Health Care Reform Dashboard

Health Care Reform Dashboard

Charting Developments with the
Affordable Care Act and Beyond

Philip N. Yannella | 215.864.8180 | view full bio As Practice Leader of Ballard Spahr's Privacy and Data Security Group, and Practice Leader of the firm's E-Discovery and Data Management Group, Philip N. Yannella provides clients with 360-degree advice on the transfer, storage, and use of digital information. Phil regularly advises clients on the Stored Communications Act (SCA), Computer Fraud and Abuse Act (CFAA), EU-US Privacy Shield, General Data Protection Regulation (GDPR), Defense of Trade Secrets Act, PCI-DSS, Telephone Consumer Protection Act (TCPA), New York Department of Financial Services Cybersecurity Regulations, ISO 27001 compliance, HIPAA Security Rules, and FTC enforcement activity, as well as eDiscovery issues—leveraging his experience serving as National Discovery Counsel for more than two dozen companies in nationwide litigation. He harnesses his deep knowledge of privacy, data security, and information governance laws to help multinational companies develop global information governance programs to comply with overlapping, and sometimes conflicting, laws. Phil serves on the advisory board for the ACC Foundation's Cybersecurity Survey, the largest survey of in-house counsel on cybersecurity issues.

Subscribe to all posts by Philip N. Yannella

New Wiretap Cases Target Hospitals Using Meta Pixel

Posted in Health Plans, Healthcare Providers / Suppliers, HIPAA, HIPAA and Data Security
As we discussed in a recent webcast, there has been a surge in litigation focused on companies’ use of Meta Pixel, which is tracking code that enables the sharing of user online activity with Facebook.  Recent litigation has alleged that use of Meta Pixel with online videos violates the Video Privacy Protection Act (VPPA).  An even [&hellip… Continue Reading »

Data Breach Class Action Reinstated Against Horizon Healthcare Services, Inc.

Posted in Health Plans, Healthcare Providers / Suppliers, HIPAA and Data Security, Litigation
The U.S. Court of Appeals for the Third Circuit has vacated a district court’s dismissal of a data breach class action filed against Horizon Healthcare Services Inc., in the wake of the 2013 theft of two computer laptops containing unencrypted personal information of Horizon Healthcare plan members. The decision potentially expands the circumstances under which [&hellip… Continue Reading »

HHS Designates Cloud Service Providers as Business Associates Under HIPAA

Posted in Health Plans, Healthcare Providers / Suppliers, HIPAA, HIPAA and Data Security
Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the cloud service provider is not able to view it. This unequivocal determination, made in recent guidance by the U.S. Department of Health and [&hellip… Continue Reading »

Important Lessons for Businesses from FTC’s Opinion on LabMD’s Data Security Practices

Posted in Healthcare Providers / Suppliers
The Federal Trade Commission (FTC) has issued an Opinion and Final Order finding that the data security practices of LabMD, Inc. were unreasonable, and therefore constituted an unfair act or practice in violation of Section 5 of the FTC Act. In so holding, the FTC vacated a November 2015 Initial Decision by the FTC’s chief [&hellip… Continue Reading »

OCR Announces First HIPAA Enforcement Action Against a Business Associate

Posted in Health Plans, Healthcare Providers / Suppliers, HIPAA, HIPAA and Data Security
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced an agreement with Catholic Health Services of the Archdiocese of Philadelphia (CHCS), settling allegations that CHCS violated the Health Insurance Portability and Accountability Act (HIPAA) Security Rule by failing to protect electronic protected health information (ePHI). This is the first enforcement [&hellip… Continue Reading »

FDA Issues Draft Guidance on Cybersecurity for Postmarket Medical Devices

Posted in Healthcare Providers / Suppliers
The Food and Drug Administration’s (FDA) most recent draft guidance focuses on cybersecurity in postmarket medical devices and makes recommendations for identifying, assessing, and responding to cybersecurity vulnerabilities. The draft guidance, issued January 22, 2016, applies to medical devices that contain software (including firmware) and software that is a medical device. The draft guidance follows [&hellip… Continue Reading »