By Alden J. Bianchi, Dianne J. Bourque, Kimberly J. Gold, and Cynthia J. Larose As we have reported in this blog (here, here, here, here, and here), the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently released final regulations containing modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (Omnibus… Continue Reading
Tag Archives: Compliance
It’s Tax Time — Use Caution with those W-2 Forms
Posted in Data Breach, Data Breach Notification, Data Compliance & SecurityWe’ve had several questions lately regarding “mixups” with mailings of W-2 forms, and whether certain situations are really “data breaches.” Some Attorneys General are taking the position that the employer is responsible for providing notice to affected individuals (employees and former employees) and providing the required AG notice letters in the event that tax forms containing personal information… Continue Reading
July 13 Data Security Workshop – FREE
Posted in Data BreachOn July 13, Mintz Levin will be joined by Sophos, Six Weight Consulting, and MFA Cornerstone Consulting to hold a free compliance workshop focused on both the gaps and overlap of Massachusetts’ data protection regulation 201 CMR 17.oo and the recent updates to federal health and medical data privacy found in the HITECH Act. We’ll… Continue Reading
Quick Compliance Survey
Posted in Data BreachNo, we’re not “taking names” here. This is just a 10-question survey to gauge some basic compliance metrics. Please participate! Click here to take survey
Massachusetts Data Security Compliance Workshop
Posted in Data Compliance & SecurityIn case your data security compliance plan is stuck in neutral, you have questions, or you haven’t started yet…there will be a free (!) breakfast hands-on workshop on Thursday in Tewksbury, MA. “Massachusetts Data Protection Law: Demystifying the Details” is being sponsored by the Merrimack Valley Venture Forum. The Merrimack Valley Venture Forum has assembled… Continue Reading
Top 3 questions relating to compliance with 201 CMR 17.00
Posted in Data Compliance & SecurityAt the beginning of the “countdown” to the March 1st effective date of 201 CMR 17.00, we offered some posts with “misapprehensions” and compliance suggestions (see 16 Days to March 1….. and Countdown to compliance with 201 CMR 17.00…..11 days). Here are some questions that have been reoccurring over the last few weeks: 1) What… Continue Reading
And, it’s Friday, February 26th……
Posted in Data Compliance & SecurityAnd that means today is the last business day before the new Massachusetts data security regulations go live– as Jim Cramer would say, “That’s 201 CMR 17.00 for all you home gamers.”
Remember the school-days admonition that something might end up on your “permanent record”?
Posted in Data Compliance & SecurityA Fordham Law School study found that state educational databases across the country have severely inadequate privacy protections for the nation’s school children. The study, prepared by the Center on Law and Information Policy, reports that at least 32% of states warehouse children’s social security numbers; at least 22% of states record student pregnancies; and… Continue Reading
Changes to the “Red Flag” Rules may be coming — and so is the November 1 compliance deadline
Posted in Data Compliance & SecurityBy an overwhelming vote of 400-0, the U.S. House yesterday approved legislation that will exempt certain businesses from the Federal Trade Commission’s Red Flag Rules. As we have reported, the Red Flag Rules require a broadly-defined class of “creditors” to implement identity theft prevention programs by November 1st. Under H.R. 3763, health care, accounting, and… Continue Reading
Massachusetts Data Security Standards vs. New HIPAA Guidelines
Posted in Data Compliance & SecurityHere’s a link to an article (by the author of this blog…) comparing the Massachusetts data security standards (effective January 1, 2010) to the Department of Health & Human Services Guidelines promulgated under the new HITECH Act (effective in mid-September). Compliance challenges are coming on all fronts — and it’s best not to duplicate… Continue Reading
Seminar today on compliance with Massachusetts Data Security Regulations
Posted in Data Compliance & SecurityTwitter feed from the event — http://twitter.com/ITcompliance