News & Analysis as of

Information Security Training Master Class: Winning the Battle Against Data Breaches, Malicious and Negligent Employees, and...

Disclaimer: I am a crazy person. I read over 50 articles before I wrote this (WHO DOES THAT) and I’m not even sure how I got so sucked in. In short, information security is a big deal right now – and there are tons of ways to...more

New York AG Reports that Data Breaches Cost New York Businesses over $1B Last Year

The current headline in data security is a just-released report from the New York Attorney General's Office (the "AG Report") announcing that the number of reported data breaches more than tripled between 2006 and 2013,...more

New York Attorney General Report Shows the Number of Data Breaches is on the Rise and Recommends Steps to Take for Protecting...

On July 15, 2014, the New York Attorney General issued a report examining the growing number and costs of data breaches in the state of New York. The report titled, “Information Exposed: Historical Examination of Data...more

To keep data safe, law firms must embrace a culture of security

As the White House report on big data indicates, an enormous amount of information is collected, stored, analyzed and relayed in digitized form over the Internet and, increasingly, using mobile technology. Headlines...more

Survey Shows U.S. Organizations Need More Improvement To Counter Cybercriminals

Despite a surge in both the number of detected cybersecurity incidents and the financial costs associated with such breaches, a new report shows that U.S. organizations lack the necessary defenses to effectively counter...more

Key Questions to Ask When Preparing a Data Breach Response Plan (Part II)

Following up on last week’s post, we return to the wide range of questions about a company’s operations that can guide a team building a data breach response plan to cover many of the risks encountered in the wake of a...more

Cyber-Security Corporate Governance: Three Essential Steps To Form A Cyber-Security SWAT Team

Last year, Canadian Lawyer InHouse Magazine posed the question, "Should in-house counsel be asking more questions about the strength of their company's cyber systems…" and they cited the Association of Corporate Counsel 2012...more

Plugging the Leak: Guidelines for a Data Breach Response Plan

Though data breaches have been on the forefront of many large company’s risk management efforts for a number of years, it has become clear that the threat of a data breach is very real and touches on every business,...more

Cyber Risks for the Boardroom Part 1: The Recent Increase in Focus on Privacy Issues

Each day this week, we are going to explore some of the issues in the rapidly growing area of cyberliability. We will examine the recent increase in focus on privacy issues, why directors should be concerned, the top...more

Security Rule Compliance: The Importance of Performing Regular Risk Analyses

It is likely that you are familiar with the HIPAA Security Rule’s mandate that covered entities and business associates document the decision making process that led to the selection of their means to achieve security for...more

Cybersecurity Is Not Just an IT Issue; It’s an IG Issue

For leaders and counsel in many organizations, the word “cybersecurity” typically triggers concerns about the IT department, conjuring images of hackers and requiring unfamiliar terminology such as “firewalls” and...more

35 Days And Counting - R.I.P. Windows XP

Effective April 9, 2014, Microsoft will no longer provide technical support or security updates for the Windows XP operating system. According to Microsoft, personal computers running Windows XP after April 8, 2014 should not...more

On the Fifth Day of Privacy, the SEC Gave to Me…..

Sing it with me now….. FIVE GOLDEN RULES! As public companies prepare for the New Year and the start of yet another annual reporting season, it is the perfect time to reflect on our 2013 prediction that the SEC would...more

Health plan pays for failing to erase data on leased equipment: two takeaways for companies handling electronic PHI

The Office for Civil Rights (OCR) has announced a settlement between the US Department of Health and Human Services and Affinity Health Plan, Inc. to address potential violations of the Health Insurance Portability and...more

HIPAA’S FINAL RULE: Putting Things in Perspective – Comments from OCR

On March 22, 2013, Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) Director Leon Rodriguez presented the keynote address to attendees of the American Health Lawyers’ Association HIPAA/HITECH Conference in...more

The Storm Has Arrived: Cybersecurity, Risks And Response

Every day the headlines report another Fortune 500 company suffering a hacking incident. For companies, the hack itself creates substantial risks of economic devastation caused by the theft of valuable trade secrets. Add to...more

The New HIPAA Omnibus Rule & Your Liability — A Detailed Review

As we have reported in this blog, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently released final regulations containing modifications to the HIPAA Privacy, Security, Enforcement, and...more

A Detailed Analysis of Changes to HIPAA and the Implications for Healthcare Providers and Others in the Healthcare Industry: HIPAA...

Changes to the HIPAA Breach Notification Rule - Background: The HITECH Act required Covered Entities to notify individuals, HHS, and in some cases, the media, of a Breach of Unsecured PHI. A Business Associate is...more

No Harm, No Foul, No More—New HIPAA “Breach” Standards Seek To Provide Consistency, Objectivity

Beginning this fall, employer health plans—or their business associates—will have to make more comprehensive and methodical risk assessments following the discovery of an impermissible use or disclosure of unsecured...more

What Covered Entities and Business Associates Need to Do to Prepare for the New HIPAA/HITECH Requirements (Part I)

The Department of Health and Human Services (HHS) issued, on January 17, 2013, its Final Omnibus Rule modifying the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules as well as...more

Top Ten Ways To Manage Cyber Risk

This is the second installment of our series on Cyber Risk: Are you Protected? This article highlights the top ten ways to manage cyber risk, including strategies for preventing a cyber breach, creating a response plan in the...more

HHS Releases HIPAA/HITECH Omnibus Final Rule

Rule finalizes many provisions of the proposed rule, imposing new privacy and security obligations directly on business associates and modifying the definition of "breach" and the required factors to be considered in a risk...more

22 Results
|
View per page
Page: of 1