Final HIPAA privacy and security regulations issued by the U.S. Department of Health and Human Services will require action by group health plan sponsors by September 2013. According to an employee benefits blog issued by McDermott Will & Emory, the final rule largely adopts the proposed HITECH regulations with some additional expansions and clarifications, adopts revised breach notification rules, adopts a revised penalty structure for covered entities and business associates that violate HIPAA privacy and security rules, and incorporates protections required by the Genetic Information Nondiscrimination Act (GINA).
You can find information about The Genetic Information Nondiscrimination Act of 2008 (GINA), in a blog post of mine written in late 2009. Local healthcare attorney Jennifer Stiller guest blogged here and here in early 2010 about the HITECH and new privacy regulations. And now, finally, we have final regulations. You can read additional details in the excellent article written by Amy M. Gordon and Jamie A. Weyeneth of McDermott Will & Emory.
While the connection of the phrase social media with the concept of privacy may seem to be an oxymoron, there are some fundamental constitutional principles which cement them together. Think about free speech, freedom of association, and freedom from self-incrimination.
In my last post entitled “Keep Your Nose Out of Employee Posts” I mentioned the passage of new legislation in California designed to protect employee privacy rights regarding their social media accounts. In today’s ABA Law News Now article entitled “Site Unseen: Schools, Bosses Barred from Eyeing Students’, Workers’ Social Media,” they discuss similar legislation in Delaware, Maryland and Illinois. A comment posted to this discussion adds that The Canadian Supreme Court ruled recently that employers have no right to look at an employees internet history as it reveals too much about an individual”, and provides a link to an article about it.
Mostly, the egregious conduct legislation is attempting to stop is the practice employed by schools and employers which compel employees and students to disclose their private passwords, thereby providing access to personal information which is not otherwise publicly available. At some schools, students are even forced to install software which essentially logs everything they type.