Since mid-2013, the Department of Health and Human Services has recovered more than $10 million from numerous entities in connection with alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”). However, during a recent American Bar Association conference, Jerome B. Meites, a chief regional civil rights counsel at the Department of Health and Human Services (“HHS”)… Continue Reading
Unencrypted laptop computers and other mobile devices pose significant risks to the security of patient information, reminds the U.S. Department of Health and Human Services Office for Civil Rights (OCR) in its announcement yesterday that it collected $1,975,220 from two entities collectively to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA)… Continue Reading
University’s $400,000 payment to HHS to settle HIPAA compliance allegations highlights critical role of risk assessments, and need for security policies and procedures.
Top 13 data privacy and security issues for 2013
The $50,000 in penalties that the Office for Civil Rights (OCR) recently imposed on a health care provider in Idaho was due in part to allegations that the HIPAA covered entity had not conducted a risk assessment as required under the HIPAA privacy and security regulations. Of course, HIPAA is not the only law that requires a risk assessment…. Continue Reading
Today the White House issued a Cybersecurity Legislative Proposal. The proposed legislation focuses on protecting the American people, the nation’s critical infrastructure, and the federal government’s computers and networks. While legislation of this nature would simplify the breach reporting process for businesses, and overall streamline cybersecurity laws, a number of legislative attempts to do this have previously failed. … Continue Reading
The National Association of Secretaries of State has recognized that the newest victims of identity theft are small and medium-sized businesses. These businesses need to take steps to safeguard not only personal information of customers, employees and others, but also the businesses’ corporate and financial data.
Pursuant to the Fair Credit Reporting Act (pdf), the Federal Trade Commission has promulgated three notices (pdf): (i) A General Summary of Rights; (ii) A Notice to Furnishers of Information to Consumer Reporting Agencies; and (iii) A Notice to Users of Consumer Reports (such as employers). In late August, the FTC proposed revisions to the three current… Continue Reading
The most frequent question we hear from clients who want to develop or tighten their data privacy and security policies and procedures: Where do we start? In most cases, the first step for the group charged with this task is to understand the organization’s "information risk." This means, in short, examining what information the company has,… Continue Reading