News & Analysis as of

Iowa Adds AG Data Breach Notice Requirement

On April 3, Iowa Governor Terry Branstad signed SF 2259, which amends the state’s data breach notice law to add a requirement that businesses that experience a data breach notify the state attorney general’s office within...more

Kentucky Becomes 47th State with a Data Breach Notification Law

On April 10, 2014, Kentucky became the 47th state to enact breach notification legislation. Under the new law, companies that conduct business in Kentucky and hold consumer data of Kentucky residents will now be required to...more

Kentucky Becomes The 47th State To Enact A Data Breach Notification Law

Kentucky is now the 47th state with a data breach notification law, a development that should be of interest not only to Kentucky-based entities, but also to entities that do business in Kentucky and have personal information...more

Kentucky Enacts Data Breach Notification Statute

On April 10, 2014, Kentucky Governor Steve Beshear signed H.B. 232 into law, making Kentucky the 47th state to enact data breach notification legislation. Prior to H.B. 232, Kentucky was one of only four states—including...more

Data Breach Class Settlement Approved After Eleventh Circuit Held Identity Theft Following Breach Presents Cognizable Injury

Recently, the U.S. District Court for the Southern District of Florida approved a class settlement in a case in which the plaintiffs claimed financial harm from a health care company’s failure to protect their personal...more

Health Insurer Fined Unprecedented $6.8 Million for HIPAA Violations

Federal fines for violations of the Health Insurance Portability and Accountability Act (HIPAA) may not exceed $1.5 million per incident per year. That's already a big number to think about — but employers also need to...more

Health Care Law Alert: Skagit County Fined $215,000 for HIPAA Violations

Skagit County in northwest Washington state has been fined $215,000 for violations of the HIPAA privacy, security, and breach notification rules. The U.S. Department of Health and Human Services’ Office for Civil Rights...more

New Mexico Moves One Step Closer to Becoming the 47th State with a Breach Notification Law

46 states plus Washington, D.C. have data breach notification laws. Alabama, Kentucky, New Mexico and South Dakota still do not have a comprehensive notification law outside of the public sector. That may change soon...more

Attorney General Holder Calls on Congress to Establish Strong National Data Breach Notification Standard

Yesterday, in his weekly video address, Attorney General Eric Holder urged Congress to create a national data breach notification standard requiring companies to quickly notify consumers of a breach of their personal or...more

What is “Expedient” Notification of a “Data Breach?”

One of the first questions companies ask us when we are hired to help them respond to a new security incident is how fast they have to notify if the investigation shows that a “breach” occurred. Except for a couple of states...more

Capital Thinking: Technology and Communications

Senators Introduce Data Breach Legislation - Last Thursday, January 30, four Democratic senators introduced the Data Security and Breach Notification Act of 2014, which would require the Federal Trade Commission to...more

Health Care Entity Pays $150,000 to HHS as a Result of Stolen Thumb Drive Containing PHI

Encrypting USB drives, analyzing security risks, and implementing breach notification policies and procedures could mean the difference between compliance with the Health Insurance Portability and Accountability Act (“HIPAA”)...more

AB 1149: Expanding state data breach notification rules

California has expanded its data breach notification requirements by adding certain online account information to the definition of "personal information" used to determine whether notification is required under state law. As...more

House and Senate Committees to Hold Data Breach Hearings in February

In the wake of recent data breaches at major retailers Target and Neiman Marcus, Senate Judiciary Chairman Patrick Leahy (D-VT) has renewed his efforts to enact stronger data security requirements for companies that collect...more

Dermatology Practice Agrees to Settlement in Connection with HIPAA Breach

A Massachusetts-based dermatology practice recently agreed to pay $150,000 to settle claims that it failed to have sufficient policies and procedures in place to address a breach notification requirement under the HITECH Act....more

Renewed Congressional Interest in Federal Data Security and Breach Notification Legislation

In light of recent, well-publicized, data security breaches at major retailers and social media company Snapchat, legislators are renewing the call for new federal laws that would strengthen data security and notification...more

HHS Announces First HIPAA Settlement Based on Lack of Breach Notification Policies and Procedures

The Department of Health and Human Services (HHS) recently announced the first settlement under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) based on violations of the law's privacy, security,...more

Looking At The Past To Predict The Future Of HIPAA/HITECH Enforcement

2013 was a busy year for the Department of Health and Human Services (“HHS”). On January 17, 2013, HHS issued its Final Omnibus Rule, substantially modifying the Privacy, Security and Enforcement Rules promulgated by the...more

Settlement Reached Regarding Dermatology Practice’s HIPAA Violation

Adult and Pediatric Dermatology (A&P Dermatology) of Concord, Massachusetts has entered into a resolution agreement with the Department of Health and Human Services (HHS) to settle potential violations of the Health Insurance...more

Providers: Prepare Your Breach Notification Policy!

On December 26, 2013, Adult & Pediatric Dermatology, a dermatology practice located in Massachusetts, agreed to pay a $150,000 fine after it lost an unencrypted thumb drive containing over 2,000 patients’ health records, and...more

A New Year’s Resolution (And Corrective Action Plan) From OCR: Physician Practice Cited For HIPAA Violations

The Office for Civil Rights (OCR) is closing out 2013 with a reminder of the importance of an effective HIPAA compliance program. On December 26, 2013, OCR announced a resolution agreement with a Massachusetts physician...more

Medical practice agrees to payment due to HIPAA data breach

One day after Christmas, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced that a Massachusetts-based dermatology practice (Practice) agreed to a $150,000 payment and entered into a...more

International Privacy - 2013 Year in Review - Canada

This fall, Canadian Parliament failed to pass proposed amendments to its federal privacy law that would impose a mandatory breach notification requirement. Bill C-12, originally introduced in 2010 and reintroduced in 2011,...more

International Privacy - 2013 Year in Review - Central and South America

1. Costa Rica - On March 5, 2013, Costa Rica’s data protection law, originally passed in 2011, came into force. The law, the Ley Protección de la Persona frente al tratamiento de sus datos personales, Law...more

CLIENT ALERT - Recent Changes to Online Privacy Laws in California

California Online Protection Act - The California Online Protection Act (the “Act”) requires a commercial Internet website or online service to conspicuously post a privacy policy on its website if it collects...more

53 Results
|
View per page
Page: of 3