The HITECH Law blog focuses on legal developments related to the privacy and security of confidential consumer and business information in today’s “high tech” world. Since 2009, the year this blog was created, there has been an explosion in consumer and business electronic data privacy and security issues, beyond healthcare, HIPAA and the Health Information Technology for Economic and Clinical Health Act of 2009 (aka “The HITECH Act”, the original impetus for the blog). This compelled us to expand the blog’s scope in late 2015 to cover legal developments regarding the creation, access, collection, maintenance or transmission of confidential information regarding an individual, business or organization in all industry sectors.
The susceptibility of electronic data (e-data) to loss, theft and unauthorized access has increased due to innovations in data storage and data mining, advancements in mobile technology and the ability to access both stationery and mobile data sources via the internet. As these technology innovations advance, so does an increase in breaches of confidential data due to employee negligence, theft and cyber crime, all of which can give rise to business liability and financial loss. The key types of confidential e-data your business may hold that may be vulnerable to negligence, theft and cyber crime include individual financial information, healthcare information, and personal identifiers that are not in the public domain such as one’s birth date or GPS or geo-location (knowing where you are at any given moment). The collection of consumer information over the internet or through mobile devices increases this vulnerability.
This blog also follows legal developments related to individual expectations of privacy on the web, company website privacy policies, cloud data, e-mail privacy, student privacy, web-based consumer portals (e.g., healthcare, banking, etc.), patient and consumer mobile health apps, cyber-crime, cyber-liability insurance, telehealth data, medical devices with IT features or web-based medical device software, and other IT-related information applications that touch or affect the privacy of consumers.
Laws regulating the privacy and security of personal information that HITECH Law covers, among others, include:
- Section 5 of the Federal Trade Commission Act under which the FTC claims jurisdiction to regulate the privacy and security practices of companies that handle sensitive personal information concerning customers, including company website privacy policies and company consumer data collection practices via the internet, consumer mobile apps, mobile health technology and medical devices (#mHealth).
- The international regulation of the privacy and security of personal data, including the General Data Protection Rule (“GDPR”) and the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (the former which replaced the EU-US Safe Harbor Agreement struck down on 10/6/15).
- Children’s Online Privacy Protection Act (COPPA), under which the FTC regulates website operators and online services directed to children under 13 years of age, and operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.
- The Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the HITECH Act, regulating the privacy and security of protected health information (PHI).
- State data breach notification laws. (Click on the “More…” tab above for select state data breach laws.)
- FTC Health Breach Notification Rule, under which the FTC regulates businesses not covered by HIPAA regarding notification of customers and others if there is a breach of unsecured, individually identifiable electronic health information.
- The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, which sets out security requirements for storing and sharing personal financial information.
Our goal is to make the HITECH Law blog a resource for legal developments in business and consumer data privacy and security regulation, enforcement and risk. We also want our blog to be a one-stop, resource to key federal and state consumer, patient and business data privacy and security regulations via quick links on the blog’s sidebar and specialized Menu tabs.
For our followers who have come to depend on our blog as as resource for HIPAA or for regulatory developments related to the HITECH Act provisions for making a “meaningful use” (MU) of certified electronic health records (EHRs), we have dedicated a webpage of the blog to HIPAA and HITECH Act information. On the above Menu, click on “More. . .” and select “HITECH / HIPAA Resources“.
Follow us! Just enter your email address in the EMail Subscription field on the sidebar. And don’t hesitate to provide us with your feedback on our blog posts and other related developments. Simply click the comment button on the post or webpage to let us know!
For more information about Wyatt’s Data Privacy & Security law practice, click here. Our firm has offices in:
New Albany, IN