Good Monday – The East Coast prepares for Apocalypse (Sn)ow. In the meantime, here are three privacy-related tidbits for your day. Privacy Concerns Cause Scale Back of Release of HealthCare.gov Data We spend a fair amount of time warning about third party vendors and the risk that such vendors can pose to sensitive data. … Continue Reading
Tag Archives: Encryption
Massachusetts High Court Permits Compelled Decryption of Seized Digital Evidence
Posted in Privacy LitigationWritten by Matthew D. Levitt Today, in Commonwealth v. Gelfgatt, No. SJC-11358 (Mass. June 25, 2014), a divided Massachusetts Supreme Judicial Court held that under certain circumstances, a court may compel a criminal defendant to provide the password to encrypted digital evidence seized by the government without violating either the Fifth Amendment or Article Twelve… Continue Reading
We have seen this movie before ….. and we all should know that it does not end well.
Posted in Data Breach, HIPAA/HITECH, Privacy RegulationThis was originally posted on Mintz Levin’s Health Law & Policy Matters blog: Written by: Kimberly J. Gold How much is the cost of doing nothing when it comes to encryption of sensitive data? In the case of electronic protected health information, about $2 million. Two companies have been hit with fines equaling a total of almost… Continue Reading
Data Breach at Gunpoint
Posted in Data Breach, Data Breach Notification, Identity TheftWritten by Amy Malone You might think that if you lock your backup tapes in a safe they are protected from a data breach, but Kmart’s recent data breach proves that’s not the case. Last month, a person held a Kmart employee in Little Rock, Arkansas at gun point and ordered him to open the… Continue Reading
Words of Warning: “No breach too small”
Posted in Data Breach, Privacy RegulationAs originally posted in Mintz Levin’s Health Law & Policy Matters blog Written by: Stephanie D. Willis The Department of Health and Human Services, Office for Civil Rights (OCR) reached its first settlement for a breach involving data regarding less than 500 individuals. Under the December 2012 settlement, the Hospice of North Idaho (HONI) will pay OCR a $50,000 penalty to resolve allegations that… Continue Reading
HIPAA Audits Begin; Huge Medical Data Theft from California Provider
Posted in Data Breach, Data Breach Notification, HIPAA/HITECHOur sister blog, Health Law & Policy Matters, includes a detailed discussion (warning?) relating to the commencement of HIPAA audits by the Office of Civil Rights. That post can be found here, and it and the embedded links should be required reading for anyone involved with protected health information. Yesterday, we learned of a major… Continue Reading
Encryption — Not Always the “Silver Bullet”
Posted in Data BreachRecently, a news bulletin in Health Data Management highlighted the point that many security experts are trying to make these days: Encryption is not always a “safe harbor.” Ranbow Hospice and Palliative Care in Park Ridge, Illinois had an encrypted laptop stolen, but nonetheless publicly reported the breach to affected patients, local media, and the Department of Health… Continue Reading
Big Fines Coming in UK for Data Breaches
Posted in Data BreachBy Susan Foster, Mintz Levin London As of April 6, 2010, the UK’s Information Commissioner’s Office (ICO) can levy fines of up to £500,000 for breaches of the Data Protection Act 1998 that are: • serious in nature • deliberate or reckless, and • likely to cause substantial damage or distress to an individual. The… Continue Reading
Changes to the Massachusetts Data Security Regulations: What do they really mean?
Posted in LegislationNow that the dust has settled after this week’s “Breaking News” regarding the proposed changes to the Massachusetts data security regulations, here is an analysis of what the changes actually mean to the business community. Some other interesting commentary is linked below: Evan Schuman – Storefront Backtalk
To Encrypt or Not To Encrypt…….An Incentive Rather than a Mandate From Michigan
Posted in Data BreachAdd Michigan to the list of states that are proposing that adoption of comprehensive data security safeguards will provide a safe harbor for data breaches. The Information Security Program Standards Act introduced last week differs a bit from Massachusetts and Nevada (and other pending legislation) in that it would not require the implementation of detailed… Continue Reading