A British TV station investigation into India’s medical transcription industry, known as Business Process Outsourcing (BPO), uncovered unsettling news for British subjects, as well as American citizens. Medical records sent to India to be transcribed and computerized are being sold. The Economic Times report on the investigation out of New Delhi suspects a "hardening of stance on the
Data Breach Due to Peer-to-Peer Software Reveals Numerous Congressional Ethics Inquiries
The Washington Post is reporting another inadvertent disclosure of sensitive information involving “peer-to-peer” or “P2P” technology. This time, the disclosure exposed a House Ethics Committee document outlining ongoing ethics investigations for an uncomfortably large number of House members. The same technology raises serious issues for employers.
According to the Washington Post, the now-terminated, junior committee
Social Network Monitors Beware
A New Jersey restaurant has been hit with a jury verdict in favor of two waiters who were fired after the restaurant’s managers accessed a private social networking site where the waiters were criticizing management.
As the social networking (e.g., MySpace and Facebook) “craze” continues to expand, employers must be more mindful of privacy
The Red Flags Are Coming
Reports indicate that identity theft is the fastest growing crime in the United States. In fact, the FTC lists identity theft as the most reported crime for 2008. Identity thieves use personally identifying information of unsuspecting individuals to open new accounts and misuse existing accounts, creating havoc for individuals and business and costing millions
Pretexting and the Need for Employers to Investigate Their Investigators
As reported by Ameet Sachdev, of the Chicago Tribune, a jury found an employer responsible for the actions of its investigators who obtained a former employee’s phone records through “pretexting.” Of the $1.8 million awarded to the former employee for breaches of her privacy, the jury awarded $1.75 million in punitive damages. Regardless
WISP: Do You Have a Plan for Your Company’s Sensitive Information?
Data privacy and security laws in states such as Massachusetts, Maryland and Nevada require businesses to develop written policies and procedures that provide administrative, physical, and technological safeguards to protect personal information – or a "written information security program" or "WISP." These laws do not require protections for confidential company information and trade secrets, but
Reporting a Breach of HIPAA Protected Health Information to HHS
Little more than one month after the HIPAA breach notification regulations became effective (September 23, 2009), covered entities (health care providers, health plans) and their business associates are struggling with the effects of these new rules. Many are asking:
- What is a breach?
- Do we have to notify in all cases, what are the exceptions?