Encryption

News & Analysis as of

State Legislatures React To Latest Health Data Breaches By Updating State Data Breach Notification Laws And Encryption...

Recent, large-scale breaches of health information have served to highlight the fact that federal agencies have only rarely assessed penalties against companies as a result of these breaches, while many states do not have...more

Washington State Poised to Set the Bar for Data Encryption Standards and Breach Notification

On March 4, 2015, Washington State’s House of Representatives passed HB 1078, which would significantly tighten Washington’s current data breach notification requirements, currently codified at RCW 19.255.010. The bill has...more

The Madness of Big Data

To take a break from pure e-discovery, we wanted to focus on something fun. Now that Selection Sunday is behind us, it is time to get down to the important business of filling out brackets for the NCAA Division 1 Men’s...more

State Data Breach Notification Law Updates

State legislatures are not waiting for Congressional action on a national data breach notification standard. Montana — Montana has amended its 10-year old breach notification law (see Mintz Matrix) to expand the...more

New Jersey Imposes Unique Encryption Requirements

Effective August 1, 2015, New Jersey will require health insurance carriers authorized to issue health benefit plans in New Jersey to encrypt personal information that they store electronically....more

States Respond to Recent Breaches with Encryption Legislation

In the wake of recent breaches of personally identifiable information (PII) suffered by health insurance companies located in their states, the New Jersey Legislature passed, and the Connecticut General Assembly will consider...more

HIPAA Compliant Technology and the Importance of Encryption

We welcome this guest blog by Gene Fry, Compliance Officer, Scrypt, Inc. The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. This means that any...more

Cyber Risk as a Regulatory Issue: Tales of Encryption

Spurred by the prescient reporting found in this space (and, just maybe, by the Anthem data breach, which occurred a week later), insurance regulators have recently engaged in a flurry of regulatory activity relating to cyber...more

Secure Sockets Layer (SSL) 3.0 Encryption Declared “No Longer Acceptable” to Protect Data

On Friday, February 13, 2015, the Payment Cards Industry (PCI) Security Standards Council (Council) posted a bulletin to its website, becoming the first regulatory body to publicly pronounce that Secure Socket Layers (SSL)...more

Locke Lord QuickStudy: Attention, Health Insurers: Unique Encryption Requirements in NJ

Setting a new standard for encryption, New Jersey has enacted a new law (P.L. 2014, c. 88, codified at N.J. Stat. Ann. §§ 56:8-196 - 56:8-198) effective August 1, 2015, requiring health insurance carriers authorized to issue...more

PCI Council: SSL Will No Longer Be Sufficient for E-Commerce

In the latest edition of the PCI Council’s Assessor Newsletter, the Council previewed a proposed change related to the use of Secure Socket Layer (SSL) protocol for encrypting communications between your website’s e-commerce...more

Beyond HIPAA: New Jersey Law Requires Encryption of Personal Data by Health Insurance Carriers

In response to data breaches that have occurred across the United States, several of which involved the theft of laptop computers, beginning August 1, 2015, health insurance carriers in New Jersey will be obligated to do more...more

Privacy Tuesday - January 2015

Good Tuesday – The East Coast prepares for Apocalypse (Sn)ow. In the meantime, here are three privacy-related tidbits for your day. Privacy Concerns Cause Scale Back of Release of HealthCare.gov Data - We...more

Alert: Five Ways to Reduce Your HIPAA Liability

As of early December 2014, 1,170 security breaches under the Health Insurance Portability and Accountability Act (HIPAA) involving 31 million records had been reported to the U.S. Department of Health and Human Services (HHS)...more

New Jersey Imposes New Encryption Standards for PHI

New Jersey recently amended its privacy laws to now require health insurers and care providers that do business in the state to encrypt PHI....more

Time to Get Rid of Those Post-it Notes with All Your Passwords!!!

This month, Governor Chris Christie signed into law a New Jersey bill requiring health insurance carriers (e.g., insurance companies, health service corporations, hospital service corporations, medical service corporations,...more

New Jersey Requires Encryption for Health Insurance Carriers; May Open Door to Class Action Suits over Violations Under State...

Gov. Chris Christie has signed into law S. 562, which, as its title states, “Requires health insurance carriers to encrypt certain information.” Violation of this new law constitutes a facial violation of the New...more

News from the Health Law Gurus™:

News from the Health Law Gurus™ is a weekly summary of notable health law news from around the country with helpful links to related content. Check back every week for the latest health law news stories....more

Encryption and Securing BYO Devices at the Heart of Massachusetts AG $100,000 Settlement

The Massachusetts Attorney General announced Friday that her office had reached a settlement with Beth Israel Deaconess Medical Center (BIDMC) surrounding a 2012 data breach in which a physician’s unencrypted personal laptop...more

California Reports 600% Increase In The Number Of Individuals Affected By Data Breaches

On October 28, 2014, the California Attorney General released a report revealing that more than 18.5 million California residents were victims of data breaches in 2013....more

5 Compliance “Hot Spots” for Technology Companies Under Export Controls and Sanctions Laws

Increasingly interconnected global businesses need to focus on how export controls and trade sanctions can affect their cross-border activities in unexpected ways. For decades, the US Government has used trade...more

Software Companies Now on Notice That Encryption Exports May Be Treated More Seriously: $750,000 Fine Against Intel Subsidiary

The Bureau of Industry and Security (BIS) recently issued a $750,000 fine against an Intel subsidiary for the unlawful exportation of software products that enable encryption. This is a sharp departure from BIS’s historical...more

Head In The Clouds About Cloud Storage

Did you know there are many cloud service providers in the cyber industry? Probably so. But did you know that cloud service providers may be operating in a country outside the United State? Whether you did or not, you may not...more

Google Street View Plaintiffs on the Hunt for “a Needle in a Haystack” to Demonstrate Standing, but District Court Grants...

Back in April, Google filed a Petition for Certiorari with the U.S. Supreme Court in the Street View case, seeking review of the Ninth Circuit’s decision holding that unencrypted Wi-Fi signals are protected from interception...more

Cliff Notes from the Joint OCR/NIST HIPAA Security Conference

As a service to our readers, we have distilled last week’s joint HHS Office of Civil Rights (OCR) and National Institute of Standards in Technology (NIST) conference, “Safeguarding Health Information: Building Assurance...more

70 Results
|
View per page
Page: of 3