Breach, information security
Massachusetts Continues Aggressive Information Security Enforcement Agenda
By Mark Paulding on July 25, 2014
Survey: Medical ID Theft Now Fastest Growing Fraud
By InfoLawGroup LLP on October 14, 2013
Adherence Communications, Boris Segalis, data protection, Do Not Call Regulations, healthcare, HHS, HIPAA, HITECH, InfoLawGroup, OCR, PHR Portals, privacy, privacy enforcement, privacy rule, security rule
New HIPAA/HITECH Rules Implementation Roadmap: Countdown Begins to September 23, 2013 Compliance Deadline
By InfoLawGroup LLP on March 31, 2013
health information, healthcare, HIPAA, HITECH, medical data, PHI, protected health information
HHS Release Final Omnibus Rule Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
By InfoLawGroup LLP on January 18, 2013
Ponemon Study on Patient Privacy Highlights Security Failings
By InfoLawGroup LLP on December 06, 2012
Boris Segalis, FCRA, Federal Trade Commission, fines and penalties, FINRA, FTC, FTC consent, FTC Federal Trade Commission HIPAA HITECH FCRA GLB InfoLawGroup Information L..., GLB, HHS, HIPAA, InfoLawGroup, information law group, privacy enforcement, privacy rule, Section 5
February Brings a Privacy Enforcement Storm: HHS, FTC and FINRA Act
By InfoLawGroup LLP on February 22, 2011
This month, federal agencies and FINRA have announced significant privacy enforcement actions that have resulted in millions of dollars in fines. The U.S. Department of Health and Human Services (HHS) imposed a $4.3M fine on a health plan for violations of the HIPAA Privacy Rule; the Federal Trade Commission (FTC) settled with several resellers of consumer reports allegations that the resellers failed to adequately safeguard consumer information; and FINRA imposed a $600K fine on two securities firms for failure to safeguard access to customer records. Here are the details:
Act, breach notification, CUTPA, data, HITECH, HIPAA
Health Net Agrees to $250,000 Fine and "Corrective Action Plan" to Settle Loss of PHI
By InfoLawGroup LLP on July 21, 2010
baa, business associate, enforcement rule, fundraising, HHS, HIPAA, marketing, modifications, notice of privacy practices, npp, NPRM, privacy rule, protected health information, research, restrictions, sale, security rule, subcontractors
FAQ on the Proposed Modifications to the HIPAA Rules: Part Two
By InfoLawGroup LLP on July 15, 2010
This post is Part Two of my FAQ on the proposed modifications to the HIPAA Rules issued by HHS last week. Part Two focuses on the proposed modifications to the Privacy Rule.
baa, business associate, enforcement rule, HHS, HIPAA, modifications, NPRM, privacy rule, protected health information, security rule, subcontractors
FAQ on the Proposed Modifications to the HIPAA Rules: Part One
By InfoLawGroup LLP on July 12, 2010
As reported last week, on Thursday the Department of Health and Human Services ("HHS") issued its long-anticipated Notice of Proposed Rulemaking ("NPRM") on Modifications to the Health Insurance Portability and Accountability Act ("HIPAA") Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health Act (the "HITECH" Act). For those of us who subscribe to numerous technology and law listservs, this meant emailboxes flooded with opinions, criticism, speculation, and flat-out fear mongering. We thought people might like to know what the proposed modifications actually say, and what they mean. So, this post provides Part One of a FAQ on the 234 page NPRM. This post, Part One, addresses general issues (including significant changes involving subcontractors) and proposed modifications to the HIPAA Security and Enforcement Rules. Part Two, later this week, will address the proposed modifications to the HIPAA Privacy Rule.
health information, HHS, HIPAA, HITECH, privacy, Regulation, Security
InfoLaw Alert: HHS Issues Proposed Mofications to HIPAA Security and Privacy Rules
By InfoLawGroup LLP on July 08, 2010
business associate, covered entity, delay, exceptions, financial, reputational, or other harm, HIPAA, HITECH HIPAA breach notification covered entity business associate significan..., law enforcement, or other harm exceptions law enforcement delay risk assessment, reputational, risk assessment, significant risk
The New Health Care Breach Notification Landscape -- HHS Rules
By InfoLawGroup LLP on October 05, 2009
On February 17, 2009, Congress signed into law the Health Information Technology for Economic and Clinical Health or "HITECH" Act ("HITECH" or the "Act") as part of the American Recovery and Reinvestment Act. The HITECH Act requires entities covered by the Health Insurance Portability and Accountability Act ("HIPAA") to provide notification to affected individuals and to the Secretary of Health and Human Services ("HHS") following the discovery of a breach of unsecured protected health information. HITECH also requires business associates of HIPAA-covered entities to notify the covered entity in the event of the breach. The Act required HHS to issue interim final regulations with respect to the new breach notification requirements. On August 24, 2009, the HHS interim final regulations were published in the Federal Register.