Breach Notification Rule

News & Analysis as of

Iowa Adds AG Data Breach Notice Requirement

On April 3, Iowa Governor Terry Branstad signed SF 2259, which amends the state’s data breach notice law to add a requirement that businesses that experience a data breach notify the state attorney general’s office within...more

Kentucky Becomes 47th State with a Data Breach Notification Law

On April 10, 2014, Kentucky became the 47th state to enact breach notification legislation. Under the new law, companies that conduct business in Kentucky and hold consumer data of Kentucky residents will now be required to...more

Kentucky Becomes The 47th State To Enact A Data Breach Notification Law

Kentucky is now the 47th state with a data breach notification law, a development that should be of interest not only to Kentucky-based entities, but also to entities that do business in Kentucky and have personal information...more

Kentucky Enacts Data Breach Notification Statute

On April 10, 2014, Kentucky Governor Steve Beshear signed H.B. 232 into law, making Kentucky the 47th state to enact data breach notification legislation. Prior to H.B. 232, Kentucky was one of only four states—including...more

Data Breach Class Settlement Approved After Eleventh Circuit Held Identity Theft Following Breach Presents Cognizable Injury

Recently, the U.S. District Court for the Southern District of Florida approved a class settlement in a case in which the plaintiffs claimed financial harm from a health care company’s failure to protect their personal...more

Beyond Real Estate: Publicly Traded Homebuilders (And Other Public Companies) Must be Aware of Cybersecurity and Data Breach...

Generally speaking, publicly traded homebuilders and other public companies must disclose material information in their SEC filings. “Information is considered material if there is a substantial likelihood that a reasonable...more

Health Insurer Fined Unprecedented $6.8 Million for HIPAA Violations

Federal fines for violations of the Health Insurance Portability and Accountability Act (HIPAA) may not exceed $1.5 million per incident per year. That's already a big number to think about — but employers also need to...more

Advertising Law - Mar 14, 2014

Sue Like Mike: Jordan Wins Reversal in Publicity Rights Suit - An advertisement congratulating Michael Jordan on his induction into the Basketball Hall of Fame constituted commercial speech, the Seventh U.S. Circuit...more

Health Care Law Alert: Skagit County Fined $215,000 for HIPAA Violations

Skagit County in northwest Washington state has been fined $215,000 for violations of the HIPAA privacy, security, and breach notification rules. The U.S. Department of Health and Human Services’ Office for Civil Rights...more

New Mexico Moves One Step Closer to Becoming the 47th State with a Breach Notification Law

46 states plus Washington, D.C. have data breach notification laws. Alabama, Kentucky, New Mexico and South Dakota still do not have a comprehensive notification law outside of the public sector. That may change soon...more

Attorney General Holder Calls on Congress to Establish Strong National Data Breach Notification Standard

Yesterday, in his weekly video address, Attorney General Eric Holder urged Congress to create a national data breach notification standard requiring companies to quickly notify consumers of a breach of their personal or...more

What is “Expedient” Notification of a “Data Breach?”

One of the first questions companies ask us when we are hired to help them respond to a new security incident is how fast they have to notify if the investigation shows that a “breach” occurred. Except for a couple of states...more

Capital Thinking: Technology and Communications

Senators Introduce Data Breach Legislation - Last Thursday, January 30, four Democratic senators introduced the Data Security and Breach Notification Act of 2014, which would require the Federal Trade Commission to...more

Health Care Entity Pays $150,000 to HHS as a Result of Stolen Thumb Drive Containing PHI

Encrypting USB drives, analyzing security risks, and implementing breach notification policies and procedures could mean the difference between compliance with the Health Insurance Portability and Accountability Act (“HIPAA”)...more

Be Prepared – HIPAA Audits are Coming in 2014

Later this year, the Department of Health and Human Services (“DHHS”) is expected to launch its permanent HIPAA Audit Program. The HIPAA Audit Program is authorized under Section 13411 of the HITECH Act, and is designed to...more

AB 1149: Expanding state data breach notification rules

California has expanded its data breach notification requirements by adding certain online account information to the definition of "personal information" used to determine whether notification is required under state law. As...more

Recent HIPAA Settlement Highlights Danger of Failure to Perform Security Risk Assessments, Implement HIPAA Policies and Train...

A recent Health Insurance Portability and Accountability Act ("HIPAA") settlement, which is notable as the first HIPAA settlement with a covered entity for failure to have policies and procedures in place to comply with...more

House and Senate Committees to Hold Data Breach Hearings in February

In the wake of recent data breaches at major retailers Target and Neiman Marcus, Senate Judiciary Chairman Patrick Leahy (D-VT) has renewed his efforts to enact stronger data security requirements for companies that collect...more

Dermatology Practice Agrees to Settlement in Connection with HIPAA Breach

A Massachusetts-based dermatology practice recently agreed to pay $150,000 to settle claims that it failed to have sufficient policies and procedures in place to address a breach notification requirement under the HITECH Act....more

Renewed Congressional Interest in Federal Data Security and Breach Notification Legislation

In light of recent, well-publicized, data security breaches at major retailers and social media company Snapchat, legislators are renewing the call for new federal laws that would strengthen data security and notification...more

HHS Announces First HIPAA Settlement Based on Lack of Breach Notification Policies and Procedures

The Department of Health and Human Services (HHS) recently announced the first settlement under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) based on violations of the law's privacy, security,...more

Looking At The Past To Predict The Future Of HIPAA/HITECH Enforcement

2013 was a busy year for the Department of Health and Human Services (“HHS”). On January 17, 2013, HHS issued its Final Omnibus Rule, substantially modifying the Privacy, Security and Enforcement Rules promulgated by the...more

Settlement Reached Regarding Dermatology Practice’s HIPAA Violation

Adult and Pediatric Dermatology (A&P Dermatology) of Concord, Massachusetts has entered into a resolution agreement with the Department of Health and Human Services (HHS) to settle potential violations of the Health Insurance...more

Providers: Prepare Your Breach Notification Policy!

On December 26, 2013, Adult & Pediatric Dermatology, a dermatology practice located in Massachusetts, agreed to pay a $150,000 fine after it lost an unencrypted thumb drive containing over 2,000 patients’ health records, and...more

HHS Gives A Thumbs Down For Stolen Thumb Drive

On December 26, 2013, the U.S. Department of Health and Human Services Office for Civil Rights (HHS) announced that it had reached an agreement with a Northeastern dermatology practice to settle potential HIPAA violations...more

70 Results
|
View per page
Page: of 3