By almost 1.5 million votes, California voters approved Proposition 24, the California Privacy Rights Act of 2020 (“CPRA”). The CPRA amends and expands the California Consumer Privacy Act of 2018 (“CCPA”) and is affectionately referred to as “CCPA 2.0.” While the CPRA’s requirements do not take effect until January 1, 2023, the CPRA ushers in
Daniel J. Kagan
Dan Kagan is an Associate in the Health Care, Long Term Care and Privacy and Cybersecurity Groups. He represents hospitals, physicians, nursing homes, assisted living communities, CCRCs and other health care clients with a wide range of regulatory, compliance, risk management, transactional and reimbursement issues.
As a member of the Health Care and Long Term Care groups, Dan has experience representing clients with HIPAA compliance, Stark and anti-kickback analyses, purchase and sale transactions, reviewing and drafting contracts, certificate of need requirements, rate appeals, Medicare and Medicaid audits, medical staff and credentialing matters, licensing and change of ownership proceedings.
Prior to joining Murtha Cullina, Dan clerked for the Honorable Lubbie Harper, Jr. and the Honorable Joseph H. Pellegrino of the Connecticut Appellate Court.
Dan received his J.D. with honors from the University of Connecticut School of Law where he was a Notes and Comments Editor for the Connecticut Insurance Law Journal. He earned his Bachelor of Arts in Economics from McGill University.
FBI Issues Cybersecurity Warning To US Hospitals And Healthcare Providers
Today, the FBI, together with the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA), put out an alert advising that they have credible information of an imminent cybersecurity threat to US hospitals and healthcare providers. The alert can be found here. Should you have any questions or…
Covid-19 and the Challenges of a Remote Workforce
As the Covid-19 pandemic continues throughout the world, many workplaces have gone virtual. While the advent of technology makes a remote workforce possible, the newly remote workforce brings with it additional challenges to a company’s information technology (“IT”) systems. However, proper policies and procedures that govern the security of IT systems and employees’ use of such systems can go a long way to help protect an organization.
Continue Reading Covid-19 and the Challenges of a Remote Workforce
A Reminder That Covered Entities Of All Sizes Need To Comply With HIPAA Security Rule
On March 3, 2020, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) signaled to covered entities of all sizes that they need to take their HIPAA obligations seriously. OCR entered into a settlement and corrective action plan with a small physician practice for $100,000 to settle alleged violations of the HIPAA Security Rule. This enforcement action is an example of OCR enforcing HIPAA’s requirements on smaller covered entities. OCR specifically noted that this practice sees approximately 3,000 patients per year. …
Continue Reading A Reminder That Covered Entities Of All Sizes Need To Comply With HIPAA Security Rule
A HIPAA Compliance Program “In Disarray” Leads to OCR Imposing a $2.15 Million Civil Monetary Penalty
Last week, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) imposed a civil monetary penalty (“CMP”), to the tune of $2.15 million, against Jackson Health System (“JHS”). The CMP stemmed from JHS’ numerous HIPAA violations that occurred from 2013 through 2016. …
Continue Reading A HIPAA Compliance Program “In Disarray” Leads to OCR Imposing a $2.15 Million Civil Monetary Penalty
OCR Fines Dental Practice $10,000 For Social Media Disclosures
There is no doubt that social media has its benefits, especially for medical practices that have come to use it for marketing and advertising. However, risks are lurking. On October 2, 2019, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) entered into a $10,000 settlement with a dental practice (the “Practice”) for disclosing protected health information of a patient when responding to a review on a Yelp page.
Continue Reading OCR Fines Dental Practice $10,000 For Social Media Disclosures
100 Days from CCPA, Is Your Business Ready?
We are 100 days away from the California Consumer Privacy Act (“CCPA”). Are you ready? The CCPA, the first comprehensive United States privacy law takes effect on January 1, 2020, with an enforcement date of July 1, 2020.
Does CCPA Apply to My Business?…
Continue Reading 100 Days from CCPA, Is Your Business Ready?
“Alexa – Can You Comply with HIPAA?”
Apparently, that answer is yes. According to Amazon, its virtual personal assistant, Alexa, can now transfer and handle protected health information (“PHI”) in accordance with HIPAA. Amazon expects Alexa to handle various healthcare related tasks, including scheduling urgent care appointments, checking health insurance benefits and reading blood-sugar tests, among others. To create these new services,…
Popular Children’s App Music.ly Settles FTC COPPA Claims
Music.ly, now known as Tik Tok, an app popular with children and teenagers, settled a lawsuit with the FTC under the Children’s Online Privacy Protection Act (“COPPA”) to the tune of $5.7 Million Dollars. This sum is the largest civil penalty the FTC has ever obtained under COPPA. …
Continue Reading Popular Children’s App Music.ly Settles FTC COPPA Claims
HIPAA Enforcement In 2018 Hits All Time High
Privacy and cybersecurity is at the forefront of everyone’s mind these days and, in 2018, the Office for Civil Rights (“OCR”) settled ten cases and prevailed in another before an Administrative Law Judge to the tune of $28,700,000. This is a new record for OCR, besting 2016 by over $5,000,000. The latest settlement clocked in at $3,000,000, owed by a health system in California that experienced two breaches of electronic protected health information (“ePHI”), which affected 62,500 individuals. The first breach involved a security configuration where persons could access files with ePHI without a username or password, thereby making ePHI available to anyone with access to the health system’s server. The second breach involved a server misconfiguration, exposing the health system’s ePHI over the internet, including social security numbers and treatment information.
Continue Reading HIPAA Enforcement In 2018 Hits All Time High