Health Plan Sponsors – Have You Updated Your Vendor Agreements for Substance Use Disorder (SUD) Confidentiality Regulations?

Employers that sponsor group health plans (medical, dental, vision, HFSA) are used to negotiating detailed administrative services agreements with vendors that provide services to those plans. Many also are familiar with “business associate agreements” required under HIPAA that must be in place with certain vendors, such as third-party claims administrators (TPAs), wellness program vendors, benefits … Continue Reading

DoD Issues Interim Rule For Contractors on Incident Reporting and Cloud Computing Services

By Joseph J. Lazzarotti on September 9, 2015 Posted in: Data Security, Information Management, Information Risk, Written Information Security Program

Government contractors have a wide range of unique challenges (find out more about these here), not the least of which is data security. A good example is the interim rule the Department of Defense (DoD) issued last month that implements sections of the National Defense Authorization Act for Fiscal Years 2013 and 2015. In short, … Continue Reading

Connecticut State Contractors, Health Insurance Industry Businesses Subject to Enhanced Significant Data Security Mandates

By Joseph J. Lazzarotti and Jeffrey M. Schlossberg on July 24, 2015 Posted in: Consumer Privacy, Data Security, Health Information Technology, HIPAA, Information Management, Information Risk, Workplace Privacy, Written Information Security Program

In June, Connecticut’s governor signed into law Senate Bill 949 which amended the State’s breach notification statute. The requirement that covered businesses must provide one year of identity theft protection services for certain breaches, easily the most popular aspect of the legislation, may have diverted attention from some significant aspects of this new law. Senate Bill … Continue Reading