David Holtzman reports:
Look for the Biden administration to put health data privacy and security on the front burner next year.
As attorney general for California, U.S. Department of Health and Human Services Secretary Designate Xavier Becerra developed a track record as a proponent of consumer privacy initiatives. Most recently, his office developed and implemented the regulations for the roll-out of the California Consumer Privacy Act. He also took an active role in new laws addressing privacy and security aspects for direct-to-consumer genetic testing and testing companies.
Read more on GovInfoSecurity, where Holtzman reviews the past year and makes some predictions for the future in terms of HIPAA enforcement.
I am already on record as to the fact that I will be on a one-blogger campaign in 2021 to get HHS/OCR to take more enforcement action against entities who experience breaches or data leaks but do not notify HHS or those whose protected health information (PHI) was accessed, or even worse, exfiltrated and dumped on the dark web or in public spaces where anyone can download or buy their information. In 2020, this blogger, using her findings from investigations on DataBreaches.net, filed watchdog complaints with HHS about a number of entities who failed to notify patients after ransomware threat actors not only successfully attacked them, but dumped patient data.
Those complaints were just the beginning of what will be a much more frequent occurrence in 2021. Hopefully HHS will agree that failure to notify patients of theft and public dumping of PHI is something they should not ignore.