BizTech Law Blog
This article has been updated with new information since it was originally published on November 16, 2020.
As health care providers continue to face new challenges relating to the COVID-19 pandemic, it is important for providers to maintain compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Although the Department of Health and Human Services Office for Civil Rights (“OCR”) has loosened some requirements to allow health care providers flexibility during the COVID-19 pandemic, a majority of the patient protections under the HIPAA Privacy Rule have remained intact.
As if COVID-19 wasn’t enough of a challenge for many struggling hospitals and health care systems, there is another growing threat they must guard against: cyberattacks.
On October 28, 2020, the FBI, Department of Health and Human Services, and Cybersecurity and Infrastructure Security Agency issued a report warning of "an increased and imminent cybercrime threat" to U.S. hospitals and health care providers.
For more articles from the June 2020 Issue of Business & Tax Law News, click here.
The Employee Retirement Income Security Act of 1974 (“ERISA”) and its applicable regulations require a plan administrator to provide a number of notices to plan participants. For example, an ERISA plan administrator must provide to all plan participants a Summary Plan Description (“SPD”) that provides an overview of plan terms. Additionally, a plan administrator must provide a Summary of Material Modifications (“SMM”) to plan participants every time it makes certain changes to the plan.
More than 30 states have legalized medical marijuana and more than 10 have legalized marijuana for recreational use, including Michigan in a 2018 ballot proposal. Marijuana retailers have significant issues to address as the industry and the rules governing it mature over time. Among those issues, retailers should not overlook data privacy and cybersecurity issues.
Health care systems are eager to adapt to newer technology and widespread network options, all in the name of giving patients the best possible care. However, this comes with a price: more outlets for hackers to breach valuable data.
The U.S. Department of Health and Human Service's Office for Civil Rights ("OCR") recently published guidance for entities covered by HIPAA, entitled "My entity just experienced a cyber-attack! What do we do now?"
