Michael Schrage at Harvard Business Review warns his readers, “Stop swearing at Siri. Quit cursing Cortana,” arguing such behavior could soon be seen just as destructive to an organization as ridiculing a subordinate. In the 1993 film, Demolition Man, Sylvester Stallone’s character, John Spartan, received multiple tickets from a wall box that overheard him
How Much Do You Spend on Cybersecurity…and on What?
Fortune.com reported that according to an International Data Corporation (IDC) forecast, by 2020, spending on security-related hardware, software, and services will eclipse $100 billion. However, consulting company NTT Com Security recently surveyed 1,000 executives and found only about half of them reported having a formal plan to respond to a data breach. Franklin wisely noted
HHS Issues Cloud Computing Guidance Which Is Helpful To All Users of Cloud Services
Last week, the Department of Health and Human Services’ Office for Civil Rights (OCR) provided guidance for HIPAA covered entities and business associates that use or want to use cloud computing services involving protected health information (PHI). Covered entities and business associates seeking cloud services often have many concerns regarding HIPAA compliance, and this
VOTE 2016 – The Only Easy Choice
In an election year that has divided much of the country, we are providing you with a clear and simple choice this voting cycle. To this end, we are proud to announce that the Workplace Privacy Report Has Been Nominated for The Expert Institute’s Best Legal Blog Competition.
From a field of hundreds of potential
Smaller HIPAA Breaches To Get More Attention by Office for Civil Rights
The HIPAA breach notification rule has two buckets for classifying data breaches – those that involve “protected health information” (PHI) of 500 or more individuals and those that involve fewer than 500 individuals. Since the breach notification rule became effective, the Office of Civil Rights’ (OCR) focus has been on the 500 and over bucket.
EU-U.S. Privacy Shield Q&A
Last month, the European Union and U.S. officials announced final approval of the EU-U.S. Privacy Shield (Privacy Shield), replacing the Safe Harbor which was invalidated by the Court of Justice of the European Union in October 2015. Like it predecessor, the Privacy Shield will allow organizations based in the United States to self-certify compliance with
HIPAA and $15 Million in 2016
For years, many questioned whether the HIPAA privacy and security rules would be enforced. The agency responsible for enforcement, Health and Human Services’ Office for Civil Rights (OCR), promised it would enforce the rules, but just after a period “soft” enforcement and compliance assistance. That period appears to be ending. During the first seven months
5 Practice Tips for Law Firms as Data Breach Spotlight Swings Their Way
While data breach incidents affecting the entertainment, retail, healthcare, and financial industries have garnered more attention in past years, the data breach spotlight recently shifted to law firms.
This shift was triggered by media coverage of the breach and leak of the Panama Papers, and by reports that, in 2015, hackers breached the networks
Facebook’s “Trending” Section and Human Resources Analytics
According to a recent New York Times article, “Facebook scrambled on Monday to respond to a new and startling line of attack: accusations of political bias.” Slate followed with a report that the online social networking giant became the subject of a United States Senate inquiry, with Commerce Committee Chairman John Thune wanting information about
Check Your Spam Filter, You Might Have Been Selected for a HIPAA Audit!
Yesterday, the federal Office for Civil Rights (OCR) announced Phase 2 of its HIPAA Audit Program (Program). In its announcement, the OCR reports that the Program is underway and provides some helpful FAQs for covered entities and business associates about the Program. Preparation is critical and there are some key points covered entities and business