Skagit County, Washington, has agreed to settle potential violations of the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), according to an announcement by the Office for Civil Rights (OCR) on Friday. OCR reported that Skagit County, home to approximately 118,000 residents, agreed to a $215,000 monetary
Best Practices For Gramm-Leach-Bliley Compliance
The U.S. Commodity Futures Trading Commission (Commission) issued a Staff Advisory on best practices for financial institutions that must comply with Gramm-Leach-Bliley Act (GLBA) provisions on data security and customer privacy.
GLBA was enacted to ensure that financial institutions respect the privacy of their customers and protect the security and confidentiality of nonpublic personal information.
U.S. Attorney General Eric Holder Urges the Passage of a National Data Breach Notification Law
After years of identity theft holding the top spot for crimes reported to the Federal Trade Commission, and following recent reports of massive data breaches, U.S. Attorney General Eric Holder urged Congress today to enact a national law setting a uniform standard for notifying individuals regarding breaches involving their personal information, according to a report
Top 14 for 2014
In honor of National Data Privacy Day, we provide the following “Top 14 for 2014.” While the list is by no means exhaustive, it does provide critical areas businesses will need to consider in 2014.
- Location Based Tracking. As the utilization of GPS enable devices becomes more and more prevalent, employers are often faced
North Dakota Amends Breach Notification Law to Include Medical Information
North Dakota has amended its data breach notification law to include "medical information" and "health insurance information." See N.D. Century Code, Section 51-30-01. Amendments to the law also provide an exemption for HIPAA covered entities, business associates, or subcontractors so long as they are in compliance with breach notification requirements under title 45, Code of Federal
CMS Seeks Emergency Review and Approval of its One-Hour Breach Notification Rule for Exchanges
Today, the Centers for Medicare and Medicaid Services (CMS) requested an "emergency review" of its recently proposed rule that "[Federally-facilitated Exchanges or FFEs], non-Exchange entities associated with FFEs, and State Exchanges must report all privacy and security incidents and breaches to HHS within one hour of discovering the incident or breach."
Texas Amends the Effects of its Data Breach Law on Out-of-State Residents
Texas amends its data breach notification statute and the law’s effects on persons out of state.
Continue Reading Texas Amends the Effects of its Data Breach Law on Out-of-State Residents
California AG Report Announces Enforcement Priority for Breaches Involving Unencrypted Data
California Attorney General issues data breach report and announces enforcement priority to investigate breaches involving unencrypted personal information.
Continue Reading California AG Report Announces Enforcement Priority for Breaches Involving Unencrypted Data
Small HIPAA Breach (Affecting Fewer Than 500) Leads to Substantial Penalties
HIPAA data breach affecting 441 patients leads to investigation resulting in $50K in penalties due to alleged lapses in security compliance.
Continue Reading Small HIPAA Breach (Affecting Fewer Than 500) Leads to Substantial Penalties
Massachusetts Health Care Provider, MEEI, Settles HIPAA Charges Following Stolen Electronic Storage Device
Another reported HIPAA breach results in $1.5 million dollar settlement between HIPAA covered entity and HHS’ Office of Civil Rights
Continue Reading Massachusetts Health Care Provider, MEEI, Settles HIPAA Charges Following Stolen Electronic Storage Device