Ricardo Rivera Cardona of the Puerto Rico Health Insurance Administration, intending to send a message by imposing the largest penalty to date ($6.8 million) arising out of a breach of protected health information under HIPAA, as reported by Infomation Security Media Group, is quoted as saying:
We are sending a message that we are
A study (registration required) by two data security firms, Norse in Silicon Valley and SANS, discussed in a recent L.A. Times article, confirms the concerns raised by the FDA and others about increased use of internet-connected medical devices by healthcare providers and the corresponding increase in the information systems of those providers being attacked,
Written by Jeffrey M. Schlossberg
When does a medical clinic’s employee’s unauthorized texting of patient confidential health information result in liability to the clinic? The answer; it depends.
In Doe v. Guthrie Clinic, Ltd., the Second Circuit Court of Appeals dismissed a patient’s claim against a medical corporation for alleged breach of fiduciary duty
In honor of National Data Privacy Day, we provide the following “Top 14 for 2014.” While the list is by no means exhaustive, it does provide critical areas businesses will need to consider in 2014.
As one nursing facility in New York has learned, asking employees or applicants about their family medical history can violate the Genetic Information Nondiscrimination Act (“GINA”) and draw the ire of the U.S Equal Employment Opportunity Commission (EEOC). Founders Pavilion, Inc., a former Corning, N.Y. nursing and rehabilitation center, will pay $370,000 to settle discrimination
Privacy and data security issues and concerns do not stop at the water’s edge. Companies needing to share personal information, even when the sharing will take place inside the same “company,” frequently run into challenges when that sharing takes place across national borders. In some ways, the obstacles created by the matrix of federal and
A familiar story – small health care provider suffers a data breach affecting patient data, reports incident to the federal Office for Civil Rights (OCR) and winds up becoming subject to an OCR investigation that goes well beyond the breach itself, resulting in a significant settlement payment and corrective action plan.
In this case,
On December 13, 2013, Fordham Law School’s Center on Law and Information Policy published a study (Study) that paints a sobering picture of how many public schools across the country handle student data, particularly with respect to data they store and services they (and students) use in the “cloud.” There is little doubt that many
WSJ reported on November 22, 2013, Google’s push to move Google Glass, a computerized device with an “optical head-mounted display,” into the mainstream by tapping the prescription eyewear market through VSP Global—a nationwide vision benefits provider and maker of frames and lenses. If the speed and immersion of technology over the past few years
If your cloud service provider sounds like your local weather reporter – partly cloudy with a chance of rain – you may be in for a data security storm. A USA Today guest essay by Rajiv Gupta highlights the need for a multi-layered approach for cloud providers to ensure data stored in the cloud is