Friday, March 04, 2011

HHS Gets Serious About Privacy

The Department of Health and Human Services is getting serious about its privacy enforcement responsibilities, announcing that it has imposed big penalties on two medical centers that violated the Health Insurance Portability and Accountability Act (HIPAA). HHS imposed a fine of $4.3 million on Cignet Health Center for ignoring the requests of patients who wanted access to their medical records and then failing to cooperate with an investigation into the incident by HHS's Office of Civil Rights. And Mass General agreed to pay $1,000,000 to settle charges that it had violated the HIPAA Privacy Rule when an employee accidentally left on the subway documents containing protected health information of 192 patients.

© Copyright 2011 Steptoe & Johnson LLP

Generic Website Coding Does Not Remove CDA Immunity

A federal district court in Georgia, in Herman v. Xcentric Ventures, LLC, has granted summary judgment to a website in a case that emphasizes the “robust immunity” provided by the Communications Decency Act (CDA). Defendant Xcentric Ventures operates, which allegedly displayed an anonymous defamatory post about the plaintiff’s law firm. As we have previously reported, courts have interpreted Section 230(c)(1) of the CDA as providing broad immunity for websites that display third-party content, as long as the websites do not contribute to the content. The plaintiffs argued that the website had added “original content” by providing a title for the third-party report, metatags, and new content on the website itself, thus acting as an information content provider and voiding any immunity under the CDA. The court determined, however, that any content contributed by the website was “generic” and common to all the user-generated comments on the site, and that the website had not created any content specifically about the plaintiff.

© Copyright 2011 Steptoe & Johnson LLP