As part of the ongoing HHS OCR HIPAA audit initiative, it is conducting “HIPAA desk audits.” These audits don’t involve auditors coming in your facility. Instead, covered entities are being asked to submit documents on...more
Does your business collect and share consumer health information? Check out these tips from the FTC for complying with HIPAA and the FTC Act....more
Another day, another 500 million Yahoo accounts reached. Our friends at the FTC are right on top of this with guidance for individuals with Yahoo accounts. First and foremost, change your Yahoo password....more
Catholic Health Care Services of the Archdiocese of Philadelphia (“CHCS”), a HIPAA business associate, has agreed to pay the Department of Health and Human Services Office of Civil Rights (“OCR”) $650,000 in connection with a...more
In Case You Missed It: US and EU officials signed on to the so-called “Privacy Umbrella” deal last week. The agreement is designed to protect the personal data of EU citizens when it is transferred to the US for law...more
6/7/2016
/ Cybersecurity ,
Data Protection ,
Enforcement Actions ,
EU ,
Facebook ,
Hackers ,
International Data Transfers ,
LinkedIn ,
Mark Zuckerberg ,
Personal Data ,
Privacy Umbrella ,
Ransomware ,
Social Media
You have seen all the hysterical headlines — “The HIPAA audits are coming, the HIPAA audits are coming….” But when you really think about it, what is the big deal? If you are a HIPAA covered entity, you surely know by now...more
Very interesting thought piece from the FTC’s Chief Technologist. Do mandatory password resets actually make us less secure? ...more
As part of implementing the EU-US Privacy Shield, on February 24, 2016, President Obama signed the Judicial Redress Act (H.R.1428/S.1600). This law is designed to give EU citizens the right to sue the U.S. government for...more
How much does the question of harm matter in cybersecurity law? The answer is: It depends on who is bringing the claim.
Businesses confronting data breaches can face litigation from private consumers as well as from...more
2/18/2016
/ Article III ,
Clapper v. Amnesty International ,
Cybersecurity ,
Data Breach ,
Enforcement Actions ,
FTC v Wyndham ,
Injury-in-Fact ,
LabMD ,
Neiman Marcus ,
Securities and Exchange Commission (SEC) ,
Standing ,
Unfair or Deceptive Trade Practices ,
Wyndham
In response to the announcement of the EU-U.S. Privacy Shield, the Article 29 Working Party issued its own statement, the key elements of which are as follows...more
On December 18, 2015, President Obama signed the Cybersecurity Act of 2015 (The “Act”), legislation designed to combat online threats to the federal government, state and local governments, and private entities. Within the...more
What follows below is the EU’s press release regarding the agreement on a replacement for the EU-US Safe Harbor. We are working to get details and will schedule a webinar on the new framework shortly....more
2/3/2016
/ Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Personal Data ,
Press Releases ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
As we have noted previously, in the wake of the ECJ’s decision that undid the US-EU Safe Harbor, we were told that there would be no enforcement of the EU Directive until after January 31, to allow the US and EU to hammer out...more
As the Wall Street Journal noted yesterday, banks are being deluged with phishing attacks. These attacks are especially fierce around the holiday season, when more personnel are absent and normal procedures are ignored or...more
On October 16, 2015, EU authorities gave the U.S. and European Union until the end of January 2016 6o find a replacement for the former US-EU Safe Harbor regime, or enforcement actions could begin. The full statement of the...more
10/19/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
International Data Transfers ,
Personal Data ,
SCC ,
Schrems I & Schrems II ,
Surveillance ,
US-EU Safe Harbor Framework
The European Court of Justice has just issued a decision (ECJ 6 October 2015 Case C-362/14, Maximillian Schrems v. Data Protection Commissioner) that invalidates the so-called US-EU “Safe Harbor” system. Suddenly, what 3,500...more
10/7/2015
/ Binding Corporate Rules ,
Data Privacy ,
Data Protection Authority ,
Data Security ,
Edward Snowden ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
International Data Transfers ,
Personal Data ,
SCC ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
This month’s edition of the Advanced Cyber Security Center’s newletter includes my discussion of lessons to be learned from the Wyndham decision:
Historically, security was an issue reserved in a back room for the IT...more
10/1/2015
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC v Wyndham ,
Hackers ,
Identity Theft ,
Personally Identifiable Information ,
Privacy Policy ,
Securities and Exchange Commission (SEC) ,
Unfair or Deceptive Trade Practices
With the heart of the summer vacation season upon us, it seems like a good time for some reflection. Here, it comes in the form of excerpts from an essay by privacy maven, Deborah Hurley. The one time Director of the Harvard...more
What Do They Mean for Providers? -
Both California and New York have recently enacted so-called “Surprise Bills Laws” that require out-of-network providers to give notice to patients that a particular item or service...more
The Massachusetts Legislature is currently considering Senate Bill 1048, “An Act to Promote Transparency and Cost Control of Pharmaceutical Drug Prices.” The bill, sponsored by State Senator Mark Montigny, Vice Chair of the...more
Obama Executive Order Targets International Cyberattacks Against U.S. with New Sanctions -
New Sanctions Are Part of U.S. Escalation of Efforts to Bolster Cyber-Security:
As part of a series of measures aimed at...more
We welcome this guest blog by Gene Fry, Compliance Officer, Scrypt, Inc.
The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. This means that any...more
2/24/2015
/ Business Associates ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Electronic Medical Records ,
Electronically Stored Information ,
Encryption ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
PHI
As a follow up to our summary of the key takeaways from the White House’s first Summit on Cybersecurity and Consumer Protection, the centerpiece of which was President Obama’s signing of a new Executive Order, “Promoting...more
Our colleagues Catherine M. Anderson and Kate Leonard of our Investment Management group have summarized the February 3, 2015 findings by the Office of Compliance Inspections and Examinations (OCIE) of its Cybersecurity...more
On January 16, 2015, the Food and Drug Administration (FDA) issued a draft guidance document titled “Medical Device Accessories: Defining Accessories and Classification Pathway for New Accessory Types.” The draft guidance...more