The holidays are over. 2020 is upon us. And for American businesses with any connection to California, this means one thing: the California Consumer Privacy Act (CCPA), America’s version of GDPR is here. It is a phased...more
As Congress continues to wrestle with federal privacy legislation, the states have been lining up alternative proposals. North Carolina has introduced its own bipartisan bill. The bill, H.B 904, will not pass this year. Even...more
In 2015, the European Court of Justice struck down Safe Harbor, the legal device that enabled data transfers from the European Union to the United States. This summer, Safe Harbor’s successor, Privacy Shield, may meet the...more
Last week, Indiana based Medical Informatics Engineering, Inc. (MIE) agreed to pay $100,000 to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). MIE provides electronic health record and related...more
6/6/2019
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
OCR ,
PHI ,
Popular ,
Settlement ,
State Attorneys General
Amidst the thicket of federal regulators that populate Washington is the obscure Committee on Foreign Investment in the United States (CFIUS). Founded on the eve of World War II, CFIUS is an inter-agency task force. Its...more
*Trigger Warning*: This article includes mentions of suicide.
It could be the start of a Law & Order episode. In August, a pedestrian in Manhattan’s East Village noted a driver sitting inside a parked car. The driver was...more
North Carolina joined Attorneys General from a dozen states in suing Indiana based Medical Informatics Engineering (MIE) and affiliates. The complaint alleges that the companies failed to undertake reasonable measures to...more
In June 2017, the NotPetya virus crippled many large companies including Merck and Mondelez (the manufacturer of Nabisco, Cadbury, and Toblerone). The aggregated losses, including property damage, operational disruptions, and...more
In finding a common law duty to protect employees’ personal data, the Pennsylvania Supreme Court has unexpectedly, and dramatically, altered the contours of the data breach litigation landscape....more
No human instinct is as ingrained as the desire to defend oneself against unjust criticism. But that instinct must be tamed where personal health information is involved. A Connecticut medical practice has just learned that...more
Missouri’s Cass Regional Medical Center (CRMC) was recently hit with a ransomware attack. Existing patients continued to receive care, but incoming trauma and stroke patients were diverted to other facilities. The hospital...more
HIPAA was enacted in 1996. In the years since, most healthcare entities have adapted to the major requirements imposed by HIPAA, HITECH, and the Privacy and Security Rules. Nevertheless, the thicket of regulations still...more
The ink had barely dried on the Alabama’s new data breach notification statute (which made it the 50th state to enact such legislation) when California upped the ante. In an effort to head off a November ballot initiative,...more
In the latest episode of a long running saga, the Eleventh Circuit has ruled against the Federal Trade Commission (FTC) in its years-long battle with LabMD Inc. The Court vacated the FTC’s order requiring LabMD to implement a...more
Data privacy regulation tends to take one of two general approaches. In most of the world—but not in the United States—the approach is usually characterized as “omnibus.” Under an omnibus regime, privacy rights are defined at...more
IT, we have a problem. Reports of cybersecurity incidents continue to come in thick and fast. In November 2017, Equifax announced a mammoth data breach that it estimated would cost more than $140 million to address....more
The Securities and Exchange Commission (SEC) has undertaken its first enforcement action in connection with a public company’s failure to timely disclose cyber-issues. Last month, Altaba Inc., the former Yahoo! Inc. (Yahoo!),...more
Given recent headlines, ranging from Facebook to Cambridge Analytica to the City of Atlanta’s ransomware attack, the logical inference is that the European Union’s General Data Protection Regulation (GDPR) is a product of our...more
The year was 2005. The iPhone was still two years away. Facebook was still a niche product. Tweeting was a birds-only activity. And North Carolina was one of the first states in the union to enact a data breach notification...more
Last week, an unknown Twitter contractor briefly suspended President Trump’s Twitter account. The episode lasted 11 minutes. On its face, it may seem like a relatively small matter, but existing law could make a federal case...more
IRS Revokes Hospital's Exemption Under Section 501(c)(3) for Failure to Comply with Community Health Needs Assessment Requirements -
On August 4, 2017, the Internal Revenue Service (IRS) released its first revocation of a...more
The Citation of Immediate Jeopardy Deficiencies Against Nursing Facilities: Unforeseen Consequences -
There are no words more feared by a skilled nursing facility Administrator during an annual recertification survey or...more
10/24/2017
/ Criminal Background Checks ,
Drug Testing ,
Employee Benefits ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Long Term Care Facilities ,
Long-Term Care ,
OSHA ,
Ransomware ,
Salary/Wage History ,
Skilled Nursing Facility ,
Year-End Planning
As data breaches go, they don’t get much bigger than this. On Thursday, September 7, credit reporting giant, Equifax, reported that it had suffered a cyber-incident. 143 million consumer records, including names, birth dates,...more
When the USS John S. McCain collided with the tanker Alnic MC near Singapore, it was the third such collision this summer. The ship sustained damage at the waterline, flooding a crew sleeping area. Such incidents are...more
In Packingham v. North Carolina, 137 S. Ct. 1730, 1735 (U.S. 2017) the Supreme Court of the United States held that N.C.G.S. § 14-202.5, a North Carolina statute that barred registered sex offenders from websites such as...more