In good and not-so-good economic times, the on-boarding process – recruiting, application, hiring and orientation – is critical for employers to attract and welcome new talent. In recent years, technology has enabled employers to perform all or a part of this process on-line, significantly increasing efficiency and reducing costs. Moving to a web-based on-boarding system
HIPAA Enforcement Regulations Updated for Penalty Increases and Enhancements under the HITECH Act
The Department of Health and Human Services (HHS) published interim final regulations on October 30, 2009, to update existing enforcement regulations under HIPAA for statutory revisions made by the Health Information Technology for Economic and Clinical Health (HITECH) Act. These regulations become effective November 30, 2009, and only address the provisions of the HITECH Act
HIPAA Data Breaches in India Threaten Outsourcing Industry, Require Greater Vigilance at Home
A British TV station investigation into India’s medical transcription industry, known as Business Process Outsourcing (BPO), uncovered unsettling news for British subjects, as well as American citizens. Medical records sent to India to be transcribed and computerized are being sold. The Economic Times report on the investigation out of New Delhi suspects a "hardening of stance on the
Data Breach Due to Peer-to-Peer Software Reveals Numerous Congressional Ethics Inquiries
The Washington Post is reporting another inadvertent disclosure of sensitive information involving “peer-to-peer” or “P2P” technology. This time, the disclosure exposed a House Ethics Committee document outlining ongoing ethics investigations for an uncomfortably large number of House members. The same technology raises serious issues for employers.
According to the Washington Post, the now-terminated, junior committee
Pretexting and the Need for Employers to Investigate Their Investigators
As reported by Ameet Sachdev, of the Chicago Tribune, a jury found an employer responsible for the actions of its investigators who obtained a former employee’s phone records through “pretexting.” Of the $1.8 million awarded to the former employee for breaches of her privacy, the jury awarded $1.75 million in punitive damages. Regardless
WISP: Do You Have a Plan for Your Company’s Sensitive Information?
Data privacy and security laws in states such as Massachusetts, Maryland and Nevada require businesses to develop written policies and procedures that provide administrative, physical, and technological safeguards to protect personal information – or a "written information security program" or "WISP." These laws do not require protections for confidential company information and trade secrets, but
Reporting a Breach of HIPAA Protected Health Information to HHS
Little more than one month after the HIPAA breach notification regulations became effective (September 23, 2009), covered entities (health care providers, health plans) and their business associates are struggling with the effects of these new rules. Many are asking:
- What is a breach?
- Do we have to notify in all cases, what are the exceptions?