Breach Notification Rule

News & Analysis as of

HHS: Ransomware Attacks Likely HIPAA Breaches In Absence of Encryption

On July 11, 2016, the U.S. Department of Health & Human Services (HHS) issued a Fact Sheet that provides guidance on (i) how HIPAA Security Rule compliance can assist health care organizations combat ransomware attacks, and...more

Regulatory Authorities Launch The Second Phase Of The HIPAA Compliance Audit Program

As a part of its continued efforts to assess compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, the Health and Human Services (HHS) Office for...more

The Long Anticipated HIPAA Audits Are Here!

Phase 2 HIPAA Audits, which the Department of Health and Human Services' Office of Civil Rights ("OCR") announced had "launched" back in March of this year, have now officially begun. On Monday, July 11, 2016, the first round...more

OCR Begins HIPAA Phase 2 Audits

What covered entities and business associates can do to prepare for the next round of audits. On July 11, the HIPAA Phase 2 audits commenced when 167 covered entities received notice of a desk audit from the Department...more

OCR Sends Notification Letters to Phase 2 HIPAA Auditees

On July 12, 2016, HHS’s Office for Civil Rights (OCR) distributed an e-mail discussing recent developments in Phase II of its HIPAA audit program....more

Check Your Desk: HIPAA Audits for Covered Entities Have Arrived

The Office of Civil Rights (OCR) of the Department of Health and Human Services has moved forward with Phase 2 of its Health Insurance Portability and Accountability Act of 1996 (HIPAA) audit program. On Monday, July 11,...more

Entity Fined $650,000 in First HIPAA Settlement with a Business Associate

The possibility of business associates potentially being audited, investigated, and ultimately fined is now a reality. On June 24, 2016, the United States Department of Health and Human Services’ Office of Civil Rights...more

OCR Update: HIPAA Phase 2 Audit Notices—Responses Due July 22, 2016

On July 11, 2016, e-mail notification was sent to 167 covered entities alerting them of their inclusion in the desk audit portion of OCR’s 2016 HIPAA audit program. Selected covered entities must respond no later than July...more

“Your Money or Your PHI”: OCR Releases Guidance on Ransomware

On July 11, 2016, the Office for Civil Rights (OCR) released important new guidance on ransomware for hospitals and other healthcare providers and finally addressed the question of whether electronic protected health...more

Data Breach Incident Response: 5 Questions to Ask and New Laws to Know Now

The spring legislative sessions this year brought a now-familiar round of revisions to data breach notification laws, with states broadening their laws in often divergent ways. This year, Illinois, Nebraska, and Tennessee...more

Six Myths of Breach Response

Data breach has, unfortunately, become a fact of life. Practically every corporation has experienced some sort of security incident, although most have avoided (to their knowledge) significant network intrusions and loss or...more

HIPAA Enforcement Actions by the Numbers

Protecting patient information is a central duty for both covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA). Should a HIPAA-subject entity ever fail to protect...more

Nebraska and Illinois Update Breach Notice Requirements

The data breach notification laws for Nebraska and Illinois have been updated to expand the definition of “personal information” to include usernames and email addresses in combination with a password or security question...more

Retail and Consumer Products Law Roundup - June 2016

President Signs Legislation Modernizing Federal Chemical Regulation Law - Overhaul of Toxic Substances Control Act (TSCA) has important business implications for consumer product manufacturers and retailers. ...more

Illinois Joins the Fray: Strengthens its Laws Around Data Breach Notification and Data Security

Sophisticated phishing scams and muscular hacking efforts continue to compromise personal and sensitive information held by insurers, hospital systems, and businesses large and small. In response, many states have...more

The Paper Trail: The Potential Data-Breach Sitting in your Printer

In April 2016, the sensitive personal medical information of NFL players was stolen from the car of a trainer who had left the files in a backpack in his locked car. In 2014, Safeway, Inc. settled charges brought by the...more

Top Takeaways from DWT’s Cloud & Big Data Conference

Davis Wright Tremaine hosted its fourth conference on the legal, regulatory, and commercial landscapes surrounding these rapidly emerging fields. What are the big lessons for your business? Cloud computing and big data...more

Tennessee Legislature Amends Data Breach Notification Statute - Encryption is No Longer an Automatic Safe Harbor

On March 24, 2016, Governor Haslam signed S.B. 2005 which amends Tennessee's data breach notice statute. The amended statute will go into effect on July 1, 2016. The new Tennessee breach notice requirements are triggered by...more

Insurers Face Increasing Data Breach Notice Obligations

Earlier this year, the National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force proposed a comprehensive model law that covers, among other things, data security breach reporting. The model law...more

NAIC Task Force Continues Work on Insurance Data Security Model Law

On May 24 and 25, the National Association of Insurance Commissioners (the NAIC) Cybersecurity (EX) Task Force (the Task Force) hosted a meeting in which state insurance commissioners and interested parties were invited to...more

Privacy & Cybersecurity Update - May 2016

In this edition of our Privacy & Cybersecurity Update, we examine recent developments, including the U.S. Supreme Court's holding in Spokeo that consumer plaintiffs must show "real harm" to sue in federal court, the EU data...more

Illinois strengthens, expands scope of personal information protections

With the passage of the Illinois Personal Information Protection Act (HB1260) last month, Illinois substantially broadened the definition of personally identifiable information, and imposed requirements on data collectors for...more

Innocents Abroad: Lost laptop with customer data

Carrie, A couple of weeks ago, you wrote me about an employee who will be engaging in a six-month temporary assignment around Europe to scope market opportunities. The employee was Abbie Absent-Minded. Well, we hit a...more

Ransomware: Electronic Extortion for a Digital Era

Last month, the FBI asked the American Bar Association to share a cyberalert with its members warning of an increased risk of ransomware. Ransomware poses significant legal and operational risks to businesses. Personnel at...more

Laws Governing Data Security and Privacy – U.S. Jurisdictions at a Glance (updated for 2016)

The attached chart constitutes a summary of the laws of various jurisdictions that govern data breach notifications....more

353 Results
|
View per page
Page: of 15
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×