HHS to solicit comments on methodology for victims of HIPAA violations to receive percentage of civil penalties or settlements

In May, the Department of Health and Human Services published its Spring 2015 regulatory agenda, which outlines its upcoming rulemaking initiatives.  The agenda describes a number of Office of Civil Rights (OCR) rulemakings that are forthcoming, including OCR’s plan to release an advanced notice of proposed rulemaking that would solicit public comments on establishing a methodology under which an individual who is harmed by a Health Insurance Portability and Accountability Act (HIPAA) offense may receive a percentage of any Civil Money Penalty or monetary settlement collected by the government with respect to the offense.  This is a significant rulemaking, which was required under the Health Information Technology for Economic and Clinical Health Act (HITECH) and is expected to be released in December 2015.  The full regulatory agenda may be accessed here: http://www.reginfo.gov/public/do/eAgendaMain.

EmailShare

Identifying the Standards: DOJ, SEC and FTC Offer Guidance for Cybersecurity Preparedness

Although a frequent topic of discussion on Capitol Hill, no single standard for private-sector cybersecurity programs has yet to emerge. The National Institute of Standards and Technology (NIST) Cybersecurity Framework is often considered foremost among existing guidance, but several other agencies are also expressing views, including the following recent guidance from the Department of Justice (DOJ), the Securities and Exchange Commission (SEC) and the Federal Trade Commission (FTC). Significantly, both the DOJ and FTC tout the advantages of cooperating with law enforcement after a data breach by noting that such cooperation may lead to “regulatory” benefits.

Read More

EmailShare

Google Inc. v. Vidal-Hall: Opening the Doors to EU Data Protection Litigation?

The English Court of Appeal has recently issued a landmark judgment against Google which could open the door to data privacy litigation in the EU.

The case concerned the collection by Google of Safari users’ browser information, allegedly without their knowledge or consent. In its opinion, the Court of Appeal held that four individuals who used Safari browsers can bring a claim for breach of privacy and that the damages claimed can include distress – even in circumstances where there is no financial loss, as this had been the intention of the EU’s Data Protection Directive. To reach this result, the Court relied on EU legal authorities to override and displace limitations on recovery under the UK Data Protection Act.

Read More

EmailShare

ONC and OCR Release Updated Guide to Privacy and Security of Electronic Health Information

Recently, the Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR) published new guidance on the privacy and security of electronic health information (the “Guide”). Although the Guide was drafted primarily for the benefit of smaller healthcare providers, it provides useful information on privacy and security issues that is potentially valuable to providers of all sizes. The Guide, last published in 2011, provides updated information about compliance with Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs (“Meaningful Use Programs”) and the HIPAA Privacy, Security and Breach Notification Rules.

Read More

EmailShare

Connecticut AG creates new department focusing exclusively on privacy and data security

Connecticut Attorney General George Jepsen has announced the creation of a new Privacy and Data Security Department within the AG’s office. The Department will be tasked with handling all consumer privacy investigations and litigation, as well as educating the public and businesses about protecting sensitive data. Assistant Attorney General Matthew Fitzsimmons, who previously chaired a privacy and data security task force within the AG’s office, will head the new department and its dedicated team of lawyers. The AG has not received any additional funding for the Department.

Read More

EmailShare

Data Protection Legislative Hot Topic

Cyberthreat Sharing Bills Gain Momentum.  On March 12, the Senate Intelligence Committee approved the Cybersecurity Information Sharing Act of 2015 (“CISA”) to increase sharing of cybersecurity threat information by U.S. companies on a vote of 14-1. The legislation grants liability protections for companies that voluntarily share cybersecurity threat information with the government or industry partners. The measure should be scheduled for a vote on the Senate floor shortly.

Read More

EmailShare
EmailShare
XSLT Plugin by BMI Calculator