The Federal Communications Commission (FCC) adopted an order on Oct. 27, 2016, which started to go into effect this month, regarding privacy and data security obligations for broadband internet access service (BIAS) providers...more
Recently, the Government Accountability Office (GAO) reviewed the U.S. Department of Health and Human Services’ (HHS) security and privacy oversight and identified significant gaps in the cybersecurity guidance provided by...more
Recently, Federal Communications Commission (FCC or Commission) Chairman Tom Wheeler circulated to the Commission a revised proposed order to regulate the data privacy and security practices of internet service providers...more
In November, we reported on a proposal by the New York Department of Financial Services (NYDFS) for an extensive cybersecurity framework for its regulated financial institutions. Recently, Governor Cuomo announced a proposed...more
How the theft of a single password-protected laptop turned into an enterprise-wide review of an organization’s data protection practices.
Following the announcement of a recent settlement between the U.S. Department of...more
“I would like to make an appointment for my back pain and possible shingles. Can you please call me @ [phone number]. Thank you! [patient name]” – Patient Review, December 31, 2012
The Federal Trade Commission (FTC) and...more
Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) recently agreed to enter into a $650,000 resolution agreement and a two-year corrective action plan (CAP) with the Office for Civil Rights (OCR). CHCS...more
On June 22, 2016, mobile advertising company InMobi Private Ltd. settled Federal Trade Commission (“FTC” or “Commission”) claims of violations of Section 5 of the FTC Act, and the Children’s Online Privacy Protection Act and...more
On June 14, 2016, the D.C. Court of Appeals ruled 2-1 in favor of the Federal Communication Commission’s (FCC) net neutrality rules, which the commission approved on February 26, 2015 (published March 12, 2015). This...more
By couching its position in an individual’s right to access protected health information (PHI), beginning on January 7, 2016, the U.S. Department of Health & Human Services’ Office for Civil Rights (OCR) issued guidance to...more
On March 31, 2016, the Federal Communications Commission (FCC) issued a Notice of Proposed Rulemaking (NPRM) of privacy and security regulations for Internet service providers (ISPs). The NPRM, In The Matter of Protecting the...more
In 2015, the Federal Communications Commission (FCC or global Commission) issued its Open Internet Order, applying Section 222 of the federal Communications Act to broadband Internet access services (BIAS), and in doing so...more
Although healthcare entities are exempt from BIPA’s requirements because of HIPAA, they are likely next in line for lawsuits because of their rapid adoption of biometric authentication measures for employees and contractors....more
Just four months into 2016, the healthcare industry is already facing a permanent and increasing threat to hospital operations: ransomware. Previously, BakerHostetler reported that Hollywood Presbyterian Hospital paid 40...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) continued its run of resolution agreements for HIPAA violations, pulling in $5.45 million from just two entities, North Memorial Health Care of...more
To date, the U.S. Federal Trade Commission has brought over 60 enforcement actions regarding company data security practices, and 2016 is already no different. On February 23, 2016, the FTC and Taiwanese computer hardware...more
Forty bitcoins later (approximately $17,000), Hollywood Presbyterian Hospital can now access its electronic medical health records and return to treating its patients as scheduled. But as hackers develop new tools to access...more
On January 13, 2016, the Department of Health and Human Services’ Administrative Law Judge upheld the Office for Civil Rights’ (OCR’s) civil monetary penalty (CMP) against Lincare, Inc., d/b/a United Medical (Lincare), for...more
The U.S. Department of Health and Human Services’ (HHS) Substance Abuse and Mental Health Services Administration (SAMHSA) has released proposed changes to the Confidentiality of Alcohol and Drug Abuse Patient Records...more
On January 6, 2016, the U.S. Department of Health and Human Services (HHS) released a modification to the Health Insurance Portability and Accountability Act (HIPAA) removing barriers to reporting federal mental health...more
The European Union continues to move forward with a proposed unified framework to strengthen network and information security systems across its member countries. On December 18, 2015, the Permanent Representatives Committee...more
On the heels of the Lahey Hospital and Medical Center resolution agreement, OCR announced a resolution agreement with Triple-S Management Corporation and its subsidiaries, Triple-S Salud Inc. and Triple-C Inc. (collectively...more
On November 9, 2015, the New York State Department of Financial Services (NYDFS) issued a letter to the members of the Financial and Banking Information Infrastructure Committee (FBIIC) detailing a new cybersecurity framework...more
The Office of Inspector General’s (OIG) recently released Privacy Standards report assessed the Office for Civil Rights’ (OCR) oversight of covered entities’ compliance with the Privacy Rule as well as the extent to which...more
The Office of Inspector General’s (OIG) recently released Privacy Standards report assessed the Office for Civil Rights’ (OCR) oversight of covered entities’ compliance with the Privacy Rule as well as the extent to which...more