News & Analysis as of

HHS's New Security Risk Tool for HIPAA Compliance

On March 28, 2014, the HHS Office of the National Coordinator for Health Information Technology (ONC), in conjunction with the HHS Office for Civil Rights (OCR), released a Security Risk Assessment tool (SRA tool) to assist...more

What is “Expedient” Notification of a “Data Breach?”

One of the first questions companies ask us when we are hired to help them respond to a new security incident is how fast they have to notify if the investigation shows that a “breach” occurred. Except for a couple of states...more

FTC’s 50th Data Security Settlement Sends a Message: Be Careful with Overseas Contractors

The Federal Trade Commission (FTC) sent a message about the importance of imposing appropriate security measures on—and monitoring—vendors with access to confidential consumer information. The FTC issued a 20-year consent...more

U.S. Privacy and Data Protection: 2013 Year in Review and a Look Ahead to 2014

In Boston, we celebrated Data Privacy Day (January 28) by presenting “U.S. Privacy and Data Protection: 2013 Year In Review and a Prediction of What’s to Come in 2014” for participants in an IAPP KnowledgeNet. Our panel of...more

Accretive Health Data Breach Leads To Twenty-Year Settlement With The FTC

On December 31, 2013, the Federal Trade Commission ("FTC") announced that Accretive Health, Inc., ("Accretive") agreed to settle charges that the company's inadequate data security measures exposed sensitive consumer...more

Are You Ready For California’s “Do Not Track” Requirements?

Over the last several months, California has passed several new privacy and data protection laws that impact operators of websites, online services and mobile applications around the country, including a law establishing an...more

New Law Requires All Public Agencies in California To Notify Residents Affected by a Security Breach: BB&K Attorneys Examine the...

Cities, counties, water agencies and school districts have some of our most personal information, including our date of birth, Social Security number, driver’s license number and medical information. This is the type of...more

The Challenges of Compliance

Compliance, like many other aspects of the business world, is a balance of risks. Unfortunately, it often takes an organization being rebuked in some fashion before it realizes the importance of failure to be in compliance. ...more

SEC Continues to Target Cybersecurity Disclosures

Over the past two years, the U.S. Securities and Exchange Commission’s Division of Corporation Finance (Corp Fin) has highlighted the importance of cybersecurity disclosures in filings with the SEC. Corp Fin’s initiative...more

Is Your Company Ready For California's Expanded Data Security Notification Law?

Effective January 1, 2014, California residents must be notified when the information used to access their email or other online accounts is compromised in a data security breach incident. ...more

FTC Complaint Against Medical Laboratory Signals Agency’s Continued Intent to Assert Authority in Data-Security-Breach Actions

In taking action against medical laboratory LabMD, the U.S. Federal Trade Commission demonstrated its continued intent to assert authority through the Federal Trade Commission Act in data-security-breach actions. On August...more

Health Plan Fined for HIPAA Breach Relating to Information Stored on Photocopiers

On Wednesday, August 14, 2013, the U.S. Department of Health and Human Services (HHS), announced that it had reached a $1,215,780 settlement with Affinity Health Plan, Inc., a not-for-profit managed care plan serving the New...more

The Road Map to HIPAA Compliance: What Your Nonprofit Needs to Know

In this presentation: - Overview of HIPAA - Privacy Rule - Notice of Breach - Security Rule - Business Associates & Business Associate Agreements - Notice of Privacy...more

HIPAA Omnibus Final Rule Compliance Date Is Only Two Months Away

The compliance date for the omnibus final rule amending the privacy, security, breach notification and enforcement regulations under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information...more

Employer BYOD Concerns: Part 2 of It's 2013. Do You Know Where Your BYOD Policies Are?

In Part 2 of "It's 2013. Do You Know Where Your BYOD Policies Are?" we will discuss employer BYOD concerns. Check out Part 1 to learn more about employee interests; Part 3 will present developing trends and suggest best...more

Internet Regulation and Data Privacy in China

China is the world’s second largest economy, with an annual growth rate of more than eight percent and a rapidly growing middle class. Foreign investment into China routinely exceeds US$100 billion a year. Businesses from all...more

The New Normal: Taking Responsibility for Your Vendors  [Video]

As financial institutions continue to strive for reduced costs and greater efficiencies, they are increasingly turning to third-party vendors to handle a wide variety of tasks, from marketing and sales to payment processing....more

Highlights of the Omnibus HIPAA/HITECH Final Rule

On January 25, 2013, the Office of Civil Rights (OCR) of the Department of Health & Human Services (HHS) published the long-awaited omnibus final regulation governing health data privacy, security and enforcement (Omnibus...more

HIPAA Alert: Action Steps To Reach Compliance

As discussed in two prior HIPAA alerts, a final, 563-page Omnibus HIPAA Rule was released by the Department of Health and Human Services Office of Civil Rights to strengthen HIPAA’s security and privacy protections. The final...more

HIPAA Rules Overhaul Ups Compliance Ante

Originally posted in Hartford Business Journal on February 11th, 2013. Attention all medical providers, hospitals and any other covered entity or business associate under HIPAA. On Jan. 17, the U.S. Department of Health...more

Congress Addresses Cybersecurity in National Defense Authorization Act by J.C. Boggs and Alexander K. Haas

Given the failure to enact comprehensive cybersecurity legislation last year, Congress included several targeted statutory provisions setting federal defense policy on a range of cybersecurity issues in the National Defense...more

A Detailed Analysis of Changes to HIPAA and the Implications for Healthcare Providers and Others in the Healthcare Industry: HIPAA...

Changes to the HIPAA Enforcement Rule - Background: On October 30, 2009, HHS issued an interim final rule revising the Enforcement Rule to incorporate provisions of the HITECH Act. The NPRM then proposed a number of...more

Burr Alert: New HIPAA Rules Issued: “Sweeping” Changes For Healthcare Providers And Business Associates

On January 17, 2013, the Department of Health and Human Services (“HHS”) released its long awaited final HIPAA rule, which significantly expands certain obligations for healthcare providers and their business associates (the...more

New HIPAA Rules Expand Breach Notification Requirements

If your company is subject to HIPAA, new rules published by the Department of Health and Human Services (“HHS”) will require changes in your policies and practices regarding data breaches....more

McAfee & Taft Healthcare Industry Alert: New HIPAA regulations - Begin your compliance review now

On January 17, 2013, the Department of Health and Human Services issued a final rule amending the Health Insurance Portability and Accountability Act (HIPAA) privacy and security regulations and implementing the Health...more

46 Results
|
View per page
Page: of 2