The Genetic Information Nondiscrimination Act (GINA) [pdf], signed into law in May 2008, prohibits discrimination by health insurers and employers based on individuals’ genetic information. Genetic information includes the results of genetic tests to determine whether someone is at increased risk of acquiring a condition (such as some forms of breast cancer) in the future
Cloud Computing – Did the City of Los Angeles Make the Right Move?
“Cloud computing” takes many forms, but, fundamentally, it is a computer network system that allows consumers, businesses, and other entities to store data off-site and manage it with third-party-owned software accessed through the Internet. Files and software are stored centrally on a network to which end users can connect to access their files using computers
The Final, Final Massachusetts Data Security Regulations and a Checklist for Compliance
The Massachusetts Office of Consumer Affairs and Business Regulations (OCABR) announced on November 4, 2009, the filing of final regulations (pdf) with the Secretary of State’s office, the final step before the regulations take effect March 1, 2010.
The final regulations differ slightly from the version of the regulations issued in August 2009, which made significant
Blue Cross Blue Shield Data Breach Highlights Need for Employee Training/Awareness
Today, Connecticut Attorney General Richard Blumenthal announced his office will investigate a data breach that occurred in late August that affected approximately 18,817 Connecticut health care professionals. The American Medical Association reported earlier that this breach involved the personal information, including Social Security numbers, of an estimated 850,000 physicians nationwide. What is most troubling
Senate Judiciary Committee Approves Data Security and Breach Notification Measures
Yesterday, the U.S. Senate Judiciary Committee again approved two pieces of legislation that would require certain entities to safeguard personal information and notify individuals of breaches of that information. Over the last few years, similar legislation made it out of various Committees, but failed to go any further. Could this time be different?
The Committee voted
Employers Go Green: Electronic On-Boarding – Personal Information and Other Challenges
In good and not-so-good economic times, the on-boarding process – recruiting, application, hiring and orientation – is critical for employers to attract and welcome new talent. In recent years, technology has enabled employers to perform all or a part of this process on-line, significantly increasing efficiency and reducing costs. Moving to a web-based on-boarding system
HIPAA Enforcement Regulations Updated for Penalty Increases and Enhancements under the HITECH Act
The Department of Health and Human Services (HHS) published interim final regulations on October 30, 2009, to update existing enforcement regulations under HIPAA for statutory revisions made by the Health Information Technology for Economic and Clinical Health (HITECH) Act. These regulations become effective November 30, 2009, and only address the provisions of the HITECH Act
HIPAA Data Breaches in India Threaten Outsourcing Industry, Require Greater Vigilance at Home
A British TV station investigation into India’s medical transcription industry, known as Business Process Outsourcing (BPO), uncovered unsettling news for British subjects, as well as American citizens. Medical records sent to India to be transcribed and computerized are being sold. The Economic Times report on the investigation out of New Delhi suspects a "hardening of stance on the
Data Breach Due to Peer-to-Peer Software Reveals Numerous Congressional Ethics Inquiries
The Washington Post is reporting another inadvertent disclosure of sensitive information involving “peer-to-peer” or “P2P” technology. This time, the disclosure exposed a House Ethics Committee document outlining ongoing ethics investigations for an uncomfortably large number of House members. The same technology raises serious issues for employers.
According to the Washington Post, the now-terminated, junior committee
Pretexting and the Need for Employers to Investigate Their Investigators
As reported by Ameet Sachdev, of the Chicago Tribune, a jury found an employer responsible for the actions of its investigators who obtained a former employee’s phone records through “pretexting.” Of the $1.8 million awarded to the former employee for breaches of her privacy, the jury awarded $1.75 million in punitive damages. Regardless