Web-Tones

Many healthcare providers are starting to make the move online. That is really not surprising because the move, like every other industry, appears inevitable. Here's a recent example from EMR Daily News (which BTW, is an excellent blog and one that you should be reading).

Providers that were once tepid about the move online are now going to be in a hurry to get there, since they will see the advantages that more nimble colleagues are obtaining, like the small matter of getting paid their EHR incentives.

As this last link notes however, many providers are unaware of the legal compliance issues that they may face as they go online. Here's the money quote from the link:

"That brings me to the point of this post, something that very few healthcare providers are aware of: section 164.520(c)(3) of HIPAA's Privacy Rule states as follows (paraphrasing):

Specific requirements for electronic notice. A covered entity (CE) that maintains a website must make the notice prominently available on its website. A CE may provide notice via email if the individual has agreed to such notice and other requirements of this section are met."

The reference above is to a provider's HIPAA Privacy Notice and is NOT a reference to the typical privacy policies found on most websites. Of course a provider could place it there, but then the issue becomes whether or not the "prominently available" requirement has been met?

But there is more to the legal compliance story for providers than meeting the HIPAA requirements. Providers also need to be in compliance with all other applicable law that is pertinent to running an online business. For example, if a provider's site has a blog with open comments and the ability to attach user generated content (UGC), then a provider must comply with the Digital Millennium Copyright Act (DMCA) if they want to take advantage of its safe harbor.

The DMCA is the tip of the iceberg, depending on the type of site a provider launches. Providers and facilities are encouraged to read "Why Audit Your Website?" to get a better understanding of online legal issues. These legal issues, in some cases, apply "across the board" and are not industry specific.

Looking for a best of breed HIPAA Compliance Software?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH / HIPAA experience?

Why So Much Hand-Wringing Over TechCrunch's Decision to Publish 'Hacked' Twitter Documents? - Techcrunch - Gawker. It seems to me that from a legal perspective Techcrunch's decision to publish Twitter's confidential documents is, as the link suggests, just good 'ole fashion journalism and nothing more.

Perhaps this little known case referred to as The Pentagon Papers is on point? You think?

European Privacy Law And Social Networking : Privacy Law Blog. This post is a good indication why privacy on the internet is not only front and center as a national issue in the U.S. but is a concern internationally as well.

Online businesses need to start paying more attention to these issues, including (and especially) any health care sites. As a privacy attorney I have spent quite a bit of time lately reviewing in depth the FTC Red Flags Rules and the HITECH Act's impact on HIPAA.

I can assure readers that any lax enforcement of privacy laws on the part of government agencies is a thing of the past. The HITECH Act's Subtitle-D (Privacy) clearly transforms HIPAA from a paper tiger into one with visible teeth. Here's a brief summary of relevant changes to HIPAA under HITECH:

1. HHS Mandatory Audits
2. Business Associates are explicitly required to comply with HIPAA's Privacy and Security Rules.
3. State Attorney Generals are authorized to bring a civil action on behalf of residents.
4. Funds from civil fines will go into the coffers of HHS' Office of Civil Rights (this alone is a game changer).

The point is that across the board, whether it is HHS or the FTC, government agencies are increasingly becoming more aggressive in their enforcement actions. There is a regulatory freight train coming at the end of the tunnel unlike anything we have seen since Sarbanes-Oxley (aka SOX).

Looking for a best of breed HIPAA Compliance Tracking System?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store.

FTC Tells Sears That Consumer Disclosures Must be More Conspicuous : Privacy Law Blog. Here's yet another indication of how the rules of the road may be changing with respect to privacy & security. Companies that want to collect the kind of "behavioral data" that Sears was allegedly collecting need to be much more aggressive in their privacy policy disclosures.

Simply taking the passive approach of burying disclosures in a privacy policy that nobody reads may not cut it anymore.

As a Privacy Attorney I obviously track these issues on a daily basis. But even the most casual Internet observer knows that privacy & data security are front page news. Look for the FTC to start sending a strong message to the online marketplace.

This is not your father's Internet.

Looking for a best of breed HIPAA Compliance Tracking System?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store.

Data Security is Serious Business. TJX, the company that owns TJ Maxx and other subsidiaries, gets hit with a $2.5M fine for data breaches of 100 million consumer credit card records that occurred in 2005-2006.

TJX did not admit any wrongdoing but agreed to implement industry standard data security practices. The real damage done, however, despite the fact that $2.5M is more than a slap on the wrist, is to TJX's "reputation value." I believe there may have been a (class action) lawsuit as well.

In short, data security is serious business and even small companies need to start paying attention.

Looking for a best of breed HIPAA Compliance Tracking System?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store.

Web Privacy Efforts Targeted - WSJ.com. This article is probably an indication that industry groups are becoming increasingly alarmed that if they do not take steps to better protect consumer privacy on the Internet then the U.S. Congress will step in to fill the void.

If the latter happens it will be the small operators that feel most of the compliance pain, making it harder for them to compete. That will likely lead to further consolidation and ultimately less competition--not necessarily a good thing for consumers.

Unfortunately, cooler heads are unlikely to prevail and we will end up with a heavy handed regulatory regime that makes legislators and consumer groups feel good, but does little to change things on the ground.

I am all for voluntary compliance and letting industry leaders attempt to set the standard.

Looking for a best of breed HIPAA Compliance Tracking System?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store.

EU Advisory Group Proposes Tighter Privacy Regulation On Social Networks. It seems like everyone is jumping on the privacy & data security bandwagon. Here an EC group wants tougher regulations on Social Networking Sites (SNS). We are likely to end up with some monstrous pieces of legislation (e.g. HIPAA) that are so complex only the "big boys" can afford to comply, and then only after some get "whacked" with a heavy fine.

As I have said often, I am all for privacy & data security. With respect to the latter, and if the HIPAA Security Rule is an example of what will emerge, we will end up with CIA type of security measures imposed on unsuspecting website owners, that will mostly be ignored by the majority of small businesses.

What is required is guidance and tools, and not just tough language that makes legislators feel like they have actually improved protection for consumers.

Looking for a best of breed HIPAA Compliance Tracking System?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store.

Is Privacy An Illusion? Facebook ‘Fans’ Claim Hack Exposes Private Profile Information (Update). Online businesses need to "wake up and smell the coffee." These privacy issues are not going away. Privacy and security are some of the hottest online legal issues--not necessarily because of the harm created but rather because the media has jumped all over it. Expect for that to continue.

Also expect the FTC, HHS (for HIPAA), and other agencies to step up their enforcement efforts. They are going to ride the wave and send a message while the getting is good.

You can bet on it.

Looking for a best of breed HIPAA Compliance Tracking System?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store.

Employers should look before they leap.. Employee non-compete clauses are not favored in CA and apparently an employer better have its ducks in a row before it brings a trade secret action without any evidence in that forum as well.

This particular employer had a bad day in court and it cost them $1.6M. With so many Americans out of work it may be the courts are once again becoming more sympathetic to an employee's right to earn a living. Sure, employers with cause should not hesitate in vigorously protecting their trade secrets, but make sure that there are solid grounds before bringing an action.

The Music Industry Will Need To Win More Than Just The Legal Arguments In Capital v. Thomas : Owners, Borrowers & Thieves 2.0. Sweden's Pirate Party gets a seat in the European Parliament as a result of Sweden's liberal view on copyright protection.

Whether or not you agree with the decision in the case that rallied the troops to vote the way they did, one fact is indisputable: the "kids" (18-24) got out and voted to make their voices heard. Surely the Internet played a significant role in this outcome because the case was widely renown internationally and it remains unclear what the unintended consequences might be for the music industry.

Now we have a US case going to trial: Capital v. Thomas. Six record companies have brought suit against Jamie Thomas for allegedly using a P-2-P network to share music files. Of the many cases brought by the music industry, apparently this is the one only that has gone to trial.

Whether the music industry is "right on the law" may not be as important as the fallout that comes from suing your customers--especially those with the most disposable income to purchase music. In short, this will be an interesting case to watch as much for its economic, social and political impact as for the outcome itself. The music industry will never return to the good 'ole days, so that question is "what does this portend for its future in its next incarnation?"

Just because you can do something from a legal perspective doesn't always mean that you should. In these days when we all have access to global communications instantly, the business impact of your legal strategy should not be something that is "willy/nilly" ignored. How much is your reputation worth to the market the buys what you sell?