As the United States continues to grapple with the effects of the coronavirus epidemic, the U.S. Department of Health and Human Services (“HHS”) announced new rules extending compliance dates and timeframes under the Cures Act. The agency’s new rules—most of which take effect on Dec. 4, 2020—are aimed at giving IT developers and health care providers flexibility in responding to the coronavirus pandemic.
Covid-19 has not only damaged the health and physical well-being of those stricken by the potentially deadly coronavirus, but it has also ravaged the livelihoods and financial stability of many millions more people around the world. The virus spread across the U.S. with incredible speed as more than 100,000 people had already been infected by early March. In many ways the unexpected and quick arrival of the pandemic caught many households financially unprepared and ill-equipped to survive the economic shutdown unscathed. For those that have experienced rent hardship and have, or will soon, be subject to an eviction for non-payment of rent, they must recover not only from the short-term challenges of finding shelter and putting their lives back together, but also the long-term struggle of finding suitable housing with an often disqualifying and indelible mark on their rental history.
There seems to be no end in sight to the various concerns associated with COVID-19, and experts are hesitant to say when and if life as we knew it will ever return to “normal.” As the pandemic persisted, companies large and small quickly realized that jobs we all assumed had to be done in an office, can in fact be done from the comfort of one’s home. #WFH is a trending social media hashtag standing for “work from home,” and posts using this hashtag range anywhere from how to dress comfortably while remaining professional when working from home to setting up the perfect home office. #WFH, however, is not just a social media trend, but a new normal for many Americans as employers were forced to allow their employees to work from home due to health concerns related to COVID-19. This gives rise to questions such as, what about safety and security concerns related to employer data? And, where do employees draw the line between work and home when working from home? While this may be uncharted territory, top researchers say that #WFH may be the next big thing for companies worldwide.
The use of facial recognition technology in the commercial context generates numerous consumer privacy concerns. As technology becomes increasingly present in many aspects of our life, regulations on states and federal level are struggling to catch up. Currently, only three states (Illinois, Washington, and Texas) implemented biometric privacy laws, and only Illinois grants individuals with a private right of action.
Data protection measures have been increasingly crossing news headlines ever since the General Data Protection Regulation (GDPR) came into effect in 2018. However, data protection measures did not begin with the GDPR. In the United States, where there is a sectoral system in place, there have been regulations in place for years that monitor children’s online privacy (COPPA), health information (HIPAA), spam (CAN-SPAM), and even video rental history (VPPA). Despite these systems being implemented years ago, large companies still fail to properly comply with the requirements set forth. Recently, a settlement between YouTube and the FTC brought to light the importance of compliance with COPPA.
Cook County General Administrative Order 18-1 pertains to the Standard HIPAA Qualified Protective Orders (QPO) that will be permitted in Cook County. These orders will only be allowed for cases that are in litigation where the Plaintiff and Plaintiff’s counsel authorize disclosure of a litigants’ protected health information (PHI). It also requires all entities who received PHI to either return the documents to the Plaintiff or destroy them at the end of the case. These changes mean that Plaintiff’s attorneys will see a change in the handling of Plaintiff’s medical records and other documents covered under the QPO containing PHI.
In March 2019, Rush University Medical Center (“Rush University”) sent out breach notification letters to approximately 45,000 patients. The letter advises patients that a privacy incident occurred that may have involved the patients’ personal information. The privacy incident was caused by an employee of a third-party financial services vendor. The employee released a file that contained patient information to an unauthorized person. According to the breach notification letter, law enforcement and regulatory officials were involved in the investigation of the privacy incident. Rush University sent the breach notification letter in compliance with the Health Insurance Portability and Accountability Act’s privacy and security rules.
Ever since the Facebook and Cambridge Analytica scandal, concerns surrounding data privacy and protection have been growing. Both government agencies and individual users have particularly been concerned on how their data is being collected and used on social media websites such as Facebook. Germany has taken action in response to such concerns and recently took a step against Facebook’s collection of data in a decision that outlawed Facebook’s entire advertisement regime.
New data privacy regulations entail questioning both current and future technologies. Recently, Amazon has introduced a store concept that eliminates everyone’s least favorite things about shopping, long lines and small talk. Amazon Go is the grocery store of the future and these stores allow consumers to walk in, pick up the items that they need, and then walk right back out. That’s it. No long lines, no cashiers, no shopping carts. However, as great as this concept seems, there are still concerns from a data privacy standpoint as Amazon needs to collect personal data from its consumers in order to be able to lawfully execute these checkout-less stores.
Protected Health Information is seeing a surge of breaches on the cyber security front due to contractor error. It’s also impacting the most consumers in comparison to other data breaches and, in some cases, has the power to cause chaos in national infrastructure. Advances in technology and compliance measures can stem the tide and protect the most valuable information in consumers lives.