HIPAA audit following breach reported to OCR results in findings of noncompliance, settlement payment of $1.7 million and a three-year corrective action plan.
Continue Reading Alaska DHSS HIPAA Breach Affects 501 Individuals, But Results in $1.7 Million Settlement with HHS Following Compliance Review
data breach
MN AG Aims to Amend Allegations Against Accretive
By Jackson Lewis P.C. on
Posted in HIPAA
Minn. AG accuses business associate of backdating a business associate agreement…
Continue Reading MN AG Aims to Amend Allegations Against Accretive
Connecticut Amends Data Breach Notification Statute; Notice to Attorney General Now Required
By Joseph J. Lazzarotti on
Notice to Connecticut Attorney General now required following data breaches affecting state residents.
Continue Reading Connecticut Amends Data Breach Notification Statute; Notice to Attorney General Now Required
Another Day, Another Stolen Laptop
By Jackson Lewis P.C. on
Posted in Data Security
The Minneapolis Star Tribune reports that a laptop computer containing private information on about 14,000 patients of Fairview Health Services and 2,800 patients of North Memorial Medical Center was stolen from a locked car in the parking lot of a Minneapolis restaurant in July of 2011. The incident is just one more in a series…
Don’t Mess With Texas–Amended Law Imposes Breach Notification Obligations In All 50 States
By Jason C. Gavejian on
Posted in Data Security
In a novel approach to data breach notification requirements, Texas has amended its breach notification law (Business & Commerce Code, Section 521.053) to require notification to residents of not only Texas, but to residents of each of the 50 states. The amendment becomes effective September 1, 2012, and applies to “all persons who conduct business …
Illinois Amends Its Data Breach Notification Law and Adds Data Disposal Mandate
By Joseph J. Lazzarotti on
Illinois amends its breach notification law and adds a data disposal mandate.
Continue Reading Illinois Amends Its Data Breach Notification Law and Adds Data Disposal Mandate
The White House’s Cybersecuirty Legislative Proposal
By Jason C. Gavejian on
Posted in Identity Theft, Workplace Privacy
Today the White House issued a Cybersecurity Legislative Proposal. The proposed legislation focuses on protecting the American people, the nation’s critical infrastructure, and the federal government’s computers and networks. While legislation of this nature would simplify the breach reporting process for businesses, and overall streamline cybersecurity laws, a number of legislative attempts to do this have previously…
California and Massachusetts Legislatures Push Data Breach and Security Bills
By Jason C. Gavejian on
Posted in Data Security, Workplace Privacy
In distinct efforts to strengthen data security requirements, the California and Massachusetts legislatures recently passed bills affecting data breach notification requirements and data security notification, respectively.
On April 14, 2011, the California senate approved S.B. 24, requiring California businesses and agencies to notify the state attorney general if more than 500 California residents…
Restitution Includes Credit Monitoring Costs Following Data Breach Under CFAA
By Joseph J. Lazzarotti on
A recent criminal case involving a government employer harmed by a computer hacking incident affecting its personnel records may provide support for companies seeking to recover the costs they incur when taking appropriate steps to investigate these data incidents and mitigate harm when a breach is found to have occurred.
Continue Reading Restitution Includes Credit Monitoring Costs Following Data Breach Under CFAA
HHS Settlement Follows Enforcement Fine
By Jason C. Gavejian on
Posted in HIPAA
In a uniquely timed second showing of enforcement authority, the Department of Health and Human Services (HHS) announced on February 24, 2011 a one million dollar settlement with a Massachusetts hospital that allegedly breached patient data. This settlement announcement comes only days after HHS announced a 4.3 million dollar HIPAA Privacy Rule fine. The…