Archives: Data Protection

Subscribe to Data Protection RSS Feed

To Settle or Not to Settle – That Is the Question Raised by Recent HIPAA CMPs

Patient Medical Record Icon. Flat Design.

On February 1, 2017, the Department of Health and Human Services, Office for Civil Rights (“OCR”) announced that the Children’s Medical Center of Dallas (“Children’s”) has paid a civil monetary penalty (“CMP”) of $3.2 million to resolve multiple HIPAA violations over several years. This CMP announcement raises a number of question… Continue Reading

HIPAA Small Breach Notifications Due March 1: “In Like a Lion, Out Like a Lamb” if You Submit Timely”

March1rev1

March 1, 2017 is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health information that were discovered in calendar-year 2016. A small breach involves fewer than 500 individuals.

HIPAA Notification Requirements. HIPAA re… Continue Reading

IoT Vendors Beware: FTC’s Latest Enforcement Action Signals Further Scrutiny of the Industry

FTC Complaint Alleges IoT Vendor’s Security Promises Don’t Match Its Practices

The FTC’s first data security enforcement action in 2017 sends a clear signal to vendors serving the Internet of Things (“IoT”) marketplace: make sure your data security promises match your data security practices.  IoT is in the spotlight following last year’s … Continue Reading

The Price of PHI – A $2.2 Million USB Drive

USB flash drive icon with long shadow.

A stolen unencrypted USB drive led to a $2.2 million settlement and a Resolution Agreement. The Department of Health and Human Services Office for Civil Rights (OCR) announced on January 18th a settlement with MAPFRE Life Insurance Company of Puerto Rico (“MAPFRE”) after an unencrypted USB data storage device containing records of approximately 2,… Continue Reading

Time Waits for No One: OCR Announces First HIPAA Settlement for Lack of Timely Breach Notification

health care

On Jan. 9, 2017, the Department of Health and Human Services Office for Civil Rights (“OCR”) announced the first HIPAA enforcement action for failure to timely report a breach. Often investigating and making formal determinations concerning a potential breach can be very time consuming, even when responding promptly and appropriately to the eve… Continue Reading

2017 Health Information Privacy and Security New Year’s Resolutions

list on smartphone screen.

To start off the New Year, here are some potential health information privacy and security resolutions. You can use these Annual, Quarterly, and Monthly lists to map out your privacy and security tasks for the year, and then check them off as you complete them. We have included empty rows for you to add your own resolutions.

As with any New Year’s resolution… Continue Reading

HIPAA Starter Pack

sensitive

HIPAA stands for the Health Insurance Portability and Accountability Act of 1996, but there’s a more to it than that.

Immerse yourself in an introduction to one of the most talked about and relevant laws today. Every American under the Affordable Care Act should be aware of HIPAA. Individuals or companies that create, receive, maintain, or transmit heal… Continue Reading

How Secure is Your Company?

5 steps

Given all of the unknown variables that occur in a business, it’s important to see the potential threats right in front of you. Now’s the time to take inventory of risks that may face your business.

A risk assessment is a standardized method of evaluating the potential risks that face your business. You need determine the scope of your assessment, invent… Continue Reading

Are You Prepared For When Things Go Wrong?

data breach

If your company’s data suddenly becomes lost or stolen, or is accessed without authorization, can you handle what comes next? Every day, entities of all shapes and sizes experience some form of a security breach. Some are the result of system hacking, theft, or malware, but some are simply the result of an employee’s mistakes, and therefore are preventContinue Reading

Cyber Security Threats are Evolving. Are You?

video 1

Cyber-attacks are constantly growing more challenging and dangerous. It is a top priority for businesses to protect their networks, computers, and information from unauthorized access. Should a data breach occur, cyber criminals, industry competitors, and even foreign governments put your employees and business and customer relationships at riskContinue Reading

Feeling Lost in a Storm After Suffering a Data Breach?

The FTC Issues Guidance on How to Batten Down the Hatches

 

When faced with a data breach, it’s easy for companies to feel like they’re attempting to navigate a storm without a rudder.

To provide a guiding light to companies, the Federal Trade Commission (“FTC”) recently issued a guide for businesses, with an accompanying video and blog post, o… Continue Reading

FCC Broadband Privacy Part I: The FCC’s Ascension as a Privacy Regulator

Data protection, internet security flat illustration concepts

Tomorrow, October 27, the Federal Communications Commission (FCC) is scheduled to vote on new privacy rules for internet service providers (ISP) that will have a lasting impact on U.S. privacy regulation. In this special Series, DWT starts with some background on what led us to this point and what we expect from the new rules.  Once adopted, the Series wil… Continue Reading

Just Around the Corner – HIPAA Audits for Business Associates

Feb22

Financial organizations that are business associates can expect a wave of HIPAA desk audits to evaluate the HIPAA compliance efforts of business associates.  These audits have a limited focus and are conducted by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR).  For business associates, desk audits will target breacContinue Reading

Brace for Impact: The FCC’s Broadband Privacy Rules Are Almost Here

Data protection, internet security flat illustration concepts

On October 6, Federal Communications Commission Chairman Tom Wheeler published a fact sheet and blog post outlining his proposal to create privacy rules for internet service providers (ISPs), setting the final rules up for a vote at the FCC’s October 27 open meeting. The fact sheet demonstrates that the Federal Trade Commission and other government pr… Continue Reading

Advisory Alert: 9th Cir. Rules Common Carriers Beyond FTC Authority

In a decision that could significantly impact the scope of the Federal Trade Commission’s consumer protection authority under Section 5 of the FTC Act, the U.S. Court of Appeals for the Ninth Circuit ruled on August 29, 2016, that common carriers are entirely exempt from the FTC’s jurisdiction, even when engaged in “non-common carrier” activiti… Continue Reading

Is Your Business Ready to Wield the Privacy Shield?

Beginning August 1, U.S.-based companies that self-certify their compliance with the EU-U.S. Privacy Shield will be able to import data under the new data transfer framework. But how can your company best prepare?

Companies in the United States may be excited that the EU-U.S. Privacy Shield – the new trans-Atlantic data transfer compact approved by th… Continue Reading

Breaking: EU Officially Approves Privacy Shield

U.S. companies will be able to import data from the EU under the streamlined data transfer regime starting August 1

Personal data transfers from the European Union are about to get easier for U.S. companies.

On July 12, 2016, the European Commission announced that it officially approved the EU-U.S. Privacy Shield, paving the way for the new trans-Atlantic … Continue Reading

EU Data Supervisor: Privacy Shield Needs “Robust Improvements”

The push for the European Union and the United States to reopen negotiations over the EU-U.S. Privacy Shield may have just become a shove, due to a recent opinion released by the European Data Protection Supervisor (EDPS) assessing the data protections offered and recommending a series of substantial changes to the new data transfer framework.

On May 30, t… Continue Reading

EU Parliament: EU, U.S. Must Improve Privacy Shield

On May 26, 2016, the European Parliament passed a resolution (2016/2727 (RSP)) calling on the European Commission (EC) to reopen negotiations with the United States to improve perceived “deficiencies” in the EU-U.S. Privacy Shield, the successor trans-Atlantic data transfer arrangement drafted by the U.S. and the EU after the Court of Justice of t… Continue Reading

Tennessee Gives Businesses 45 Days for Data Breach Notice

Recent amendments to the State’s data breach statute give a hard deadline for a business to provide consumer notice, removes encryption safe harbor, exempts entities that are subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”),  and will require a business to report employees’ misuse of consumer data when doContinue Reading

ALJ Dismisses FTC Data Breach Action Against LabMD

In the first ruling rebuking the Federal Trade Commission’s cybersecurity enforcement efforts, the FTC’s head administrative law judge dismissed the FTC’s complaint against LabMD, Inc., on November 13, stating that fundamental fairness demanded dismissal, as the FTC had not presented any evidence of actual or likely substantial consumer inj… Continue Reading

DWT Releases Latest Health Care Breach Charts

HCNov11Final2

Safeguarding patient information is at the core of responsibilities for health care entities under the Health Insurance Portability and Accountability Act (HIPAA). But safeguarding patient information isn’t just a regulatory requirement; every medical professional who takes the Hippocratic Oath (Modern Version) swears to respect patient priv… Continue Reading

California Beefs Up Encryption & Notice in Data Breach Law

Golden Gate Bridge

On October 8, 2015, California Governor Jerry Brown signed A.B. 964 and S.B. 570 into law, a pair of bills that amended the Golden State’s data breach notification statute (Ca. Civ. Code § 1798.82). The amendments specifically define information that is “encrypted” so as to presumptively exclude it from notice and disclosure requirements, add ad… Continue Reading

States Try to Make the Grade with Student Data Privacy Efforts

State-Student-Data-Privacy-Laws

Eight states passed substantive bills during the 2015 legislative session requiring education-focused Internet service, websites and mobile app providers to take measures to protect student data

With students around the country back in school, it’s time for educators and education-focused technology (“EdTech”) service providers to pick up … Continue Reading

LexBlog