HIPAA data breach affecting 441 patients leads to investigation resulting in $50K in penalties due to alleged lapses in security compliance.
Continue Reading Small HIPAA Breach (Affecting Fewer Than 500) Leads to Substantial Penalties
Written Information Security Program
OCR Releases Guidance on “De-Identification” of PHI under HIPAA
On Monday, the Office for Civil Rights released guidance regarding methods for de-identification of protected health information (PHI) in accordance with the HIPAA Privacy Rule and as required by the American Recovery and Reinvestment Act of 2009.
HIPAA covered entities and business associates recognize the increasing risks related to handling "protected health information." One way to reduce these…
California Employees Get New Rights to Personnel Records Beginning in 2013
California Governor Jerry Brown has signed into law (AB 2674) new requirements specifying when and how employers must respond to their employees’ requests for inspection and copying of their personnel files. The new requirements become effective January 1, 2013.
California AG Begins Enforcing the State’s Online Privacy Protection Act for Websites, Aps
California AG begins enforcing the state’s Online Privacy Protection Act which requires commercial operators of online services, including websites and mobile and social apps, that collect personally identifiable information from Californians to conspicuously post a privacy policy.
Continue Reading California AG Begins Enforcing the State’s Online Privacy Protection Act for Websites, Aps
Sandy – A Reminder to Adopt/Reevaluate Your Disaster Recovery Plan
The effects of a hurricane like Sandy should be a reminder to all businesses of the importance of disaster recovery planning. When these storms threaten there is no shortage of images of sandbags and plywood being used to prevent harm to companies’ bricks and mortar. However, rarely do we see steps businesses should be taking to protect…
Connecticut AG Makes Email Address Available to Companies to Report Data Breaches
Connecticut AG prepares for amendments to Connecticut’s data breach law going into effect on Oct. 1, 2012.
Continue Reading Connecticut AG Makes Email Address Available to Companies to Report Data Breaches
Massachusetts Health Care Provider, MEEI, Settles HIPAA Charges Following Stolen Electronic Storage Device
Another reported HIPAA breach results in $1.5 million dollar settlement between HIPAA covered entity and HHS’ Office of Civil Rights…
Continue Reading Massachusetts Health Care Provider, MEEI, Settles HIPAA Charges Following Stolen Electronic Storage Device
DOD, GSA, and NASA Propose New Rule Affecting Federal Contractor Requirements to Safeguard Government Information
Attention federal contractors – DOD, GSA and NASA propose adding a required contract clause for federal contractors to address data security.
Continue Reading DOD, GSA, and NASA Propose New Rule Affecting Federal Contractor Requirements to Safeguard Government Information
New York Tightens Protections on Social Security Numbers
A New York law, effective December 12, 2012, prohibits businesses and other entities from requiring individuals to disclose or furnish their Social Security Numbers for any purpose, subject to certain exceptions.
Continue Reading New York Tightens Protections on Social Security Numbers
Stolen Flash Drive Leads to Another HIPAA Data Breach
Burglary at hospital employee’s home results in stolen flash drive and HIPAA data breach…
Continue Reading Stolen Flash Drive Leads to Another HIPAA Data Breach