delay, the Health and Human Services Office for Civil Rights (“OCR”) has selected a vendor to begin Phase II of OCR’s random HIPAA audits mandated by the HITECH Act.  The program’s first phase included over 100 pilot audits, and phase II was to have begun in late 2014. While the first round of audits included only covered entities, OCR will include business associates in the next round.  The audits will assess compliance with the HIPAA privacy,
Continue Reading Are You Prepared for HHS Office of Civil Rights Random HIPAA Audits?

*This is the fifth post in a five-part series on cyber insurance, culminating in a webinar entitled “Insurance Coverage for Privacy and Data Breaches, Hot Topics and Critical Issues” on Wednesday, April 22, 2015, at 12:00-1:00 p.m. Eastern. 

A common question we often hear CEOs, CFOs, and Directors of businesses and public and private institutions ask is “What terms and conditions should I consider when buying cyber insurance?” We have compiled a list of some of the most important
Continue Reading Cyber Insurance: What Terms and Conditions Should I Consider When Buying?

Today, April 14, 2015, marks the 12th anniversary of the compliance date for the HIPAA Privacy Rules for most “Covered Entities” – healthcare providers who engage in certain electronic transactions, health plans, and healthcare clearing houses. (Small group health plans had 1 extra year, until April 14, 2004, to come into compliance with the Privacy Rules.)

What’s HIPAA?
The HIPAA Privacy Rules were the first comprehensive federal rules to protect the privacy and confidentiality of an Individual’s health and medical
Continue Reading Happy Birthday, HIPAA!

What career could possibly be more exciting than serving as a privacy lawyer for tech start-up companies? This is a question I asked myself a few years back, right after I finished clerking for a couple of terrific federal judges and right as I was considering starting the privacy practice I had envisioned as a law student sitting in Prof. Fred Cate’s classes at the Indiana University Maurer School of Law several years earlier. At that time, my answer was
Continue Reading How To Advise Tech Start-Ups in Practice, Not Theory

“How To Advise Tech Start-Ups in Practice, Not Theory,” an article by Taft Cincinnati attorney Matthew D. Lawless, was published in IAPP’s The Privacy Advisor on March 24.

About the IAPP
The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, support and improve the privacy profession globally.
Continue Reading Lawless Published in The Privacy Advisor

On April 10, Taft partner Sara S. Rorer will speak at the 2015 Annual Ohio Society of Radiologic Technologists Conference in Dublin, Ohio. She will present “Social Media: Privacy Compliance Challenges for Healthcare Providers” and will focus primarily on HIPAA compliance. The conference runs April 9-10.

About OSRT
The Ohio Society of Radiologic Technologists (OSRT) is an organization with a Vision of improving the health care of Ohio’s citizens assuring that patients receive excellent medical imaging and radiation therapy care.

Continue Reading Rorer is guest speaker at the Ohio Society of Radiologic Technologists Conference