WSJ reported on November 22, 2013, Google’s push to move Google Glass, a computerized device with an “optical head-mounted display,” into the mainstream by tapping the prescription eyewear market through VSP Global—a nationwide vision benefits provider and maker of frames and lenses. If the speed and immersion of technology over the past few years had… Continue Reading
Today, the Centers for Medicare and Medicaid Services (CMS) requested an "emergency review" of its recently proposed rule that "[Federally-facilitated Exchanges or FFEs], non-Exchange entities associated with FFEs, and State Exchanges must report all privacy and security incidents and breaches to HHS within one hour of discovering the incident or breach." We reported on the proposed… Continue Reading
Click on the link in this post for high-level compliance roadmap concerning the Omnibus Privacy Rule under HIPAA and HITECH for covered plans, providers and business associates.
It seems more companies are considering whether to purchase or enhance their cyber or data breach insurance coverage. In recent years, these offerings have expanded giving businesses more choice, and perhaps so has the need for such coverage given the explosion of access to and transmission of confidential data. What is interesting about this development is the different… Continue Reading
Breach involving software upgrade to online application system leads to allegations of HIPAA privacy and security failures, and a $1.7 million settlement payment to HHS.
Texas amends its data breach notification statute and the law’s effects on persons out of state.
Are you a “non-Exchange entity” with respect to the healthcare exchanges coming later this year? If so you may become subject to a one-hour breach notification mandate.
Colorado joins eight other states in restricting employers’ use of credit information in making employment decisions
By: Lillian Chaves Moon In the face of increasing incidences of and rising public concern regarding identity theft, the California Legislature is considering a bill with new personal information data disclosure requirements for California businesses and a broad definition of what constitutes personal information. California Assembly Bill 1291, would require businesses who have customer personal… Continue Reading
Add New Mexico to the list of states with social medica privacy laws
In 2012, California took significant steps to increase privacy protections for users of mobile applications (apps) which involved working with companies such as Amazon, Apple, Facebook, Google, Hewlett-Packard, and Microsoft. In July 2012, the Attorney General created the Privacy Enforcement and Protection Unit, with the mission of protecting the inalienable right to privacy conferred by the… Continue Reading
The $50,000 in penalties that the Office for Civil Rights (OCR) recently imposed on a health care provider in Idaho was due in part to allegations that the HIPAA covered entity had not conducted a risk assessment as required under the HIPAA privacy and security regulations. Of course, HIPAA is not the only law that requires a risk assessment…. Continue Reading
HIPAA data breach affecting 441 patients leads to investigation resulting in $50K in penalties due to alleged lapses in security compliance.
Connecticut AG prepares for amendments to Connecticut’s data breach law going into effect on Oct. 1, 2012.
Another reported HIPAA breach results in $1.5 million dollar settlement between HIPAA covered entity and HHS’ Office of Civil Rights
A New York law, effective December 12, 2012, prohibits businesses and other entities from requiring individuals to disclose or furnish their Social Security Numbers for any purpose, subject to certain exceptions.
Burglary at hospital employee’s home results in stolen flash drive and HIPAA data breach
HIPAA audit following breach reported to OCR results in findings of noncompliance, settlement payment of $1.7 million and a three-year corrective action plan.
Notice to Connecticut Attorney General now required following data breaches affecting state residents.
14-day Attorney General notice and other amendments to Vermont’s Security Breach Notice Act further complicate data breach response.
The Massachusetts AG’s enforcement of its data security law demonstrates that it does not take lightly the loss of Massachusetts residents’ personal information, even if that loss has not caused any known harm to the affected residents, and that it may remain watchful over the subject of an investigation for years to come.
Like any business that handles personal information, debt collection agencies have obligations to maintain reasonable safeguards to protect that information. Recent enforcement activity by the Minnesota Attorney General’s office makes this clear. The banks, health care providers and other businesses that utilize collection services are also driving compliance as they demand these companies have written information… Continue Reading
Massachusetts service provider contract deadline – March 1, 2012 – should be a reminder to revisit all contracts with third party vendors to ensure they require the vendor to safeguard personal information.
Note to parents and school districts – data thieves are targeting cash-strapped school distrists to steal unprotected personal information of students who happen to have pristine credit histories.