As the vast array of internet-connected devices mushrooms, and technologies permit those devices to communicate with one another, calls for privacy and security can be heard. On the heels of a recent victory in the ongoing LabMD case, the Federal Trade Commission (FTC) announced yesterday “concrete steps” businesses can take to enhance the privacy
Healthcare Providers and Business Associates: Don’t Ignore the Insider Threats
News reports of security risks, hackings and breaches caused by individuals, terror groups or even countries around the world certainly are important and can be unsettling. But, for many organizations, including healthcare providers and business associates, a significant and perhaps more immediate area of data risk rests with an organization’s workforce members. An organization’s information
President Obama to Call For National Data Breach Notification Law and Other Cybersecurity Measures
About two years ago, President Obama signed an executive order on the date that he delivered his State of the Union address which directed certain federal agencies to develop voluntary standards for achieving cybersecurity. Preparing for his 2015 State of the Union address, Bloomberg and other news outlets are reporting this morning that President Obama
Indiana Attorney General Enforces HIPAA For First Time – Another Lesson for Small Business
As we reported, state Attorneys General have authority to enforce the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), pursuant to the authority granted under the Health Information Technology for Clinical and Economic Health (HITECH) Act. Shortly after announcing plans to seek legislation requiring stronger protections for personal and
Indiana Joins a Growing List of States Seeking to Tighten Data Security and Data Breach Notification Requirements in 2015
As we reported, there are a number of signs pointing to a significant tightening of regulation and increased enforcement of data security mandates. Following efforts in New Jersey, New York and Oregon, Indiana Attorney General Greg Zoeller announced his office is seeking legislation that would better protect the online personal and financial information
Data Security in 2015 for Banks, HIPAA Covered Entities, and Small Businesses Too
Some have called 2014 the “Year of the Data Breach.” That may be true given the steady stream of large-scale data breaches affecting tens of millions of individuals. We do not know if this time next year commentators will be saying the same thing about 2015, but there are signs pointing to a
“Employees Must Be Permitted To Use Company Email for Statutorily Protected Communications” -NLRB
We reported earlier that the National Labor Relations Board had been considering changing its previous position that “employees have no statutory right to use the[ir] Employer’s e-mail system for Section 7 purposes.” The NLRB’s position in this regard was established in 2007, under the NLRB’s ruling in Register Guard. Today, in Purple Communications Inc.
Postal Workers Union Complains to NLRB About Post Office Data Breach
After being hit with a data breach, the last thing a company might want is the scrutiny of the union representing its employees affected by the incident. When the data breach potentially affecting hundreds of thousands of United States Postal Service employees was reported, it was not long after that the American Postal Workers
OCR Issues Ebola Guidance on HIPAA Privacy
According to the New York Times, Bellevue Hospital Center patient Craig Spencer, the first New Yorker to be infected with Ebola, is scheduled to be released today. And while the intense reporting about Ebola has subsided, perhaps indicating a lowering of the perceived threat of Ebola spreading further in the U.S. (although many continue
Negligence Claims for Breach of Patient Privacy Not Preempted by HIPAA, Connecticut Supreme Court Holds
Healthcare providers continue to have challenges with responding to attorney requests for information and subpoenas. We highlighted some of these last year, along with some issues providers should be considering to help meet those challenges. In this case, after the patient advised the provider not to disclose her PHI to her significant other, the