Tag Archives: comprehensive data security plan

Strengthening Data Security Through Human Resources and Information Technology Teamwork

Human Resources (“HR”) and information technology (“IT”) departments play unique and important roles within an organization. With instances of data breaches on the rise, however, companies should be mindful of the importance of regular communication and collaboration between employees in these departments with respect to issues of data security. Addressing such issues should not be … Continue Reading

The Commercial Privacy Bill of Rights Act

Two Senators who clearly did not let the potential government work stoppage affect them, formally introduced the Commercial Privacy Bill of Rights Act of 2011 on April 12.  In a bipartisan effort, Senators John Kerry (D-Mass.) and John McCain (R-Arizona) introduced the legislation which sets forth privacy rules governing businesses that collect, use, or share … Continue Reading

HHS Settlement Follows Enforcement Fine

In a uniquely timed second showing of enforcement authority, the Department of Health and Human Services (HHS) announced on February 24, 2011 a one million dollar settlement with a Massachusetts hospital that allegedly breached patient data.  This settlement announcement comes only days after HHS announced a 4.3 million dollar HIPAA Privacy Rule fine.  The Massachusetts … Continue Reading

Attorney General Securing Personal Data in Indiana

Indiana recently enacted a new law which grants authority to the Indiana Office of the Attorney General’s Identity Theft Unit to obtain and secure abandoned records with personally identifying information, including health records, and either destroy them or return them to their owners. Additionally, the new law sets fines and other legal ramifications for violations of … Continue Reading

Dealing with Data Breaches: Health Net Suit Highlights Need for Effective Security Incident Procedures and Training

As we have discussed before, data breach notification is one of the most rapidly emerging areas of law. Good security incident procedures as well as effective training can help avoid the risk of data breach. (Sample data breach training).  A case in point: Connecticut’s Attorney General has filed a civil action against Health Net of the Northeast … Continue Reading

Data Security, Destruction and Encryption Leads the Way for States in 2010

Less than one month into 2010 the trend to address data security, destruction, and encryption has continued among state lawmakers. Specifically, Florida, Michigan, Kentucky, Kansas, Pennsylvania, and New York all have introduced, reintroduced, or amended legislation of this kind.  The Florida and Michigan laws would amend personal data destruction rules for companies. The New York law … Continue Reading

Health Net’s Data Breach Highlights Need for Privacy Officer with Clear Job Description

Health Net Inc., one of the nation’s largest publicly traded managed health care companies, recently notified authorities and informed affected persons, with a statement on its website, that the unencrypted personal information of 1.5 million current and former members, stored on a portable disk drive, is missing from the company’s Connecticut office. The company is now … Continue Reading
LexBlog