Photo of Deborah Gersh

On March 13, 2024, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that it had opened an investigation into the monumental cyberattack on Change Healthcare (“Change”), a unit of UnitedHealth Group (“UHG”). The attack is one of the largest assaults against the U.S. health care system, with far-reaching

On June 24, 2022, the Supreme Court issued its opinion in Dobbs v. Jackson Women’s Health Organization, overturning precedent that protected access to abortion services before the point of fetal viability. Instead, the Supreme Court stated that state legislatures have the authority to regulate abortion, leading several states to enact laws banning the procedure

BillA group of Republican Senators have introduced a new privacy bill that would impose strict privacy obligations on contact-tracing apps operated by entities not subject to HIPAA. Most notably, the COVID-19 Consumer Data Protection Act of 2020 would obligate such entities to obtain express affirmative consent from individual consumers before using their geolocation, proximity, or personal health data.
Continue Reading Pandemic Privacy: Republican Senators Announce Plan to Introduce COVID-19 Consumer Data Protection Act of 2020

BillOn March 19, 2020, Governor Pritzker issued Executive Order 2020-09 (the “Executive Order”), expanding access to health care services for all Illinois residents provided through remote means during the term of the COVID-19 Gubernatorial Disaster Proclamation, which declares a state of disaster in Illinois. The Executive Order expands the technologies that may be used to deliver telehealth services and creates a coverage requirement for all medically necessary services delivered through telehealth. The Executive Order is followed by the recent CARES Act, which expands access to telehealth for Medicare beneficiaries, and the filing of an 1135 Waiver under the Social Security Act by the Illinois Department of Health and Family Services (“IDHS”) to expand its already broad Medicaid coverage of telehealth services.
Continue Reading Illinois’s Expansion of Access to Health Care via Telehealth Executive Order 2020-09 & Medicaid Emergency Rulemaking

remote workOn March 20, 2020, the Office for Civil Rights at the U.S. Department of Health and Human Services (“OCR”) released guidance in the form of FAQs1 clarifying its notification earlier in the week that it would not penalize health care providers for noncompliance with HIPAA rules in the good faith provision of telehealth during the nationwide COVID-19 public health emergency (the “Notification of Enforcement Discretion” or “Notification”).2
Continue Reading OCR Releases FAQs Clarifying Telehealth Enforcement Discretion During COVID-19

The recent novel coronavirus (COVID-19) outbreak has caused significant disruption to the global economy, and it has the potential to create a lasting impact on the business operations of companies worldwide.  We are advising our clients on several legal issues related to the situation, including workplace safety, data protection and business continuity, supply-chain disruption and more, as well as offering counsel in connection to specific challenges faced in various industries.

This list of frequently asked questions and answers provides some initial guidance on how to navigate and mitigate the challenges posed by events related to the coronavirus.Continue Reading COVID-19 FAQs

On August 8, 2019, a panel of the Ninth Circuit Court of Appeals affirmed a California district court’s decision allowing plaintiffs to proceed on claims against Facebook under the Illinois Biometric Information Privacy Act (“BIPA”), 740 Ill. Comp. Stat. 14/  (2008). Patel v. Facebook, Inc., 2019 U.S. App. LEXIS 23673. The ruling marks the first federal appellate court decision affirming a broad Article III standing precedent for plaintiffs asserting claims under BIPA – which may impact both BIPA cases as well as data breach cases under the California Consumer Privacy Act (“CCPA”). The appeals court also held that the potential for large statutory damages did not constitute grounds to refuse to certify the proposed class.
Continue Reading Ninth Circuit Affirms Ruling that Plaintiffs Have Article III Standing in Illinois Biometric Privacy Class Action