California Dental Practice Pays $23,000 Settlement For Potential HIPAA Privacy Violations Involving Yelp Posts

Author HeadshotBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On December 14, 2022, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled with New Vision Dental (NVD) over a potential HIPAA Privacy violation. The California-based dental practice paid $23,000 to OCR and agreed to implement a corrective action plan after allegedly including protected health information (PHI) in its responses to reviews on Yelp.

The Complaint and Investigation.

On November 29, 2017, the Office for Civil Rights (OCR) received a complaint alleging New Vision Dental had posted responses to several unfavorable reviews by patients on Yelp and frequently disclosed confidential protected health information (PHI) in its responses. For example, in some posts, patients were allegedly identified, and NVD revealed their full names when the patient may have only chosen to use a made-up name on the platform. Other information allegedly posted included detailed information about the patient’s visits, treatment, and health insurance, when that information had not been posted publicly by the patient.

The federal agency’s investigation found potential violations of the HIPAA Privacy Rule, including impermissible uses and disclosures of PHI and failures to provide adequate Notice of Privacy Practices and implement Privacy policies and procedures. “This latest enforcement action demonstrates the importance of following the law even when you are using social media. Providers cannot disclose protected health information of their patients when responding to negative online reviews. This is a clear ‘NO,’” said OCR Director Melanie Fontes Rainer in a statement.

To read more, click here for the press release from the HHS.

In addition to the settlement, NVD agreed to implement a corrective action plan (CAP) that will be monitored for two years by OCR. As part of its CAP, the dental practice agreed to develop, revise, and maintain written policies and procedures to comply with federal privacy and security standards. All workforce members will also receive training on those policies and procedures, and NVD is required to remove all social media postings that include PHI.

The resolution agreement and CAP can be viewed here.

Guidelines for Appropriate use of Social Media and Social Networking.

Healthcare professionals are discouraged from interacting with current or past patients on personal social networking sites and should never, under any circumstances, reveal personal information about the patient or the patient’s treatment or care. Online interaction with patients should only occur when discussing the patient’s medical treatment within the physician-patient relationship and with written, signed consent by the patient to use e-mail or other online services for such messaging. These interactions should never occur on personal social networking or social media websites.

Patient privacy must be protected at all times, especially on social media and social networking websites. Breaches in patient confidentiality could harm the patient and violate federal privacy laws such as the Health Insurance Portability and Accountability Act of 1996 and applicable state privacy laws.

Failure to Comply With HIPAA Can Result in Both Civil and Criminal Penalties.

This penalty was the 21st financial penalty to be imposed by OCR in 2022 to resolve HIPAA violations, more than in any other year since it was given the authority to enforce HIPAA compliance. With the increased popularity and availability of social media platforms also comes an increase in potential privacy violations. To read a previous blog I wrote on this, click here.

If Notified of a HIPAA Investigation or Audit, Consult an Experience Health Law Attorney Immediately.

If you receive notice that you have a HIPAA Privacy Complaint, are suspected of a HIPAA breach, or are subject to a HIPAA audit, consult with an experienced health care attorney immediately. There are many technicalities to these laws and regulations, and what may initially seem like a violation may be proven to be nothing. Many defenses can be raised, and often a complaint may be dismissed by the OCR once the correct facts are shown to it by your attorney.

Don’t Wait Until It’s Too Late, Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, nurses, and other healthcare providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or toll-free (888) 331-6620.

Sources:

Alder, Steve. “OCR Fines California Dental Practice for PHI Disclosures on Yelp.” HIPAA Journal. (December 14, 2022). Web.

McKeon, Jill. “OCR Settles Potential HIPAA Violation After Dental Practice Discloses PHI on Yelp.” Health Care It News. (December 14, 2022).

Health News Weekly. “California Dental Practice Pays $23,000 to Resolve Potential HIPAA Violations Involving Social Media Posts.” AHLA. (December 16, 2022). Web.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave. Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 or Toll-Free: (888) 331-6620.

Current Open Positions with The Health Law Firm. The Health Law Firm always seeks qualified individuals interested in health law. Its main office is in the Orlando, Florida, area. If you are a current member of The Florida Bar or a qualified professional who is interested, please forward a cover letter and resume to: PAlexander@TheHealthLawFirm.com or fax them to (407) 331-3030.

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2023 The Health Law Firm. All rights reserved.

2023-01-17T11:36:47-05:00January 17th, 2023|Categories: Dental Law Blog|Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , |0 Comments

Florida Primary Care Practice Settles HIPAA Investigation for $20,000

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On December 15, 2022, the Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced that Health Specialists of Central Florida, Inc., will pay $20,000 to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule’s right of access standard.

The primary care provider also agreed to a corrective action plan (CAP) with two years of monitoring.

It is extremely important that Florida physicians and health professionals remember that there is a federal law requirement under HIPAA that requires the timely furnishing of a health record requested by a patient. You must be sure to meet the deadline, but, more importantly, document that you have met it. Use cover letters, obtain receipts when possible, and document the date you provided the record in the record.

Click here to view the press release issued by the OCR.

Right of Access Standard.

OCR first launched an investigation into Health Specialists of Central Florida after the daughter of a deceased patient filed a complaint in November 2019. The complainant made a written access request for her father’s medical records but did not receive them for nearly five months, and only after multiple requests.

The HIPAA right of access standard requires covered entities to respond to requests for records within 30 days of receipt or 60 days if it obtains an extension of time. OCR’s guidance on the right of access is available here.

The Settlement.

In addition to the monetary settlement, Health Specialists of Central Florida will undertake a corrective action plan (CAP) that includes two years of monitoring. The CAP requires the practice to develop, maintain, and revise its written privacy procedures and policies, distribute them to the workforce, and review and update its right of access to PHI policy.

This case marks the 42nd case resolved under OCR’s HIPAA Right of Access Initiative. To view the settlement agreement and CAP, click here.

 

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, dental practices, medical groups, nursing homes, home health agencies, pharmacies, hospitals, and other healthcare providers and institutions in investigating and defending against HIPAA investigations and complaints and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or toll-free (888) 331-6620.

Sources:

Health Law Weekly. “Florida Primary Care Provider to Pay $20,000 to Resolve Right of Access Probe.” AHLA. (December 16, 2022). Web.

Giles, Bruce. “Florida primary care practice fined HHS $20K for not giving timely access to patient data.” Becker’s Hospital Review. (December 16, 2022). Web.

McKeon, Jill. “OCR Resolves HIPAA Right of Access Case With FL Primary Care Practice.” Health IT Security. (December 16, 2022). Web.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave. Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 or Toll-Free: (888) 331-6620.

Current Open Positions with The Health Law Firm. The Health Law Firm always seeks qualified individuals interested in health law. Its main office is in the Orlando, Florida, area. If you are a current member of The Florida Bar or a qualified professional who is interested, please forward a cover letter and resume to: PAlexander@TheHealthLawFirm.com or fax them to (407) 331-3030.

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2022 The Health Law Firm. All rights reserved.

 

 

2022-12-28T11:39:15-05:00December 28th, 2022|Categories: Health Facilities Law Blog|Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , |0 Comments

Civil and Criminal Enforcement of HIPAA Privacy and Security Regs on the Rise

George Indest Headshot

Attorney George F. Indest III, The Health Law Firm

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

The Office of Civil Rights (OCR), a division within the U.S. Department of Health and Human Services (HHS), is the federal organization responsible for investigating complaints and enforcing the Privacy and Security Regulations implementing the Health Insurance Portability and Accountability Act, commonly referred to as “HIPAA.”

As the COVID-19 pandemic seems to be leveling off and more employees are going back to the office, and into the field, HIPAA complaint investigations will definitely pick up. Furthermore, criminal prosecutions for violations of HIPAA have recently been on the rise as well.

OCR’s Investigations and Enforcement Actions.

OCR enforces the HIPAA Privacy and Security Regulations in several ways:

The first method it has is the receiving and investigating of HIPAA violation complaints. These can easily be filed online by going to https://www.hhs.gov/hipaa/filing-a-complaint/.

If you receive a notice from the OCR that it is investigating a HIPAA complaint against you, it will request a large number of various documents relating to the matter. It is crucial that you retain the services of an experienced health lawyer to assist you in responding. Often, it will not be necessary to provide all of the documents requested by OCR, if your attorney determines that certain legal grounds exist for avoiding this. Regardless, you should seek legal counsel, anyway, since both criminal and civil sanctions may result.

OCR Also Conducts Compliance Audits.

OCR conducts compliance reviews to determine if covered entities are in compliance. Covered entities include, for example, physicians, medical groups, nurse practitioners (in most cases), psychologists, mental health counselors (in most cases), pharmacists, health clinics (in most cases), assisted living facilities (ALFs), home health agencies (HHAs), hospitals, and many others.

OCR reviews the information that it gathers through its investigation or audit. In some cases, it may determine that the covered entity did not violate the Privacy Regulations or the Security Regulations. However, in the case of the covered entity’s violation, OCR may do any of the following:

Dismissing the matter or taking no further action.

Obtaining the Covered Entity’s agreement for voluntary compliance going forward.

Obtaining corrective action through a corrective action plan (CAP).

Negotiating a resolution agreement (RA).

Assessment of civil penalties (monetary fines).

Referral to the Department of Justice (DOJ) for further investigation and criminal prosecution.

Civil Violations.

In cases of noncompliance where the covered entity does not satisfactorily resolve the matter, OCR may decide to impose civil money penalties (CMPs) on the covered entity. It can then take further administrative or civil litigation action to enforce these if they are not paid.

Civil monetary penalties for HIPAA violations are determined based on a tiered civil penalty structure. The HHS secretary has discretion in determining the amount of the penalty based on the nature and extent of the violation and the nature and extent of the harm resulting from the violation. HHS is prohibited from imposing civil monetary penalties (except in cases of willful neglect) if the violation is corrected within 30 days (this time period may be extended at HHS’s discretion). So it is imperative to retain an attorney and get on top of the situation fast.

The range of penalties for civil violations.

HIPAA violation: Unknowing
Penalty range: $100 – $50,000 per violation, with an annual maximum of $25,000 for repeat violations

HIPAA violation: Reasonable Cause
Penalty range: $1,000 – $50,000 per violation, with an annual maximum of $100,000 for repeat violations

HIPAA violation: Willful neglect but corrected (violation is corrected within the required time period)
Penalty range: $10,000 – $50,000 per violation, with an annual maximum of $250,000 for repeat violations

HIPAA violation: Willful neglect, not promptly corrected (violation is not corrected within the required time period)
Penalty range: $50,000 per violation, with an annual maximum of $1.5 million

Criminal penalties for violations.

In June 2005, DOJ clarified who can be held criminally liable under HIPAA. Its clarification included officers, employees, and other principles of business entities (corporations and companies) that are covered entities, including co-conspirators, aiders, and abettors of the acts.

Criminal violations of HIPAA are investigated and prosecuted by DOJ. As with the civil penalties, there are different criminal penalties based on the level of severity of the criminal violation.

Covered entities and specified other individuals who knowingly obtain or disclose individually identifiable health information, in violation of the Administrative Simplification Regulations to the HIPAA Regulations, face a fine of up to $50,000, as well as imprisonment for up to one (1) year.

Offenses committed under false pretenses allow penalties to be increased to a $100,000 fine, with up to five (5) years in prison.

Finally, offenses committed with a profit motive, in other words, with the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm permit fines of $250,000 and imprisonment up to ten (10) years.

What is a “Covered Entity?”

One thing to remember is that HIPAA and its enforcing regulations only apply to “covered entities” with certain minor exceptions. The following are examples of “covered entities”:

Health plans (e.g., health insurers, HMOs, PPOs)

Health care clearinghouses

Health care providers who transmit claims in electronic form (this will cover almost all health facilities and health professionals)

Medicare prescription drug card sponsors

Individuals such as directors, employees, or officers of a covered entity (where the covered entity is not an individual) may criminally liable under HIPAA per the “corporate criminal liability” theory.

 

Criminal Penalties for HIPAA Violations.

Yes, there are criminal penalties, including prison for up to ten (10) years, possible for HIPAA violations.

To read an earlier blog I wrote on criminal penalties for HIPAA violations, please click here.

What is the Definition of “Knowingly?”

The DOJ interprets the required element of “knowingly” in the criminal liability section of HIPAA as requiring only knowledge of the actions that constitute an offense. Specific knowledge that an action is a violation of HIPAA is not required.

Can a HIPAA Violation Lead to Exclusion from the Medicare Program?

HHS has the authority to exclude from participation in Medicare any covered entity that was not compliant with certain HIPAA Regulations under certain circumstances. Call your healthcare lawyer for details on this.

For information on the effects of exclusion from any government-sponsored healthcare program on a doctor, nurse, dentist, or any other health provider, visit our website’s Health Law Articles and Documents page to view the OIG’s Special Advisory Bulletin.

 

The Administrative Simplification Act Simplifies it All.

The Administrative Simplification Act sought to clarify and simplify parts of HIPAA and increase specific penalties for violations. Title 42, United States Code, Chapter 7, Subchapter XI, Part C (Administrative Simplification Act).

The Administrative Simplification Regulations authorize a fine of up to $50,000, as well as imprisonment up to one year. Offenses committed under false pretenses allow penalties to be increased to a $100,000 fine, with up to five years in prison. Finally, offenses committed with the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm permits fines of $250,000 and imprisonment for up to 10 years.

Misuse and Disclosure of “Unique Health Identifiers.”

The wrongful use of a unique health identifier can be charged as a violation of 42 U.S.C. § 1320d–6(a)(1) and (b)(1)), the penalty provision of which is set forth in 42 U.S.C. § 1320d–6(b)(1). “Unique health identifier” includes a patient’s name, address, social security number, insurance member ID number, description of health history, and description of the patient’s symptoms.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals, and other healthcare providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or toll-free: (888) 331-6620.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620 Toll-Free: (888) 331-6620.

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999. Copyright © 2021 The Health Law Firm. All rights reserved.

Senate Republicans Announce New Privacy Legislation: The SAFE DATA Act

George IndestBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On September 17, 2020, Republican members of the Senate Commerce Committee introduced sweeping federal privacy legislation. The proposed law is called the Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act. The Act is a combination of bills previously introduced in the Senate: the Consumer Data Protection Act, Filter Bubble Transparency Act, and the Deceptive Experiences to Online Users Reduction Act. It hasn’t passed, yet, so let’s wait and see.

HAH! You thought you had learned all of the acronyms and abbreviations because you know what HIPAA, HITECH, FERPA, USCDPA, and FOIA mean. Let’s see how long it takes you to remember what this one stands for.

What is the SAFE DATA Act?

This proposed legislation has three main components if passed into actual law. It:

1. Provides consumers with more choice and control over their data (allegedly),
2. Directs business to be more transparent and accountable (allegedly), and
3. Strengthens the FTC’s enforcement power (allegedly).

The Act would provide consumer rights, such as access, notice, deletion, opting-out, correction, and a right to data portability. It also prohibits covered entities from discriminating against consumers who utilize some of the proposed rights. It will prohibit organizations from denying goods or services to individuals because they have exercised any of their rights as set forth in the bill.

Implementation of the bill would be financed through a $100 million appropriation to the Federal Trade Commission (FTC) to enforce its provisions. Therefore, the FTC would gain the authority to obtain injunctions and impose other sanctions for violations.


Integrating Other Privacy Bill Provisions.

The SAFE DATA Act incorporates three main bill provisions into the proposal.

First, it includes the Filter Bubble Transparency Act (don’t ask). It requires a notice on public-facing websites that use algorithmic ranking systems

Second, it contains provisions from the Deceptive Experiences To Online Users Reduction (“DETOUR”) bill (ouch!). This provision makes it unlawful for an online service with more than 100 million authenticated users to use a user interface to impair user autonomy.

Third, like the United States Consumer Data Privacy Act (CDPA), the proposal requires companies to obtain affirmative, express consent from the customer before processing or transferring individuals’ sensitive data.

According to Julie Brill, former Commissioner of the FTC, a comprehensive privacy law would also address consent and collection issues related to COVID-19 health data, while at the same time promoting racial equality and prohibiting data discrimination. Boy, that’s great; who knew this was likely to be accomplished in our lifetimes.

View the proposed Safe Data Act in full.

You may also read one of my prior blogs to learn more about HIPAA privacy rights violations and medical confidentiality.


Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals, and other healthcare providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or toll-free (888) 331-6620.

Sources:

Cox, Ayeisha. “Lawmakers Introduce the SAFE DATA Act.” American Health Lawyers Association (AHLA). (October 2, 2020). Web.

Traylor. Christian. “Federal Data Privacy Legislation: Will it Help the US Remain Competitive in the Global Marketplace?” JD Supra. (September 29, 2020). Web.

Panakal, Dominic Dhil. “Senate Republicans Stitch Together Safe Data Ideas into New Bill.” The National Law Review. (September 24, 2020).

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave. Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 Toll-Free: (888) 331-6620.

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2020 The Health Law Firm. All rights reserved.

New Comprehensive Privacy Legislation Announced: The SAFE DATA Act

George IndestBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On September 17, 2020, Republican members of the Senate Commerce Committee introduced sweeping federal privacy legislation. The proposed law is called the Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act. The Act is a combination of bills previously introduced in the Senate: the Consumer Data Protection Act, Filter Bubble Transparency Act, and the Deceptive Experiences to Online Users Reduction Act. It hasn’t passed, yet, so let’s wait and see.

HAH! You thought you had learned all of the acronyms and abbreviations because you know what HIPAA, HITECH, FERPA, USCDPA, and FOIA mean. Let’s see how long it takes you to remember what this one stands for.

Details of the New SAFE DATA Act.

This proposed legislation has three main components if passed into actual law. It:

1. Provides consumers with more choice and control over their data (allegedly),
2. Directs business to be more transparent and accountable (allegedly), and
3. Strengthens the FTC’s enforcement power (allegedly).

The Act would provide consumer rights, such as access, notice, deletion, opting-out, correction, and a right to data portability. It also prohibits covered entities from discriminating against consumers who utilize some of the proposed rights. It will prohibit organizations from denying goods or services to individuals because they have exercised any of their rights as set forth in the bill.

Implementation of the bill would be financed through a $100 million appropriation to the Federal Trade Commission (FTC) to enforce its provisions. Therefore, the FTC would gain the authority to obtain injunctions and impose other sanctions for violations.

Incorporating Other Privacy Bill Provisions.

The SAFE DATA Act incorporates three main bill provisions into the proposal.

First, it includes the Filter Bubble Transparency Act (don’t ask). It requires a notice on public-facing websites that use algorithmic ranking systems

Second, it contains provisions from the Deceptive Experiences To Online Users Reduction (“DETOUR”) bill (ouch!). This provision makes it unlawful for an online service with more than 100 million authenticated users to use a user interface to impair user autonomy.

Third, like the United States Consumer Data Privacy Act (CDPA), the proposal requires companies to obtain affirmative, express consent from the customer before processing or transferring individuals’ sensitive data.

According to Julie Brill, former Commissioner of the FTC, a comprehensive privacy law would also address consent and collection issues related to COVID-19 health data, while at the same time promoting racial equality and prohibiting data discrimination. Boy, that’s great; who knew this was likely to be accomplished in our lifetimes.

View the proposed Safe Data Act in full.

You may also read one of my prior blogs to learn more about HIPAA privacy rights violations and medical confidentiality.


Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals, and other healthcare providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or toll-free (888) 331-6620.

Sources:

Cox, Ayeisha. “Lawmakers Introduce the SAFE DATA Act.” American Health Lawyers Association (AHLA). (October 2, 2020). Web.

Traylor. Christian. “Federal Data Privacy Legislation: Will it Help the US Remain Competitive in the Global Marketplace?” JD Supra. (September 29, 2020). Web.

Panakal, Dominic Dhil. “Senate Republicans Stitch Together Safe Data Ideas into New Bill.” The National Law Review. (September 24, 2020).

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave. Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 Toll-Free: (888) 331-6620.

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2020 The Health Law Firm. All rights reserved.

New Sweeping Privacy Legislation Announced: The SAFE DATA Act

George IndestBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On September 17, 2020, Republican members of the Senate Commerce Committee introduced sweeping federal privacy legislation. The proposed law is called the Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act. The Act is a combination of bills previously introduced in the Senate: the Consumer Data Protection Act, Filter Bubble Transparency Act, and the Deceptive Experiences to Online Users Reduction Act. It hasn’t passed, yet, so let’s wait and see.

HAH! You thought you had learned all of the acronyms and abbreviations because you know what HIPAA, HITECH, FERPA, USCDPA, and FOIA mean. Let’s see how long it takes you to remember what this one stands for.

Details of the SAFE DATA Act.

This proposed legislation has three main components if passed into actual law. It:

1. Provides consumers with more choice and control over their data (allegedly),
2. Directs business to be more transparent and accountable (allegedly), and
3. Strengthens the FTC’s enforcement power (allegedly).

The Act would provide consumer rights, such as access, notice, deletion, opting-out, correction, and a right to data portability. It also prohibits covered entities from discriminating against consumers who utilize some of the proposed rights. It will prohibit organizations from denying goods or services to individuals because they have exercised any of their rights as set forth in the bill.

Implementation of the bill would be financed through a $100 million appropriation to the Federal Trade Commission (FTC) to enforce its provisions. Therefore, the FTC would gain the authority to obtain injunctions and impose other sanctions for violations.

Integrating Other Privacy Bill Provisions.

The SAFE DATA Act incorporates three main bill provisions into the proposal.

First, it includes the Filter Bubble Transparency Act (don’t ask). It requires a notice on public-facing websites that use algorithmic ranking systems

Second, it contains provisions from the Deceptive Experiences To Online Users Reduction (“DETOUR”) bill (ouch!). This provision makes it unlawful for an online service with more than 100 million authenticated users to use a user interface to impair user autonomy.

Third, like the United States Consumer Data Privacy Act (CDPA), the proposal requires companies to obtain affirmative, express consent from the customer before processing or transferring individuals’ sensitive data.

According to Julie Brill, former Commissioner of the FTC, a comprehensive privacy law would also address consent and collection issues related to COVID-19 health data, while at the same time promoting racial equality and prohibiting data discrimination. Boy, that’s great; who knew this was likely to be accomplished in our lifetimes.

View the proposed Safe Data Act in full.

You may also read one of my prior blogs to learn more about HIPAA privacy rights violations and medical confidentiality.


Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals, and other healthcare providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or toll-free (888) 331-6620.

Sources:

Cox, Ayeisha. “Lawmakers Introduce the SAFE DATA Act.” American Health Lawyers Association (AHLA). (October 2, 2020). Web.

Traylor. Christian. “Federal Data Privacy Legislation: Will it Help the US Remain Competitive in the Global Marketplace?” JD Supra. (September 29, 2020). Web.

Panakal, Dominic Dhil. “Senate Republicans Stitch Together Safe Data Ideas into New Bill.” The National Law Review. (September 24, 2020).

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave. Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 Toll-Free: (888) 331-6620.

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2020 The Health Law Firm. All rights reserved.

Senate Republicans Announce Comprehensive Privacy Legislation: The SAFE DATA Act

George IndestBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On September 17, 2020, Republican members of the Senate Commerce Committee introduced sweeping federal privacy legislation. The proposed law is called the Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act. The Act is a combination of bills previously introduced in the Senate: the Consumer Data Protection Act, Filter Bubble Transparency Act, and the Deceptive Experiences to Online Users Reduction Act. It hasn’t passed, yet, so let’s wait and see.

HAH! You thought you had learned all of the acronyms and abbreviations because you know what HIPAA, HITECH, FERPA, USCDPA, and FOIA mean. Let’s see how long it takes you to remember what this one stands for.

Details of the SAFE DATA Act.

This proposed legislation has three main components if passed into actual law. It:

1. Provides consumers with more choice and control over their data (allegedly),
2. Directs business to be more transparent and accountable (allegedly), and
3. Strengthens the FTC’s enforcement power (allegedly).

The Act would provide consumer rights, such as access, notice, deletion, opting-out, correction, and a right to data portability. It also prohibits covered entities from discriminating against consumers who utilize some of the proposed rights. It will prohibit organizations from denying goods or services to individuals because they have exercised any of their rights as set forth in the bill.

Implementation of the bill would be financed through a $100 million appropriation to the Federal Trade Commission (FTC) to enforce its provisions. Therefore, the FTC would gain the authority to obtain injunctions and impose other sanctions for violations.

Integrating Other Privacy Bill Provisions.

The SAFE DATA Act incorporates three main bill provisions into the proposal.

First, it includes the Filter Bubble Transparency Act (don’t ask). It requires a notice on public-facing websites that use algorithmic ranking systems

Second, it contains provisions from the Deceptive Experiences To Online Users Reduction (“DETOUR”) bill (ouch!). This provision makes it unlawful for an online service with more than 100 million authenticated users to use a user interface to impair user autonomy.

Third, like the United States Consumer Data Privacy Act (CDPA), the proposal requires companies to obtain affirmative, express consent from the customer before processing or transferring individuals’ sensitive data.

According to Julie Brill, former Commissioner of the FTC, a comprehensive privacy law would also address consent and collection issues related to COVID-19 health data, while at the same time promoting racial equality and prohibiting data discrimination. Boy, that’s great; who knew this was likely to be accomplished in our lifetimes.

View the proposed Safe Data Act in full.

You may also read one of my prior blogs to learn more about HIPAA privacy rights violations and medical confidentiality.


Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals, and other healthcare providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or toll-free (888) 331-6620.

Sources:

Cox, Ayeisha. “Lawmakers Introduce the SAFE DATA Act.” American Health Lawyers Association (AHLA). (October 2, 2020). Web.

Traylor. Christian. “Federal Data Privacy Legislation: Will it Help the US Remain Competitive in the Global Marketplace?” JD Supra. (September 29, 2020). Web.

Panakal, Dominic Dhil. “Senate Republicans Stitch Together Safe Data Ideas into New Bill.” The National Law Review. (September 24, 2020).

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave. Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 Toll-Free: (888) 331-6620.

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2020 The Health Law Firm. All rights reserved.

Go to Top