The Privacy Insider Podcast Ep. 7: David, Goliath, and Data Privacy Part II: Max Schrems
When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
The House and Senate were both in session this week, with significant healthcare activity at the committee level. The House Ways & Means Committee met to discuss healthcare price transparency, and the Ways & Means Health...more
A Florida communications firm and its owner agreed to pay $293,771 to resolve False Claims Act (FCA) allegations that they failed to secure personal information on a federally funded Florida children’s health insurance...more
After a six-month delay due to the COVID-19 pandemic, the first provisions of the interoperability rule issued by the Centers for Medicare & Medicaid Services (CMS) took effect on July 1. The new requirements are the first of...more
The Hogan Lovells’ Corporate Insurance Newsletter for January 2020 has been published. This provides a round-up of UK, EU and international regulatory developments relevant to UK based insurance market participants. In this...more
Effective October 1, 2019, organizations providing health insurance and related services must notify the Maryland Insurance Administration as part of its breach notification requirements. In August 2019, the Maryland...more
As a global insurance industry team, we aim to follow industry trends and developments as closely as possible in order to deliver well informed perspectives and thought leadership to our clients and contacts. In the newly...more
Cyber-attacks on healthcare data are becoming increasingly common and costly and last week even CMS announced that it had suffered a data breach....more
On October 15, 2018, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced that Anthem, Inc. will pay $16 million to settle OCR’s investigation of its potential violations of the Health...more
A single, multidisciplinary entity, like a university, may include certain departments that use PHI, and other departments that do not. Such institutions are eligible to (and should) self-identify as “hybrid entities” to...more
Earlier this year, Governor Charlie Baker signed into law an Act to Protect Access to Confidential Healthcare (the PATCH Act), which prevents information regarding “sensitive health care services” from being shared with...more
U.S. Financial Industry Developments - CFTC and SEC Announce Approval of New MOU - On June 28, 2018, the Commodity Futures Trading Commission ("CFTC") and the Securities and Exchange Commission ("SEC") announced that...more
Health insurance carriers often provide explanation of benefits (EOB) summaries to the policyholder specifying the type and cost of health care services received by dependents covered by the policy. EOBs often disclose...more
The recent $575,000 settlement with EmblemHealth signals a push from AG Schneiderman “for stronger security laws and hold[ing] businesses accountable for protecting their customers’ personal data.” Noting New York’s “weak and...more
On January 20, 2017, businessman Donald J. Trump was sworn in as the 45th President of the United States following a contentious and unconventional 2016 presidential election. Republicans also successfully maintained control...more
Energy and Critical Infrastructure Industries Warned of Increased Attacks by FBI and DHS - The FBI and Department of Homeland Security issued a joint statement on October 20, 2017 warning of an increased danger of a...more
With open enrollment in full swing for many employers, now is a good time to review employee benefit communications. Plan sponsors of health plans are generally responsible for properly administering all of the health plan...more
The Vermont Attorney General (AG) recently announced that it has settled with SAManage USA, a business support services company, for failing to timely notify 660 Vermont residents that their names and Social Security numbers...more
You may not realize how much personal information your insurance company has about you. Scarier still is that much of this data is sensitive and valuable to hackers – such as your Social Security number, financial...more
The Vulnerability of Healthcare Information - According to a report the Brookings Institute issued in May 2016, 23% of all data breaches occur in the healthcare industry. Nearly 90% of healthcare organizations had some...more
There are several reasons an employer might have employee health information, ranging from the results of a pre-employment physical to the contents of a request for FMLA leave to what’s written in a health provider’s note...more
On September 14, 2015, the OIG released a Public Summary Report finding that although CMS had implemented controls to secure the Multidimensional Insurance Data Analytics System (MIDAS) and consumer personally identifiable...more
The latest major health insurance data breach of 2015 reported by Excellus BlueCross BlueShield is considered one of the top 20 worst reported breaches of a healthcare organization. The attack affected about 7 million...more
Yesterday, Excellus Blue Cross Blue Shield, located in Rochester, NY, announced that it will notify up to 10 million members that it was the victim of a cyber-attack dating back to December of 2013 that exposed their members’...more
The Anthem and Premera Blue Cross data breaches caused widespread panic throughout the employer health plan community earlier this year. For many, these data breach announcements served as a wakeup call for employer health...more
New Jersey’s new data privacy standard, signed into law as S. 562 by Gov. Chris Christie on January 9, requires health insurance carriers that are authorized to issue health benefit plans in New Jersey to protect individually...more