Reposted from Mintz Levin’s Health Law & Policy Matters blog The American Bar Association Health Law Section’s July 2014 eSource publication includes an article by Dianne Bourque, Kimberly Gold, and Stephanie Willis that provides examples of how risk assessments under the Breach Notification Rule have changed since the HIPAA Omnibus Rule went into effect in September 2013. The examples analyzed… Continue Reading
Tag Archives: Reporting of Data Breaches
Latest EU Proposal Will Force More Companies to Disclose Data Breaches
Posted in European UnionWritten by Susan Foster (LONDON) The European Commission recently published a draft “Cybersecurity Directive” which aims to increase the level of preparedness across the EU to deal with threats to network and information security. The Directive provides for information-sharing and cooperation between the governments of Member States of the EU to tackle cybersecurity threats. As… Continue Reading
First Ever State-initiated HIPAA Enforcement Action Settled
Posted in LegislationWritten by Dianne Bourque Connecticut Attorney General Richard Blumenthal has settled the first state-initiated HIPAA enforcement action. The settlement totals $250,000 in statutory damages and Health Net’s agreement to implement a variety of measures to improve the security of consumer health and personal information. Health Net also agreed to provide two years of credit monitoring… Continue Reading
Privacy and Security Bits and Bytes
Posted in Data BreachOn this last day of April, there are a couple of breaches and another clarion warning about copy machines – We have blogged on this issue here and here — and again, there is another warning about the treasure trove of information residing on the hard drive of your copy machine. A CBS Evening News… Continue Reading
Big Fines Coming in UK for Data Breaches
Posted in Data BreachBy Susan Foster, Mintz Levin London As of April 6, 2010, the UK’s Information Commissioner’s Office (ICO) can levy fines of up to £500,000 for breaches of the Data Protection Act 1998 that are: • serious in nature • deliberate or reckless, and • likely to cause substantial damage or distress to an individual. The… Continue Reading
Today’s compliance deadline – Enforcement of the HITECH/HIPAA data breach notification rule
Posted in Data BreachFebruary and March are just full of significant deadlines for privacy/security reporting and compliance. Today is the day that the Health & Human Services Office of Civil Rights begins to enforce the HITECH/HIPAA data breach notification rule. To “celebrate” the occasion, the agency publicly posted the first list of reported breaches affecting 500 or more… Continue Reading
Security Bits and Bytes
Posted in Data BreachA few items to wrap up/review privacy and security issues in 2009 and open up 2010: Gonzalez Pleads Guilty in December 2009 – but this piece from Retail Research Systems explains why retailers should not be sanguine about data security: Privacy Risks for 2010 RFID in 2010: The New Hampshire House of Representatives voted this… Continue Reading
Privacy and Security Bits and Bytes
Posted in Data BreachAfter a bit of a hiatus, our Friday afternoon feature is back: Do you know what your information is worth on the black market? It may just surprise you. Good piece on a new Symantec tool to let you do the calculations. See Information Security Resources – What Are You Worth On The Black Market?… Continue Reading