June 2012

Alaska DHSS HIPAA Breach Affects 501 Individuals, But Results in $1.7 Million Settlement with HHS Following Compliance Review

By Joseph J. Lazzarotti on June 27, 2012

Posted in HIPAA, Identity Theft, Information Risk, Written Information Security Program

HIPAA audit following breach reported to OCR results in findings of noncompliance, settlement payment of $1.7 million and a three-year corrective action plan.
Continue Reading Alaska DHSS HIPAA Breach Affects 501 Individuals, But Results in $1.7 Million Settlement with HHS Following Compliance Review

OCR Issues Protocol For HIPAA Privacy, Security and Breach Notification Audit Program

By Jason C. Gavejian on June 27, 2012

Posted in Featured, HIPAA

As we previously discussed, the Office of Civil Rights (“OCR”) continues to push forward with the HIPAA audits required by the HITECH Act. To this end, the OCR recently posted the protocol which is used to conduct the HIPAA audits on its website.

The HITECH Act requires HHS to provide for periodic audits to…

MN AG Aims to Amend Allegations Against Accretive

By Jackson Lewis P.C. on June 20, 2012

Posted in HIPAA

Minn. AG accuses business associate of backdating a business associate agreement…
Continue Reading MN AG Aims to Amend Allegations Against Accretive

Connecticut Amends Data Breach Notification Statute; Notice to Attorney General Now Required

By Joseph J. Lazzarotti on June 19, 2012

Posted in Data Security, Identity Theft, Information Management, Information Risk

Notice to Connecticut Attorney General now required following data breaches affecting state residents.
Continue Reading Connecticut Amends Data Breach Notification Statute; Notice to Attorney General Now Required

Vermont Becomes Eighth State to Limit Access and Use By Employers of Credit Information

By Joseph J. Lazzarotti on June 16, 2012

Posted in Information Management, Workplace Privacy

Effective July 1, 2012, Vermont joins California, Connecticut, Hawaii, Illinois, Maryland, Oregon, and Washington as jurisdictions that restrict an employer’s right to obtain and use credit information for making employment decisions. Similar legislation is pending in many other jurisdictions. Click here for more information about the Vermont law.

Vermont Strengthens Data Breach Notification Requirements

By Joseph J. Lazzarotti on June 16, 2012

Posted in Data Security, Identity Theft, Information Management, Information Risk

14-day Attorney General notice and other amendments to Vermont’s Security Breach Notice Act further complicate data breach response.
Continue Reading Vermont Strengthens Data Breach Notification Requirements

HHS Makes HIPAA Training Materials Available to State Attorneys General

By Joseph J. Lazzarotti on June 5, 2012

Posted in HIPAA

Federal HIPAA enforcement agency adds new online tool to train State Attorneys General to enforce HIPAA.
Continue Reading HHS Makes HIPAA Training Materials Available to State Attorneys General

Workplace Privacy, Data Management & Security Report