As we previously discussed, the Office of Civil Rights (“OCR”) continues to push forward with the HIPAA audits required by the HITECH Act. To this end, the OCR recently posted the protocol which is used to conduct the HIPAA audits on its website. The HITECH Act requires HHS to provide for periodic audits to ensure covered … Continue Reading
Today, the NLRB‘s Acting General Counsel posted a third report regarding social media issues which have been brought to the agency. The cases discussed in this report should provide further guidance to employers struggling with developing strategies for using social media in their business, developing employee policies regulating activity in social media, and enforcing those policies. … Continue Reading
Massachusetts service provider contract deadline - March 1, 2012 - should be a reminder to revisit all contracts with third party vendors to ensure they require the vendor to safeguard personal information.… Continue Reading
We want to extend to you the opportunity to tell us what is on your mind in the world of data privacy, social media and information management.… Continue Reading
Note to parents and school districts - data thieves are targeting cash-strapped school distrists to steal unprotected personal information of students who happen to have pristine credit histories.… Continue Reading
As the holidays approach, I am reminded of an employment law attorney I used to know who wrote a column about this time of year about holiday parties. He would warn Human Resources (“HR”) professionals to beware of sexual harassment issues as the punch flows and inhibitions dissipate at the annual office get-together. How things have … Continue Reading
Today, the Office for Civil Rights formally announced its HIPAA audit plan, with audits commencing in November 2011. A new page on OCR's website answers some helpful questions for covered entities and business associates, which are summarized in this report.… Continue Reading
Approximately 150 HIPAA on-site audits are scheduled to begin in early 2012. Covered entities and business associates should be aware of the nature and scope of these audits and what they should be doing to be prepare should they be selected.… Continue Reading
An August 18, 2011, NLRB Memorandum helps to outline contours of what constitues protected concerted activity under NLRA Section 7. Of course, examination and analysis of the facts at issue, is critical, along with prudent advice from expert labor counsel. This post, however, discusses some of the helpful guidance concerning some popular policy provisions that if not adequately defined or limited could run afoul of Section 7 rights.… Continue Reading
The pervasiveness of social media in professional and everyday communication is a hot button issue (discussed at length here), particularly for private and public employers and organizations. In fact, many organizations have adopted, or are considering adopting, social media policies for employees and providing training for how employees should interact in cyberspace. But what should … Continue Reading
Reuters and other news outlets are reporting that Representative Mary Bono Mack has circulated draft legislation in response to the steady stream of data breaches that have occurred this year. According to the report, Senate Majority leader Harry Reid also has asked four Senate committees to pull together a comprehensive cybersecurity bill, hoping it will be brought … Continue Reading
The U.S. Department of Health and Human Services' (HHS) announced proposed changes to the HIPAA Privacy Rule to implement new requirements concerning individuals' rights to access reports and accountings of disclosures of their protected health information. The announcement seeks comments from the public as the agency hopes to craft the law so as to provide the greatest transparency for individuals with respect to access to and disclosures of their PHI, while minimizing the burden on covered entities and business associates.… Continue Reading
Government report says HIPAA enforcement not sufficient to protect electronic health information and recommends more audits. The result may be more "compliance reviews," audits, for covered entities and business associates.… Continue Reading
The National Association of Secretaries of State has recognized that the newest victims of identity theft are small and medium-sized businesses. These businesses need to take steps to safeguard not only personal information of customers, employees and others, but also the businesses' corporate and financial data.… Continue Reading
While years of lax enforcement may have lulled many HIPAA covered entities and business associates to not take HIPAA seriously, recent activities by HHS, including the recently announced nationwide enforcement training program for State Attorneys General should spur renewed efforts toward compliance.… Continue Reading
The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has imposed its first civil monetary penalty since the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) became effective in April 2003. HHS issued a Notice of Final Determination finding that Cignet Health of Prince George’s County, … Continue Reading
As employees become more savvy with electronic communications and employers face increasing challenges with controlling vast amounts of data, the circumstances in this recent San Francisco Examiner story are likely being repeated all over the country - employee takes company information to support her wrongful termination case.… Continue Reading
The demand for "data breach" insurance appears to be growing based on our experiences, as well as commentary such as a recent article by Pamela Lewis Dolan of American Medical News. As we’ve reported, data breach coverage is something quite different than traditional "cyber-risk" coverage which tends to address "hazards such as unauthorized Web site access, online libel, data … Continue Reading
The combination of “social media” and the “workplace” raises many traps for the unwary employer: Can we use social media when hiring? Can employees be prohibited from using social media at work? Can we monitor employees use of social media? What are the essential elements of a social media policy? As with many issues involving new … Continue Reading
