Safeguards against Data Security Breaches (Part One)
Recent, large-scale breaches of health information have served to highlight the fact that federal agencies have only rarely assessed penalties against companies as a result of these breaches, while many states do not have...more
On March 4, 2015, Washington State’s House of Representatives passed HB 1078, which would significantly tighten Washington’s current data breach notification requirements, currently codified at RCW 19.255.010. The bill has...more
To take a break from pure e-discovery, we wanted to focus on something fun. Now that Selection Sunday is behind us, it is time to get down to the important business of filling out brackets for the NCAA Division 1 Men’s...more
State legislatures are not waiting for Congressional action on a national data breach notification standard.
Montana — Montana has amended its 10-year old breach notification law (see Mintz Matrix) to expand the...more
Effective August 1, 2015, New Jersey will require health insurance carriers authorized to issue health benefit plans in New Jersey to encrypt personal information that they store electronically....more
In the wake of recent breaches of personally identifiable information (PII) suffered by health insurance companies located in their states, the New Jersey Legislature passed, and the Connecticut General Assembly will consider...more
We welcome this guest blog by Gene Fry, Compliance Officer, Scrypt, Inc.
The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. This means that any...more
Spurred by the prescient reporting found in this space (and, just maybe, by the Anthem data breach, which occurred a week later), insurance regulators have recently engaged in a flurry of regulatory activity relating to cyber...more
On Friday, February 13, 2015, the Payment Cards Industry (PCI) Security Standards Council (Council) posted a bulletin to its website, becoming the first regulatory body to publicly pronounce that Secure Socket Layers (SSL)...more
Setting a new standard for encryption, New Jersey has enacted a new law (P.L. 2014, c. 88, codified at N.J. Stat. Ann. §§ 56:8-196 - 56:8-198) effective August 1, 2015, requiring health insurance carriers authorized to issue...more
In the latest edition of the PCI Council’s Assessor Newsletter, the Council previewed a proposed change related to the use of Secure Socket Layer (SSL) protocol for encrypting communications between your website’s e-commerce...more
In response to data breaches that have occurred across the United States, several of which involved the theft of laptop computers, beginning August 1, 2015, health insurance carriers in New Jersey will be obligated to do more...more
Good Tuesday – The East Coast prepares for Apocalypse (Sn)ow.
In the meantime, here are three privacy-related tidbits for your day.
Privacy Concerns Cause Scale Back of Release of HealthCare.gov Data -
As of early December 2014, 1,170 security breaches under the Health Insurance Portability and Accountability Act (HIPAA) involving 31 million records had been reported to the U.S. Department of Health and Human Services (HHS)...more
New Jersey recently amended its privacy laws to now require health insurers and care providers that do business in the state to encrypt PHI....more
This month, Governor Chris Christie signed into law a New Jersey bill requiring health insurance carriers (e.g., insurance companies, health service corporations, hospital service corporations, medical service corporations,...more
Gov. Chris Christie has signed into law S. 562, which, as its title states, “Requires health insurance carriers to encrypt certain information.”
Violation of this new law constitutes a facial violation of the New...more
News from the Health Law Gurus™ is a weekly summary of notable health law news from around the country with helpful links to related content. Check back every week for the latest health law news stories....more
The Massachusetts Attorney General announced Friday that her office had reached a settlement with Beth Israel Deaconess Medical Center (BIDMC) surrounding a 2012 data breach in which a physician’s unencrypted personal laptop...more
On October 28, 2014, the California Attorney General released a report revealing that more than 18.5 million California residents were victims of data breaches in 2013....more
Increasingly interconnected global businesses need to focus on how export controls and trade sanctions can affect their cross-border activities in unexpected ways.
For decades, the US Government has used trade...more
The Bureau of Industry and Security (BIS) recently issued a $750,000 fine against an Intel subsidiary for the unlawful exportation of software products that enable encryption. This is a sharp departure from BIS’s historical...more
Did you know there are many cloud service providers in the cyber industry? Probably so. But did you know that cloud service providers may be operating in a country outside the United State? Whether you did or not, you may not...more
Back in April, Google filed a Petition for Certiorari with the U.S. Supreme Court in the Street View case, seeking review of the Ninth Circuit’s decision holding that unencrypted Wi-Fi signals are protected from interception...more
As a service to our readers, we have distilled last week’s joint HHS Office of Civil Rights (OCR) and National Institute of Standards in Technology (NIST) conference, “Safeguarding Health Information: Building Assurance...more
Back to Top