Record Retention and Destruction

Subscribe to Record Retention and Destruction

Recent HIPAA Settlement Offers Lessons on Data Disposal and the Meaning of PHI

By Joseph J. Lazzarotti on August 24, 2022

Posted in Data Breach Notification, HIPAA, Information Management, Information Risk, Record Retention and Destruction

A $300,640 settlement announced yesterday by the Office for Civil Rights (OCR) provides important reminders about HIPAA Privacy Rule and data privacy practices generally: robust data disposal practices are critical and “protected health information” (PHI) is not limited to diagnosis or particularly sensitive information.

The OCR’s settlement involved a New England dermatology practice that reported…

The RIPTA Data Breach May Provide Valuable Lessons About Data Collection and Retention

By Joseph J. Lazzarotti on January 12, 2022

Posted in Biometric Information, BIPA, California Consumer Privacy Act, Consumer Privacy, Data Breach Notification, Data Security, GDPR, HIPAA, Information Management, Information Risk, Record Retention and Destruction, Third Party Service Providers

Efforts to secure systems and data from a cyberattack often focus on measures such as multifactor authentication (MFA), endpoint monitoring solutions, antivirus protections, and role-based access management controls, and for good reason. But there is a basic principle of data protection that when applied across an organization can significantly reduce the impact of a data…

Workplace Privacy, Data Management & Security Report

Record Retention and Destruction

Recent HIPAA Settlement Offers Lessons on Data Disposal and the Meaning of PHI

Jackson Lewis

About Jackson Lewis