The Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30,...more
Colorado just became the third state to pass a comprehensive data privacy law, creating more challenges for businesses trying to navigate a variety of state, federal, and international privacy regimes. The Colorado Privacy...more
7/19/2021
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Digital Service Providers ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Reform ,
Regulatory Standards
The New York Department of Financial Services ("NYDFS") recently released its Cyber Insurance Risk Framework (the “Framework”), which provides best practices for managing cyber insurance risk....more
2/25/2021
/ Commercial Insurance Policies ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
Personally Identifiable Information ,
Popular ,
Risk Management
The Court of Justice of the European Union (CJEU) recently issued a decision with global implications for data transfers from the EU in a case referred to the CJEU from the Irish Data Protection Commissioner, colloquially...more
8/5/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
Hospitals will have a limited waiver of HIPAA sanctions and penalties during the COVID-19 outbreak as a result of a bulletin issued on March 16, 2020 by the U.S. Department of Health and Human Services....more
3/18/2020
/ Anti-Discrimination Policies ,
China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
HIPAA Privacy Rule ,
Infectious Diseases ,
OCR ,
Patient Privacy Rights ,
Personally Identifiable Information ,
PHI ,
Public Health ,
Relief Measures ,
Sanctions ,
Secretary of HHS
The latest HIPAA resolution agreement by the U.S. Department of Health and Human Services Office for Civil Rights (OCR) is a reminder that healthcare providers must take the high road when responding to unflattering online...more
10/8/2019
/ Calculation of Penalties ,
Corrective Actions ,
Data Breach ,
Disclosure Requirements ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
Notice of Privacy Practices ,
OCR ,
Online Reviews ,
Personally Identifiable Information ,
PHI ,
Policies and Procedures ,
Regulatory Violations ,
Settlement ,
Social Media
The effects of a data breach can be disastrous for any company, but especially for a nonprofit organization, not only because of the harm to the affected individuals, including those served by the organization, but also the...more
It is safe to say that there has been much fear and confusion over the European Union (EU) General Data Protection Rule, or GDPR. ...more
5/1/2018
/ Cooperative Compliance Regime ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
Children’s Medical Center of Dallas (Children’s) was hit with a $3.2 million civil penalty from the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) for failing to take steps to properly protect...more
2/8/2017
/ Civil Monetary Penalty ,
Cyber Attacks ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Hospitals ,
OCR ,
Penalties ,
Personally Identifiable Information ,
PHI ,
Security Standards
The Department of Health and Human Services Office for Civil Rights (OCR) announced on August 4, 2016, a settlement agreement with Advocate Health Care Network, an integrated healthcare system with ten hospitals and a...more
8/10/2016
/ Civil Monetary Penalty ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Hospitals ,
OCR ,
Personally Identifiable Information ,
PHI
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) kicked off the holiday season by publishing a settlement agreement under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)...more
On June 20, 2014, Governor Rick Scott signed into law the Florida Information Protection Act of 2014 ("FIPA"), which became effective July 1, 2014. FIPA expands the obligations of businesses and government entities that...more