Don’t forget to register! Mintz Levin is presenting a webinar on January 30,2013 to discuss the impact of the HIPAA Omnibus Rule - the first, sweeping overhaul of the HIPAA privacy and security rules in a decade. Covered entities will want to participate to catch up on the finer details. Business associates and downstream entities – e.g., subcontractors, cloud providers, data storage… Continue Reading
Monthly Archives: January 2013
OCR Releases Sample Business Associate Agreement Provisions
Posted in Data Breach Notification, Data Compliance & Security, HIPAA/HITECH, Privacy RegulationWritten By Kimberly Gold The Department of Health and Human Services, Office for Civil Rights (OCR) has posted on its website sample business associate agreement provisions to help covered entities and business associates comply with the new business associate agreement requirements under the final HIPAA Omnibus Rule. The HIPAA Omnibus Rule modified the minimum required… Continue Reading
Data Privacy Day 2013 Post #3 — Look out for the Maryland Privacy Police!
Posted in Data Compliance & Security, Legislation, Privacy RegulationMaryland’s Attorney General, Douglas Gansler, announced today that Maryland has a new Internet Privacy Unit to monitor the data collection practices of online companies. According to the Attorney General’s press release, the Internet Privacy Unit will monitor companies to ensure they are in compliance with state and federal consumer protection laws, including the Children’s Online Privacy… Continue Reading
Data Privacy Day 2013 – Tip #2 – Dust off your information security policy (or start putting one in place…)
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Privacy Regulation, SecurityWritten by Amy Malone Do you have a comprehensive information security program? Many businesses are still operating without one, leaving them open to preventable data breaches. The importance of info security programs was yet again underscored by the recent settlement between Cbr Systems and the Federal Trade Commission regarding a breach that affected 300,000 consumers…. Continue Reading
Data Privacy Day 2013 – Passwords
Posted in SecuritySomething everyone can do for Data Privacy Day: make it a point to change at least one password and make it “long and strong.” Here are some tips for building strong passwords from David Sherry, Chief Information Security Officer at Brown University: To create a strong password, you should use a string of text… Continue Reading
International Data Privacy Day is Monday
Posted in Data Compliance & Security, Employee Privacy, SecurityTime for some tips to keep your company (and your employees) safe online – Are your employees trained to maintain company privacy standards? Conduct employee training on privacy as it relates to employment, helping employees learn how to protect the privacy of clients’ and customers’ personal information and teaching employees how to manage their own… Continue Reading
Canada’s Anti-Spam Law is a Step Closer
Posted in Privacy RegulationUS marketers who have been paying attention to anti-spam developments north of the border are concerned about proposed new Canadian regulations. If you have not been paying attention, it’s probably time that you did. We have a guest post today discussing the progress of those regulations. CANADA’S ANTI-SPAM LAW IS A STEP CLOSER Written by: ARIANE… Continue Reading
The Sony data breach fine: A hand-slap from London now, but what would it have been under the proposed new EU Data Protection Regulation?
Posted in Data Breach, Data Breach Notification, European Union, Privacy RegulationWritten by Sue Foster, Mintz Levin – London The UK Information Commissioner’s Office (ICO) has fined Sony £250,000 for the widely publicized 2011 security breach during (see here, here, and here) which hackers gained access to personal data (including credit card information) of over 77 million users. For a company of Sony’s size, £250,000 is a hand-slap —… Continue Reading
Webinar: The New HIPAA Omnibus Rule and Your Liability
Posted in HIPAA/HITECH, Privacy RegulationMintz Levin is presenting a webinar on January 30,2013 to discuss the impact of the HIPAA Omnibus Rule – the first, sweeping overhaul of the HIPAA privacy and security rules in a decade. Covered entities will want to participate to catch up on the finer details. Business associates and downstream entities – e.g., subcontractors, cloud… Continue Reading
HIPAA Omnibus Rule Reference Chart
Posted in HIPAA/HITECH, Privacy RegulationBy Dianne J. Bourque, Kimberly J. Gold, Ellen L. Janos, Julie K. Lappas, James Sasso, Kate F. Stewart, and Stephanie D. Willis Mintz Levin is pleased to provide this section-by-section analysis of the HIPAA Omnibus Rule. The chart lists provisions of the proposed privacy, security, and enforcement rules mandated by the Health Information Technology for… Continue Reading
Finally! HHS Office of Civil Rights Releases HIPAA Omnibus Rule With Sweeping Changes to Compliance Requirements and Enforcement
Posted in HIPAA/HITECH, Privacy RegulationBY DIANNE J. BOURQUE AND STEPHANIE D. WILLIS The final regulations1 from Department of Health and Human Services Office of Civil Rights (OCR) containing modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (Omnibus Rule) have finally been released, but the hard work of interpreting them has just begun for covered entities, business associates, and downstream entities… Continue Reading
HITECH Omnibus Rule Basics
Posted in HIPAA/HITECH, Privacy Regulation, SecurityAs we pore through the 562-page HITECH Omnibus Rule released by the Department of Health and Services late yesterday afternoon, here are some top line bullet points: Effective Date: Rule becomes effective on March 26, 2013. Covered entities and business associates must comply by September 23, 2013. Business Associates are now front and center – During… Continue Reading
Breaking News – HITECH Omnibus Rule Published
Posted in HIPAA/HITECH, Privacy RegulationAfter months of waiting, we have just learned that the HITECH regulations — otherwise known as the Omnibus Rule — have been published. Our team has already started to dive in and we will be publishing detailed analyses both here and at our sister blog, Health Law & Policy Matters. Stay tuned for more -… Continue Reading
Data Privacy Day Event – Brown University
Posted in Data Compliance & Security, Privacy Regulation, SecurityIn the run-up to International Data Privacy Day on January 28th, we’ll be posting information on events that may be of interest. Our friends at Brown University have sent this invitation: You are cordially invited to attend a free Information Security Group colloquium in celebration of National Data Privacy Day at Brown University on Monday January 28, 2013 from 1-4 PM. “Perspectives on… Continue Reading
Cybersecurity in the 113th Congress
Posted in Data Breach, Data Breach Notification, Legislation, Privacy Regulation, SecurityThe 113th Congress will bring new leadership to the House Homeland Security Committee and the Senate Homeland Security and Government Affairs Committees — all responsible for cybersecurity issues. President Obama is expected to release an Executive Order (based on the draft circulated in late November 2012) very soon, perhaps before the State of the Union… Continue Reading
Privacy-on-the-Go: Make sure that “killer app” has a privacy policy — UPDATE
Posted in Data Compliance & Security, Privacy RegulationWe posted this alert back in March, and now California Attorney General Kamala Harris has released a recommended set of privacy best practices for app developers and advertising networks entitled “Privacy on the Go: Recommendations for the Mobile Ecosystem.” Written after consulting a “broad spectrum of stakeholders,” including app developers, ad networks, privacy professionals and privacy… Continue Reading
The View from London: European Parliament Publishes Proposal for Revised Draft of EU Data Protection Regulation
Posted in European Union, Privacy RegulationWritten by Susan Foster The European Parliament recently published a report on the European Commission’s draft of a new EU Data Protection Regulation. The report, which includes the European Parliament’s proposal for a revised draft of the Regulation runs to an astounding 215 pages. The Parliament’s report is certain to fuel debate for months as… Continue Reading
#3 in our 2013 Issues Series: Privacy of Mobile Applications
Posted in Data Compliance & Security, Privacy Litigation, Privacy RegulationAs we continue our “new year, new look” series into important privacy issues for 2013, we boldly predict: Regulatory Scrutiny of Data Collection and Use Practices of Mobile Apps Will Increase in 2013 Mobile apps are becoming a ubiquitous part of the everyday technology experience. But, consumer apprehension over data collection and their personal privacy… Continue Reading
Second of a series: Privacy and Security Issues for 2013
Posted in Data Compliance & Security, Employee Privacy, Privacy RegulationOur series over the next 10 days will highlight the top issues, as we see them, in privacy and security for 2013. Yesterday, we looked at the increase in cybersecurity disclosure by public companies, triggered by the Securities and Exchange Commission’s Cybersecurity Guidance. Privacy 2013 – What to Expect in the Employment Arena Written… Continue Reading
Words of Warning: “No breach too small”
Posted in Data Breach, Privacy RegulationAs originally posted in Mintz Levin’s Health Law & Policy Matters blog Written by: Stephanie D. WillisThe Department of Health and Human Services, Office for Civil Rights (OCR) reached its first settlement for a breach involving data regarding less than 500 individuals. Under the December 2012 settlement, the Hospice of North Idaho (HONI) will pay OCR a $50,000 penalty to resolve allegations that… Continue Reading
First of a series (updated): Issues for 2013
Posted in Class Action Litigation, Data Breach, Data Breach Notification, Data Compliance & SecurityHappy New Year! We are beginning this week with a series of top Privacy and Security issues for 2013, as we see them. Let’s start with an issue of interest to publicly traded companies, or companies considering going public in 2013 – a reminder that cybersecurity issues are of interest to the Securities… Continue Reading
