Elliot Golding

Blogs: Global IP & Technology Law Blog, SECURITY & PRIVACY // BYTES, The Anticorruption Blog, Triage Health Law

Latest Articles

Will the CCPA be the New TCPA for Plaintiffs?

By Petrina McDaniel, Elliot Golding & Keshia Lipscomb on May 28, 2019

Last year, the California legislature enacted the California Consumer Privacy Act (the “CCPA”), which imposes key data privacy requirements on businesses collecting or storing data about California residents. The CCPA provides for civil penalties imposed by the California Attorney General (“AG”) and creates a private right of action for those residents impacted by a data breach. While the CCPA does not go into effect until January 1, 2020, businesses that will likely be subject to…

Triage Health Law

Healthcare Cybersecurity Best Practices Out Now

By Elliot Golding on January 30, 2019

A new outlook on the most prominent cybersecurity threats in the healthcare industry today and a series of corresponding, risk-prioritized cybersecurity best practices to combat these threats are now available from the Department of Health and Human Services (HHS). More than 150 private sector healthcare and cybersecurity experts contributed to this guidance as part of the task force HHS established in response to The Cybersecurity Act of 2015. Their goal, cost-effectively strengthening cybersecurity in the…

SECURITY & PRIVACY // BYTES

Cybersecurity Takes Focus in Healthcare

By Elliot Golding on January 30, 2019

Cybersecurity awareness recently took center stage in the healthcare industry when the Department of Health and Human Services (HHS) issued comprehensive risk-prioritized cybersecurity best practices to combat top threats. HHS mapped this guidance to the National Institute of Standards and Technology (NIST) Cybersecurity Framework, cross-referencing 88 individual sub-practices for healthcare organizations of all sizes. The HHS guidance focuses on ten top-level cybersecurity best practices, coupled with a series of recommended procedure-strengthening “Threat Quick Tips,” to…

SECURITY & PRIVACY // BYTES

Google Defeats Alleged BIPA Violations for Retention and Collection of Face-geometry Scans via Google Photos

By Robin Campbell, Elliot Golding & India Scarver on January 22, 2019

Google recently defeated claims that it violated Illinois’s Biometric Identification Privacy Act (“BIPA”) by collecting and retaining facial scans created from photographs uploaded by Google Photos users without obtaining consent and complying with other statutory requirements. The federal court ultimately held that plaintiffs failed to allege a concrete injury sufficient for Article III standing. Finding in Google’s favor, the court distinguished cases finding standing in BIPA cases because, unlike those cases, Google had not shared plaintiffs’…

SECURITY & PRIVACY // BYTES

Digital Health Update: Recent FDA Cyber Initiatives

By Elliot Golding & Jennifer Tharp on November 15, 2018

The Food and Drug Administration (FDA) has recently issued several cybersecurity and medical device initiatives as part of the agency’s increased focus on digital health. These initiatives include draft cybersecurity guidance for medical devices, increased coordination with the Department of Homeland Security, and the promotion of artificial intelligence. Elliot Golding and Jennifer Tharp provided an overview of recent developments in a post on our sister blog, Triage Health Law. Digital Health Update: Recent FDA …

Triage Health Law

Digital Health Update: Recent FDA Cyber Initiatives

By Elliot Golding & Jennifer Tharp on November 15, 2018

The Food and Drug Administration (“FDA”) has greatly increased its activity around cybersecurity initiatives and medical devices. As we approach the end of the year, this is a great opportunity to review recent developments. FDA Medical Device Cybersecurity Guidance On October 18, 2018, the FDA published draft guidance, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.” This draft replaces prior guidance from 2014, and the outlines recommendations for device design, data…

Triage Health Law

Unauthorized TV Cameras in Hospitals Yield Costly HIPAA Penalties of $999,000

By Elliot Golding, Anne Harrington & Jennifer Tharp on October 3, 2018

For the second time in as many years, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) entered into settlement agreements with and levied hefty fines on three hospitals that allegedly impermissibly disclosed patients’ protected health information to ABC News in the course of filming a television network documentary series. OCR announced on September 20 that Boston Medical Center, Brigham and Women’s Hospital and Massachusetts General Hospital each reached agreements with HHS…

Triage Health Law

Recent Guidance by ONC and SAMHSA Sheds Light on Compliance Requirements for 42 CFR Part 2

By Elliot Golding, Anne Harrington & Jennifer Tharp on July 12, 2018

In the face of the ongoing opioid crisis in the United States, the Office of the National Coordinator for Health Information Technology (“ONC”) and the Substance Abuse and Mental Health Services Administration (“SAMHSA”) recently released two fact sheets to clarify how the requirements of 42 CFR Part 2 apply in different provider contexts, including via electronic health information exchange (“HIE”). The Part 2 regulations were initially promulgated in 1975 to ensure the confidential treatment of…

SECURITY & PRIVACY // BYTES

Security of Health Information is Serious Business

By Elliot Golding on June 27, 2018

The Office of Civil Rights is serious about the security of health information. How serious? A cancer center was recently fined $4.3 million for failing to adequately encrypt its devices. Our Partners, Tom Zeno and Elliot Golding review and discuss the decision in a post on our sister blog, Triage Health Law.…

The Anticorruption Blog

A Lesson: Follow Through With Encryption Plan

By Thomas Zeno & Elliot Golding on June 27, 2018

Even the best laid plan for data security requires follow through. A cancer center was penalized $4.3 million by the government for failing to complete its encryption plan for devices. The decision is instructive even for companies not specifically required to protect data under government regulation. Tom Zeno and Elliot Golding of Squire Patton Boggs discuss the case and its lesson. Go here for the article. …

Elliot Golding

Will the CCPA be the New TCPA for Plaintiffs?

Healthcare Cybersecurity Best Practices Out Now

Cybersecurity Takes Focus in Healthcare

Google Defeats Alleged BIPA Violations for Retention and Collection of Face-geometry Scans via Google Photos

Digital Health Update: Recent FDA Cyber Initiatives

Digital Health Update: Recent FDA Cyber Initiatives

Unauthorized TV Cameras in Hospitals Yield Costly HIPAA Penalties of $999,000

Recent Guidance by ONC and SAMHSA Sheds Light on Compliance Requirements for 42 CFR Part 2

Security of Health Information is Serious Business

A Lesson: Follow Through With Encryption Plan

Company

Support

New to the Network