Written by: Dianne Bourque and Stephanie Willis As promised by the Department of Health and Human Services’ Office of Civil Rights (OCR) and as reported here on June 11th, OCR has released its HIPAA privacy and security audit protocols. The audit protocols are intended to cover the three main areas of HIPAA privacy and security enforcement: Privacy Rule requirements,… Continue Reading
Monthly Archives: June 2012
FTC Sues Wyndham Hotels
Posted in Data Breach, Federal Trade Commission, Privacy LitigationWritten by Amy Malone The Federal Trade Commission (FTC) has announced that it has filed suit in U.S. District Court in Phoenix against Wyndham Worldwide Corporation and three of its subsidiaries. The lawsuit cites “alleged data security failures that led to three data breaches at Wyndham hotels in less than two years.” The breaches in question… Continue Reading
OMB Extends Review Period for HIPAA/HITECH Omnibus Rule
Posted in UncategorizedWritten by: Dianne Bourque and Stephanie Willis The Office of Management and Budget (OMB) announced on Friday, June 22, 2012, that it has extended the review period for the highly-anticipated omnibus rule intended to update key definitions and enforcement provisions relating to the implementation of the Health Insurance Portability and Accountability Act (HIPAA). As we noted in a previous post, the rule was originally… Continue Reading
HITECH: Business Associates Beware – New Rules, Audits and Enforcement on the Horizon!
Posted in Data Compliance & Security, HIPAA/HITECHThe upcoming HIPAA Omnibus Rule is poised to transform an already challenging privacy and security landscape for business associates or those who provide services to HIPAA “covered entities.” The HITECH Act has already imposed greater compliance responsibility on business associates and their subcontractors. The rules are set to change further and failure to comply can result in… Continue Reading
Revisions to Connecticut Data Breach Notification Law Pass in Budget Bill
Posted in Data Breach Notification, Privacy RegulationWe have been following proposed legislation to modify the Connecticut data breach notification law as it worked its way (unsuccessfully) through the 2012 General Session of the legislature. To our surprise, it has, nonetheless, been passed as part of the state’s General Assembly’s Special Session — included in the state’s Budget Bill as Section 130. The text… Continue Reading
LinkedIn Password Theft Results in Class Action Lawsuit
Posted in Class Action Litigation, Data BreachWritten by Kevin McGinty Nearly as predictable as the sun coming up in the morning, the recent theft of 6.5 million LinkedIn user passwords has resulted in the filing of a class action lawsuit in a California federal court. In her complaint, a LinkedIn premium subscriber asserts claims on behalf of all LinkedIn users for… Continue Reading
NLRB Continues to Speak Out on Social Media
Posted in Employee Privacy, Privacy RegulationRecently, the National Labor Relations Board Acting General Counsel Lafe E. Solomon issued his third and latest report on social media cases, providing specific guidance on how to construct a lawful social media policy. In the report, Solomon takes a narrow view of what types of policy provisions are acceptable and instructs, for example, that… Continue Reading
OCR Shares Preliminary HITECH Audit Results; What’s Next??
Posted in HIPAA/HITECH, Privacy RegulationWritten by Dianne J. Bourque Last week at the OCR/NIST conference, Building Assurance through HIPAA Security, Linda Sanches of the Office for Civil Rights provided an extensive update on the pilot HITECH audit program, including preliminary findings, what regulated entities can expect next and suggestions for covered entities concerned about being audited. Mintz Levin attended… Continue Reading
Spokeo Agrees to $800,000 FTC Settlement
Posted in Federal Trade CommissionWritten by Adam Veness Spokeo, Inc. has agreed to pay the FTC $800,000 to settle the FTC’s claims alleging that Spokeo violated the Fair Credit Reporting Act (FCRA) and committed unfair or deceptive acts or practices under the FTC Act. Spokeo is a data broker that collects personal information of millions of consumers and compiles… Continue Reading
Weekend Reading
Posted in UncategorizedHere is some weekend reading for those looking at e-discovery issues. Our colleagues, John Koss and Rebecca Diamond, have published an article in Bloomberg BNA – Digital Discovery and e-Evidence delving into deleted text messages in the Deepwater Horizon controversy. Read In the Slick of It: Will BP Go Down With an Employee Who Purportedly… Continue Reading
HHS Office of Civil Rights Director Speaks
Posted in HIPAA/HITECH, Privacy RegulationOur colleagues over at the Mintz Health Law & Policy Matters blog have been attending this week’s HIPAA Security Conference and have posted an update here. Two big takeaways — Office of Civil Rights (the agency that enforces the HIPAA privacy and security standards) Director Leon Rodriguez says that HIPAA compliance expectations are higher than ever… Continue Reading
LinkedIn Passwords Hacked – UPDATE
Posted in Data Breach4:44 PM — LinkedIn has confirmed reports of hacking – http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/ It’s time for a little password hygiene. ZDNet reports that a Russian organization claims to have downloaded over 6.4 million passwords from LinkedIn. They also report that some 300,000 of them may have already been accessed. LinkedIn has yet to confirm these details… Continue Reading
Updated Mintz Matrix
Posted in Data Breach, Data Breach Notification, Privacy RegulationWelcome to June! It’s time for an an updated version of our “Mintz Matrix” — the Mintz Levin matrix of state data security breach notification laws. We update this matrix quarterly, or as developments dictate. The June, 2012 Mintz Matrix can be found here – UPDATED Data Breach Matrix (6_2012) And, the updated version can… Continue Reading
