California Governor Jerry Brown signed AB-1710 into law yesterday amending its existing data breach notification statute. The most significant change – companies that experience a data breach must provide information in the notification that if identity theft prevention and mitigation services are provided, they must be provided for at least 12 months to affected persons
Have You Obtained a HPID?
The Department of Health and Human Services (“HHS”) recently released guidance on the application process to obtain a Health Plan Identifier (“HPID”). A HPID is an all-numeric 10-digit identification number that many HIPAA-covered health plans are required to adopt by November 5, 2014. Think of a HPID like an EIN for health plans. HPIDs will
Medical Information Worth 10x More Than Credit Card Data On Black Market
When many people think about identity theft and data breaches, they tend to think about credit card data and bank accounts. This makes sense given the large-scale breaches in the news lately. However, Reuters reported last week that medical information is “worth 10 times more than [] credit card number[s] on the black market” a
IRS Issues Fraud Alert to Financial Institutions Complying with FATCA
The Internal Revenue Service issued a fraud alert for international financial institutions complying with the Foreign Account Tax Compliance Act (FATCA). According to the report, scam artists posing as the IRS – through attacks known as “phishing attacks” – have fraudulently solicited financial institutions seeking account holder identity and financial account information. Financial institutions
HIPAA Privacy Rule Also Affected By Supreme Court’s DOMA Decision in U.S. v. Windsor
When the U.S. Supreme Court decided United States v. Windsor, it declared section 3 of the Defense of Marriage Act (DOMA) to be unconstitutional. For many companies, the decision meant changes to certain of their employee benefit plans, as well as the tax treatment of employee contributions for same sex spouses. However, declaring section
Big Data in the Workplace, EEOC Attorney Urges Caution
You may have been reading about how “Big Data” technologies are being used for a variety of purposes, such as making purchase suggestions based on prior buying patterns or staging law enforcement resources based on predictions for where and when crimes are likely to occur. But these technologies also are being used in
HIPAA Reminders – Business Associate Agreement Deadline and Continuation of OCR Audits
I recently had the pleasure of speaking to a great group at the Connecticut Assisted Living Association (CALA) about HIPAA and a range of related practical issues. Many covered entities and business associates, particularly those that are small businesses, continue to work on understanding the privacy and security standards, and how to best apply them
Companies Need to be Better Prepared to Respond to Problematic Social Media Activity, Including Facebook “Likes”
The National Labor Relations Board has found that another employer (a non-union employer) violated its employees’ protected concerted activity rights under the National Labor Relations Act (NLRA) when it disciplined and fired them for certain social media activity. Our Labor Group provides an extensive analysis of this decision in Triple Play Sports Bar and Grille
New Hampshire Joins the Growing Number of States Limiting Employer Access to Employee Online Accounts
Effective September 30, 2014, New Hampshire joins sixteen other states (Arkansas, California, Colorado, Illinois, Louisiana, Maryland, Michigan, New Jersey, New Mexico, Nevada, Oklahoma, Oregon, Tennessee, Utah, Washington, and Wisconsin) in prohibiting employers from requiring employees or job applicants to disclose their login information for accessing any “personal account” or service through an electronic communication device.
Report Says Russian Hackers Stole 1.2 Billion Usernames and Passwords, But Don’t Let “Breach Fatigue” Take Hold
In what is believed to be the largest security breach to date, the Associated Press reported that Russian hackers have stolen 1.2 billion user names and passwords. According to the AP, Milwaukee security firm, Hold Security, learned of the breach, but has yet to provide details about the series of website hackings believed to have