While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
6/10/2025
/ Compliance ,
Corporate Counsel ,
Data Breach ,
Data Privacy ,
Disclosure Requirements ,
Personal Information ,
Personally Identifiable Information ,
Privacy Laws ,
Regulatory Requirements ,
Reporting Requirements ,
State Privacy Laws
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
The Federal Trade Commission (FTC) just released a Policy Statement emphasizing how telemedicine and digital health apps can be held accountable under the Health Breach Notification Rule, even if the company is not subject to...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
9/8/2020
/ Compliance ,
Corporate Counsel ,
Data Breach ,
Good Faith ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Information ,
Personally Identifiable Information ,
Popular ,
Safe Harbors ,
State Data Breach Notification Statutes ,
Substantial Risk of Harm
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
The Department of Health and Human Services (HHS) announced on April 2 that HHS is exercising its enforcement discretion to permit business associates to use and disclose protected health information (PHI) for public health...more
4/6/2020
/ Business Associates Agreement (BAA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Personally Identifiable Information ,
PHI ,
Risk Management
One health system recently learned the cost of relying too heavily on the HIPAA Breach Notification Rule’s “low probability of compromise” standard when it failed to notify all affected individuals and report the HIPAA breach...more
12/5/2019
/ Breach Notification Rule ,
Business Associates ,
Covered Entities ,
Data Breach ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Reporting Requirements ,
Security Risk Assessments ,
Settlement Agreements
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
So far 2017 is proving to be an active year for Health Insurance Portability and Accountability Act (HIPAA) enforcement. This comes on the heels of 2016, which saw an unprecedented level of enforcement actions, with 13 total...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
Following on the heels of an active 2015, where eight states enacted changes to their data breach notification laws, another five states amended their statutes in 2016, adding complexity to the current “patchwork” system of...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more