No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
Change Healthcare Inc. has amended its initial breach report to the HHS Office for Civil Rights (OCR) to state that 100 million individuals were impacted by its mammoth ransomware attack and breach. However, as of Oct. 24,...more
Pennsylvania-based Geisinger Health System said it experienced a breach impacting more than 1.27 million patients when a former employee of vendor Nuance Communications Inc., a Microsoft Corp. subsidiary, accessed patient...more
As our loyal Practical Privacy readers may remember, back in December of 2021, the Federal Trade Commission (the “FTC” or “Commission”) began a rulemaking process to update the Commission’s Health Breach Notification Rule...more
The Cybersecurity and Infrastructure Agency (CISA) is seeking comment on a proposed rule to implement reporting requirements for critical infrastructure entities, including health care entities, on cyberattacks and ransomware...more
As the health care industry continues reeling from the recent Change Healthcare ransomware attack that crippled large portions of the U.S. health care system, health care providers are naturally reminded of the importance of...more
Friendly reminder – the Washington My Health My Data Act (“WMHMDA”) compliance deadline for regulated entities to post their consumer health data privacy policy is March 31, 2024 (June 30, 2024 for small businesses). A...more
You are the HIPAA privacy official of a hospital or health plan (a covered entity under HIPAA). You receive an email from a vendor that handles protected health information (a business associate), informing you that one month...more
Report on Patient Privacy 23, no. 12 (December, 2023) Northwell Health in New York and Cook County Health in Chicago each experienced impacts from a breach at Nevada-based transcription company Perry Johnson & Associates...more
Report on Patient Privacy 23, no. 11 (November, 2023) The American Hospital Association (AHA) is urging federal lawmakers to intervene with the HHS Office for Civil Rights (OCR) so that hospitals and health systems can...more
On Oct. 30, President Joe Biden issued an executive order on safe, secure and trustworthy artificial intelligence. The executive order provides a sprawling list of directives aimed at establishing standards for AI safety...more
Recent developments at the federal and state level demonstrate that regulators are focused on protecting consumer health data. Specifically, state and federal regulators want to close the gap between HIPAA-protected data and...more
The FTC recently proposed amendments to the Health Breach Notification Rule (HBNR). This is on trend with its aggressive interest over the last couple of years in health data not covered by HIPAA....more
This is Part Three in a series of legal updates on the Washington My Health My Data Act (“WMHMDA”) where Quarles continues its deep dive into the various factors and intricacies of WMHMDA that are creating tidal waves in the...more
To say there’s been a lot of new privacy law in the last decade is an understatement. For those of us who think we’ve “seen it all,” many of these new laws arrive and elicit a sense of challenge (for the optimists) or mild...more
Every October, in recognition of National Cybersecurity Awareness Month, the federal government and its partners work to educate stakeholders on cybersecurity awareness and how best to protect the privacy and security of...more
The State Attorneys General in New York and New Jersey recently settled with four companies over alleged HIPAA noncompliance following phishing attacks. The New Jersey settlements were brought against three NJ-based cancer...more
[co-authors: Brandon Thompson and Samantha Ettari] By restricting and changing the shape of human interaction for over a year, the COVID-19 pandemic rapidly accelerated the digitalization of many services and, in doing so,...more
The Department of Health and Human Services (HHS) announced on April 2 that HHS is exercising its enforcement discretion to permit business associates to use and disclose protected health information (PHI) for public health...more
Following an investigation led by the Washington Attorney General, Premera Blue Cross has agreed to pay $10 million to 30 states after experiencing a data breach in 2014 that compromised the Protected Health Information of...more
Military personnel continue to be victimized by data breaches. This time, the personal information of healthcare workers employed by Potomac Healthcare Solutions (Potomac), who work for a U.S. Special Operations Command were...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued a new guidance regarding HIPAA compliance and the use of cloud computing solutions. The guidance is intended to assist covered entities...more
MedStar Health Cardiology Associates, (“MedStar Cardiology”) affiliated with MedStar Health, which was recently in the news for a ransomware attack, discovered that an employee sent protected health information of 907...more
On August 4, 2016, the U.S. Department of Health and Human Services, Office of Civil Rights (OCR) announced a record-setting settlement with Advocate Health Care Network (Advocate) for multiple potential violations of HIPAA...more
It is not a matter of "if" but "when" an employer will be required to notify employees of a security breach. Forty-seven states require employers to notify employees when defined categories of personal information, including...more
On October 12, 2015, Nossaman and UC Irvine hosted a Cyber Symposium at the City Club in Los Angeles. The event included four panels of Nossaman lawyers, UCI professors, and private professionals who are experts in the areas...more