Like any business that handles personal information, debt collection agencies have obligations to maintain reasonable safeguards to protect that information. Recent enforcement activity by the Minnesota Attorney General’s office makes this clear. The banks, health care providers and other businesses that utilize collection services are also driving compliance as they demand these companies have
Data Security
Third Party Vendors Equal Data Breach Risk, Massachusetts Vendor Contract Deadline Approaches – March 1, 2012
Massachusetts service provider contract deadline – March 1, 2012 – should be a reminder to revisit all contracts with third party vendors to ensure they require the vendor to safeguard personal information.
Continue Reading Third Party Vendors Equal Data Breach Risk, Massachusetts Vendor Contract Deadline Approaches – March 1, 2012
School Kids’ Data at Risk
Note to parents and school districts – data thieves are targeting cash-strapped school distrists to steal unprotected personal information of students who happen to have pristine credit histories.
Continue Reading School Kids’ Data at Risk
The Consumer Fraud and Abuse Act — Does It Apply To An Employee’s Personal Computer?
By Jason C. Gavejian on
Posted in Data Security
Many employers often question what recourse is available when faced with the destruction or alteration of company data by former employees. This question is made more complicated when employees use their own personal computer for work. In addressing this issue, the U.S. District Court for the Northern District of Illinois, Eastern division held that an employee’s …
Automating HIPAA Compliance Tracking and Audit Preparation
HIPAA covered entities and business associates need to consider how to practically and efficiently track and illustrate compliance should they find an OCR investigator knocking at the door.
Continue Reading Automating HIPAA Compliance Tracking and Audit Preparation
OCR Announces HIPAA Audit Program
Today, the Office for Civil Rights formally announced its HIPAA audit plan, with audits commencing in November 2011. A new page on OCR’s website answers some helpful questions for covered entities and business associates, which are summarized in this report.
Continue Reading OCR Announces HIPAA Audit Program
Update: Ninth Circuit to Rehear CFAA Case
As previously discussed, the federal appeals court in San Francisco had reinstated an indictment charging a former employee of Korn/Ferry International, Inc., with violations of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (the “CFAA”) for trying to start a business that would compete with his former employer. Now, however, at…
Provide Feedback to Government on Exchanging Health Information on Mobile Communications Devices
By Joseph J. Lazzarotti on
If you have an interest in the role the growing use of mobile communications devices (smartphones, iPads, iPhones, etc.) will play in how personal health information is exchanged in the health care industry, the Office of the National Coordinator for Health Information Technology (ONC) is seeking your input. According to a notice published Nov. 1, 2011 (76 Fed. Reg. 67455), comments are due Dec. 31.
Continue Reading Provide Feedback to Government on Exchanging Health Information on Mobile Communications Devices
HIPAA Audits to Begin Early 2012
Approximately 150 HIPAA on-site audits are scheduled to begin in early 2012. Covered entities and business associates should be aware of the nature and scope of these audits and what they should be doing to be prepare should they be selected.
Continue Reading HIPAA Audits to Begin Early 2012
Another Day, Another Stolen Laptop
By Jackson Lewis P.C. on
Posted in Data Security
The Minneapolis Star Tribune reports that a laptop computer containing private information on about 14,000 patients of Fairview Health Services and 2,800 patients of North Memorial Medical Center was stolen from a locked car in the parking lot of a Minneapolis restaurant in July of 2011. The incident is just one more in a series…