Information Risk

Subscribe to Information Risk via RSS

Healthcare providers continue to have challenges with responding to attorney requests for information and subpoenas. We highlighted some of these last year, along with some issues providers should be considering to help meet those challenges.  In this case, after the patient advised the provider not to disclose her PHI to her significant other, the

Most employers are well aware that potential liability lurks if unauthorized information is disclosed to third parties. Obvious examples would include unauthorized employee or applicant health or financial information or personal information such as social security numbers and the like.

In an interesting twist, the Minnesota Supreme Court considered whether liability could be created when

Thanks to a new state law enacted to protect minors from the modern follies of youth, minors in California can ring in the New Year by permanently deleting their regrettable online posts. This so-called “Online Eraser Law” – signed by Governor Jerry Brown on September 23, 2013 – will take effect on January

Data is rarely still. It is captured, processed and moved around the world at speeds we wouldn’t have dreamed possible 20 years ago. Data often disrespects borders. By way of example, companies often mistakenly store personal data in the cloud to be accessed by multiple international locations, without considering the legal rights of the data

An employer had no cause of action under the Computer Fraud and Abuse Act (“CFAA”) against an employee who accessed its computer systems to misappropriate confidential and proprietary business information to start a competing business, the U.S. District Court for the Southern District of Ohio has held. Cranel Inc. v. Pro Image Consultants Group, LLC,

A New York Times article earlier this week reported that top officials at the Treasury Department have identified a key area for strengthening data security – third-party service providers. Reuters reported that on Tuesday of this week New York State Department of Financial Services superintendent, Benjamin Lawsky, sent a letter to a number of

On September 25, a four-year old boy from New Jersey died of Enterovirus D-68, reports myfoxphilly.com. Increasingly, there are reports about potential Ebola cases in the U.S.

Naturally, the spread of infectious disease raises concern for everyone, particularly for healthcare workers who want to do their jobs, and also protect their families. There are

California Governor Jerry Brown signed AB-1710 into law yesterday amending its existing data breach notification statute. The most significant change – companies that experience a data breach must provide information in the notification that if identity theft prevention and mitigation services are provided, they must be provided for at least 12 months to affected persons

When many people think about identity theft and data breaches, they tend to think about credit card data and bank accounts. This makes sense given the large-scale breaches in the news lately. However, Reuters reported last week that medical information is “worth 10 times more than [] credit card number[s] on the black market” a