All companies with Tennessee employees or customers need to revise their data incident policies and procedures. Tennessee has revised their breach notification statute to remove the encryption safe harbor, which previously...more
On March 21, 2016, the Office for Civil Rights (OCR) formally announced the start of its 2016 Phase 2 Health Insurance Portability and Accountably Act (HIPAA) Audit Program. Unlike Phase 1, in which OCR's 2012 pilot program...more
Hollywood Presbyterian Medical Center in Los Angeles recently paid a $17,000 ransom in bitcoins to a malware hacker who seized control of the hospital's computer systems and demanded money ransom as a condition to returning...more
United States and European Union Commission negotiators announced today that they have reached a political agreement on a new data transfer framework that will replace the Safe Harbor Program, which was invalidated in 2015 by...more
On December 18, 2015, President Obama signed the 2016 Consolidated Appropriations Act. Included in this must-pass federal funding legislation is the Cybersecurity Act of 2015, which represents the most significant federal...more
On October 6, 2015, the Court of Justice of the European Union declared invalid the more than 15-year-old EU-U.S. Safe Harbor Framework. Thousands of U.S. businesses have complied with, and thus relied upon, the Safe Harbor...more
10/8/2015
/ Binding Corporate Rules ,
Cybersecurity ,
Data Protection Authority ,
Edward Snowden ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
Facebook ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Ireland ,
National Security ,
National Security Agency (NSA) ,
Personal Data ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework
On July 10, 2015, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a settlement agreement with St. Elizabeth's Medical Center (SEMC) in Brighton, Massachusetts, regarding potential...more
7/16/2015
/ Compliance ,
Corrective Actions ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
Electronically Stored Information ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Passwords ,
Settlement Agreements
The Office of the National Coordinator for Health IT (ONC) released an updated version of the 2011 Guide to Privacy and Security of Electronic Health Information (Guide). The 62-page Guide provides significant guidance to...more
On December 18, 2014, President Barack Obama signed several significant cybersecurity bills into law. These bills include the Federal Information Security Modernization Act, the Border Patrol Agent Pay Reform Act, the...more
The title of this alert, which comes straight from the Department of Health and Human Services Office for Civil Rights' (OCR) announcement of its most recent settlement, again underscores the critical need for covered...more
On November 6, 2014, the U.S. Department of Labor, Employee Benefits Security Administration (DOL) published Technical Release 2014-01, which provides technical guidance to States concerning stop-loss insurance. Stop-loss...more
It has long been established that there was no private right of action with regard to HIPAA. All providers must be aware that state courts are beginning to turn the tide regarding such liability. On November 11, 2014, the...more
The Centers for Medicare & Medicaid Services (CMS) Innovation Center intends to award $840 million in grants to test methodologies to improve clinical practices and care. CMS's Transforming Clinical Practice Initiative (TCPI)...more
California Governor Jerry Brown signed into law on September 30, three amendments to California's privacy laws of which every business must be aware. The amendments to the Civil Code (i) significantly broaden the scope of...more
The list of states requiring the disposal or destruction of personal data is growing, and companies need to respond accordingly by adopting data destruction plans. Delaware recently became the latest in a series of states to...more
Companies commonly utilize Facebook as part of their online social media advertising strategy. Companies should revisit this strategy in light of a recent finding in the Northern California U.S. District Court (In re Hulu...more
On August 18, 2014, Community Health Systems, Inc. (CHS) publicly confirmed, in a filing with the Securities and Exchange Commission (CHS filing), that its computer network was attacked between April and June 2014 by hackers...more
8/21/2014
/ China ,
Corporate Counsel ,
Cyber Attacks ,
Data Breach ,
Data Protection ,
EHR ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Malware ,
PHI ,
Popular
On June 20, 2014, and in the wake of several high profile data breaches, Governor Rick L. Scott signed into law the Florida Information Protection Act of 2014 (FIPA), which will replace Florida's existing data breach...more
As reported in the media, a serious vulnerability in the popular OpenSSL cryptographic software library, called the Heartbleed bug, was recently discovered. This vulnerability permits the theft of information, including...more
On March 28, 2014, the HHS Office of the National Coordinator for Health Information Technology (ONC), in conjunction with the HHS Office for Civil Rights (OCR), released a Security Risk Assessment tool (SRA tool) to assist...more
On September 19, the Health and Human Services Department (HHS) issued guidance on the effect of the January 25, 2013 Final Rule provision about remuneration related to prescription refill reminders and medication adherence...more