By Jonathan D. Karelitz and Craig B. Simonsen

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, contains extensive rules designed to limit access by non-health plan entities to certain individually identifiable health information (collectively referred to as the “Privacy Rule”).

The Privacy Rule contains a number of exceptions

By: Paul H. Kehoe and Lawrence Lorber

EEOC-logo2-150x150Earlier today, the EEOC published its much anticipated Notice of Proposed Rulemaking (“NPRM”) regarding the interaction between wellness plans and the Americans with Disabilities Act (“ADA”). As we have discussed here and here, the issue of whether an incentive or surcharge permitted (indeed, encouraged) under the Patient

By: Bart A. Lazar

A company faced with a security breach has a lengthy “to do” list, things to accomplish with respect to its incident response plan. It must, among other things, determine the root cause of the vulnerability or breach, investigate and eliminate the vulnerability or breach, determine the full nature and extent of