Written Information Security Program

Subscribe to Written Information Security Program via RSS

Developed by Knightscope, the K5 Autonomous Data Machine is a 5 foot tall, 300 pound robotic device designed to be “a safety and security tool for corporations, as well as for schools and neighborhoods,” as reported by the New York Times. While K5 may not yet be ready for prime time, its developers

In a victory for California healthcare providers, the California Court of Appeal recently held that a health care provider is not liable under California’s Confidentiality of Medical Information Act (CMIA) (Cal. Civ. Code, § 56 et seq.) when the health care provider releases an individual’s personal identifying information, but the information does

An Office for Civil Rights (OCR) report issued this month reveals some interesting details about data breach activity under HIPAA, as well as some helpful reminders and recommendations for covered entities and business associates. Section 13402(i) of the HITECH Act requires the Secretary of Health and Human Services to submit a report to various Senate

Effective January 1, 2015, Tennessee employers, including government entities, will be prohibited from requesting or requiring access to the private social networking or online accounts of employees and job applicants under the Volunteer State’s “Employee Online Privacy Act of 2014,” signed by Governor Bill Haslam. Our Tennessee colleagues outline the key provisions of the law

Unencrypted laptop computers and other mobile devices pose significant risks to the security of patient information, reminds the U.S. Department of Health and Human Services Office for Civil Rights (OCR) in its announcement yesterday that it collected $1,975,220 from two entities collectively to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA)

Iowa made changes to its breach notification law (Iowa Code § 715C.1 et seq.) when the state’s Governor, Terry Branstad, signed S.F. 2259 into law. The amendment makes the following key changes which become effective July 1, 2014:

  1. The existing law applies to “computerized” personal information. The amendment clarifies that this includes personal

Kentucky Gov. Steve Beshear signed H.R. 232 on April 10, 2014, making the Commonwealth the 47th state to enact a data breach notification law. The law also limits how cloud service providers can use student data. A breach notification law in New Mexico may follow shortly.

Data Breach Notification Mandate

The Kentucky law follows the

Many organizations believe they have taken all steps necessary to eliminate the risk of a data breach. They often point to the organization’s deft IT team and tout the installation of some of the latest software solutions to protect sensitive data. However, some of these same organizations often fail to take some very basic steps

Skagit County, Washington, has agreed to settle potential violations of the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), according to an announcement by the Office for Civil Rights (OCR) on Friday.  OCR reported that Skagit County, home to approximately 118,000 residents, agreed to a $215,000 monetary

According to an FTC press release, identity theft tops the national ranking of consumer complaints for 2013, with American consumers losing a reported $1.6 billion to fraud last year. Here is how some of the numbers break down:

  • Fourteen (14) percent of the more than two million complaints to the FTC (or 290,056) stemmed