David Holtzman


About David Holtzman

This author has not yet filled in any details.
So far David Holtzman has created 60 blog entries.

Enforcement of CCPA Begins July 1st While Regulations Still in the Offing

The California Consumer Privacy Act of 2018 (CCPA), which took effect on January 1, 2020 requires businesses that collect, share, or sell the personal information of California residents to provide a long list of privacy rights, including a notice of privacy policies, the right to request an accounting of disclosures, the right of access to their personal information, and to have it deleted.  The CCPA defines these terms very broadly and apply to many businesses throughout the U.S. that

OCR Warns Hospitals: No News Media in Treatment Areas Without Patient Authorization

The Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS) recently issued guidance and FAQs reminding health care providers that the COVID-19 public health emergency has not changed the federal health privacy protections concerning disclosure to the media an individual’s health information or reporting on their treatment. OCR has previously placed special emphasis through its enforcement activity that the HIPAA Privacy Rule does not permit health care providers to give media and film

COVID-19: Tips for Secure Remote Worksites, Telehealth Video, and Messaging

Telehealth and Remote Worksites Are Here to Stay During the COVID-19 pandemic many healthcare providers and administrative staff are working from home. Technology can allow providers and support teams to do much of what they could do from the medical office or administrative worksite, remotely through a variety of device platforms including computers, tablets, and smartphones. But these personal devices are proving to be more susceptible to cybersecurity vulnerabilities that pose significant information security risk to patient data and

OCR Relaxes HIPAA Rules for COVID-19 Testing Sites

Mobile, walk-up and drive-through COVID-19 testing sites operated by hospitals, healthcare providers, and pharmacy chains are the latest beneficiaries of a series of targeted measures to relax enforcement for violations of the HIPAA health information privacy, security, and breach notification standards. The Department of Health and Human Services (HHS), Office for Civil Rights (OCR) issued a Notice of Enforcement Discretion announcing that healthcare providers and their business associates will not be subject to penalties for noncompliance with the requirements

New York’s Sweeping Data Protection & Breach Notification Law Now in Full Force

New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act requiring organizations controlling the private information of New York residents put into place information security programs to safeguard electronic data took effect on March 22, 2020.  New York joins a growing number of states revamping their breach notification and data security laws by broadening the scope of protected information and requiring organizations handling sensitive consumer information to have put into place “reasonable safeguards” to protect personal information through

OCR Allows Internet Apps for Telehealth During COVID-19 Emergency

In a pair of sweeping directives that will have far reaching implications for healthcare providers and their patients, the Office for Civil Rights (OCR) issued guidance and FAQs through which the agency details that it will waive potential penalties against healthcare providers for violations of the HIPAA privacy, security, or breach notification standards when it involves the “good faith” use of many widely available internet messaging and videoconferencing applications to provide telehealth [i] treatment services to a patient during the

Some HIPAA Requirements Waived for Hospitals in Response to Coronavirus

The Secretary of HHS has declared a nationwide public health emergency. The declaration includes a suspension of some of the requirements of the HIPAA Privacy Rule for hospitals to help ease communications between healthcare providers caring for patients in need of coronavirus testing and treatment, patients’ families, and public health authorities. The Secretary has exercised the authority to waive sanctions and penalties against a covered hospital that does not comply with the following provisions of the HIPAA Privacy Rule: The requirements

OCR Allows Use of Videoconferencing During Coronavirus Emergency

Healthcare providers may provide treatment services to patients using a variety of non-public facing telehealth technologies without complying with the requirements of the HIPAA Privacy and Security standards. The Office for Civil Rights (OCR) issued guidance that it will use its enforcement discretion to not impose penalties against healthcare providers who communicate with patients or use telehealth services that do not comply with the requirements of the HIPAA standards while the COVID-19 national emergency declaration remains in effect. According

Thinking About Buying New IoT Devices? Better Wait ‘til Next Year for Better Security Features!

IoT Devices Vulnerable to Cybersecurity Threats   Healthcare organizations, like other businesses, are integrating “smart technologies” into devices and facility controls that are connected to the internet. While much attention has been paid to the cybersecurity risks surrounding information systems that handle e-PHI, the security risks related to IoT devices are less well known. Since IoT devices are connected to the internet, they can be hacked just like any other internet-enabled device. Many device manufacturers do not design security

Debunking Four Common Myths of the California Consumer Privacy Act (CCPA)

How CCPA Applies to Healthcare, Non-Profits, and Data Outside of California Beginning January 1, 2020, the California Consumer Privacy Act (CCPA) requires businesses that collect, share, or sell the personal information of California residents to provide a long list of privacy rights. Much like the General Data Protection Regulation (GDPR) in Europe, CCPA is expected to dramatically alter the way American businesses use and disclose information about people and, in many cases forcing organizations to reexamine their practices. Let’s