Archives: Featured

Subscribe to Featured RSS Feed

OCR Issues Protocol For HIPAA Privacy, Security and Breach Notification Audit Program

As we previously discussed, the Office of Civil Rights (“OCR”) continues to push forward with the HIPAA audits required by the HITECH Act.  To this end, the OCR recently posted the protocol which is used to conduct the HIPAA audits on its website.  The HITECH Act requires HHS to provide for periodic audits to ensure covered … Continue Reading

Third Social Media Report From NLRB Acting General Counsel

Today, the NLRB‘s Acting General Counsel posted a third report regarding social media issues which have been brought to the agency. The cases discussed in this report should provide further guidance to employers struggling with developing strategies for using social media in their business, developing employee policies regulating activity in social media, and enforcing those policies. … Continue Reading

Third Party Vendors Equal Data Breach Risk, Massachusetts Vendor Contract Deadline Approaches – March 1, 2012

Massachusetts service provider contract deadline - March 1, 2012 - should be a reminder to revisit all contracts with third party vendors to ensure they require the vendor to safeguard personal information.… Continue Reading

Social Media and the Holidays

 As the holidays approach, I am reminded of an employment law attorney I used to know who wrote a column about this time of year about holiday parties. He would warn Human Resources (“HR”) professionals to beware of sexual harassment issues as the punch flows and inhibitions dissipate at the annual office get-together.  How things have … Continue Reading

OCR Announces HIPAA Audit Program

Today, the Office for Civil Rights formally announced its HIPAA audit plan, with audits commencing in November 2011. A new page on OCR's website answers some helpful questions for covered entities and business associates, which are summarized in this report.… Continue Reading

NLRB Acting General Counsel Issues Opinion On Social Media and the NLRA

An August 18, 2011, NLRB Memorandum helps to outline contours of what constitues protected concerted activity under NLRA Section 7. Of course, examination and analysis of the facts at issue, is critical, along with prudent advice from expert labor counsel. This post, however, discusses some of the helpful guidance concerning some popular policy provisions that if not adequately defined or limited could run afoul of Section 7 rights.… Continue Reading

Addressing Social Media Use–Recent Ruling on Students’ Social Networking Reaffirms Need for Policies and Training

The pervasiveness of social media in professional and everyday communication is a hot button issue (discussed at length here), particularly for private and public employers and organizations.  In fact, many organizations have adopted, or are considering adopting, social media policies for employees and providing training for how employees should interact in cyberspace.  But what should … Continue Reading

Rep. Mary Bono Circulates Draft Data Breach and Data Security Law

Reuters and other news outlets are reporting that Representative Mary Bono Mack has circulated draft legislation in response to the steady stream of data breaches that have occurred this year. According to the report, Senate Majority leader Harry Reid also has asked four Senate committees to pull together a comprehensive cybersecurity bill, hoping it will be brought … Continue Reading

HHS Announces Proposed Changes to HIPAA Privacy Rule

The U.S. Department of Health and Human Services' (HHS) announced proposed changes to the HIPAA Privacy Rule to implement new requirements concerning individuals' rights to access reports and accountings of disclosures of their protected health information. The announcement seeks comments from the public as the agency hopes to craft the law so as to provide the greatest transparency for individuals with respect to access to and disclosures of their PHI, while minimizing the burden on covered entities and business associates.… Continue Reading

Small to Mid-Sized Businesses Wake Up! The National Association of Secretaries of State Warns Identity Theft Does Not Just Hurt Individuals

The National Association of Secretaries of State has recognized that the newest victims of identity theft are small and medium-sized businesses. These businesses need to take steps to safeguard not only personal information of customers, employees and others, but also the businesses' corporate and financial data.… Continue Reading

HHS’ First Civil Penalty Under HIPAA is $4.3 Million

The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has imposed its first civil monetary penalty since the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) became effective in April 2003. HHS issued a Notice of Final Determination finding that Cignet Health of Prince George’s County, … Continue Reading

Employers Beware: Aggrieved Employee Commits Data Breach Affecting 2400 Individuals

As employees become more savvy with electronic communications and employers face increasing challenges with controlling vast amounts of data, the circumstances in this recent San Francisco Examiner story are likely being repeated all over the country - employee takes company information to support her wrongful termination case.… Continue Reading

Data Breach Insurance Growing In Popularity for Health Care Providers, Others

The demand for "data breach" insurance appears to be growing based on our experiences, as well as commentary such as a recent article by Pamela Lewis Dolan of American Medical News. As we’ve reported, data breach coverage is something quite different than traditional "cyber-risk" coverage which tends to address "hazards such as unauthorized Web site access, online libel, data … Continue Reading

A New NLRB May Mean New Concerns Regarding Social Media

The combination of “social media” and the “workplace” raises many traps for the unwary employer: Can we use social media when hiring? Can employees be prohibited from using social media at work? Can we monitor employees use of social media? What are the essential elements of a social media policy? As with many issues involving new … Continue Reading