Suchismita Pahi

Subscribe to all posts by Suchismita Pahi

FCC’s Final Privacy Rule – How Final Is It?

By Alan L. Friel and Suchismita Pahi on December 14, 2016 Posted in Cybersecurity

The Federal Communications Commission (FCC) adopted an order on Oct. 27, 2016, which started to go into effect this month, regarding privacy and data security obligations for broadband internet access service (BIAS) providers and other telecommunications carriers under its jurisdiction, which were expanded in 2015 by the Open Internet rules (Privacy rule). Buzz around the … Continue Reading

FCC Wades Back Into Data Privacy and Security for ISPs With Revised Privacy Proposal

By Alan L. Friel and Suchismita Pahi on October 20, 2016 Posted in Cybersecurity, Enforcement

Recently, Federal Communications Commission (FCC or Commission) Chairman Tom Wheeler circulated to the Commission a revised proposed order to regulate the data privacy and security practices of internet service providers (ISPs) (also known by the Commission as broadband internet access service (BIAS) providers). We previously wrote about the Commission’s initial proposal in this regard (available … Continue Reading

New York Department of Financial Services Proposes First Rule of Its Kind for Financial Institutions

By Kathryn Mellinger and Suchismita Pahi on October 6, 2016 Posted in Financial Privacy

In November, we reported on a proposal by the New York Department of Financial Services (NYDFS) for an extensive cybersecurity framework for its regulated financial institutions. Recently, Governor Cuomo announced a proposed rule requiring banks, insurance companies and other financial services institutions regulated by the NYDFS to establish and maintain a strong cybersecurity program. These … Continue Reading

Business Associates in the Crosshairs: Catholic Health Care Services Settles for $650,000 for Failure to Safeguard PHI

By Lynn Sessions and Suchismita Pahi on July 7, 2016 Posted in HIPAA/HITECH, Medical Privacy

Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) recently agreed to enter into a $650,000 resolution agreement and a two-year corrective action plan (CAP) with the Office for Civil Rights (OCR). CHCS provides management and information technology services as a business associate to six nursing homes. The OCR settlement follows a finding that … Continue Reading

Mobile Ad Co Settles with FTC Over Allegations of Deceptive Geolocation Tracking And Children’s Privacy Violations for $4 Million

By Alan L. Friel and Suchismita Pahi on June 29, 2016 Posted in Children’s Privacy

On June 22, 2016, mobile advertising company InMobi Private Ltd. settled Federal Trade Commission (“FTC” or “Commission”) claims of violations of Section 5 of the FTC Act, and the Children’s Online Privacy Protection Act and Rule (COPPA), for $4 million. The violations of COPPA supported the monetary penalty since, unlike Section 5, COPPA provides for … Continue Reading

Court of Appeals Upholds FCC’s Net Neutrality Rules and Regulatory Authority

By Suchismita Pahi and Alan L. Friel on June 15, 2016 Posted in Enforcement, Privacy Litigation

On June 14, 2016, the D.C. Court of Appeals ruled 2-1 in favor of the Federal Communication Commission’s (FCC) net neutrality rules, which the commission approved on February 26, 2015 (published March 12, 2015). This reclassified broadband internet access service (BIAS) as a telecommunications service under Title II of the Communications Act, affording the FCC … Continue Reading

OCR Clarifies “Reasonable, Cost-Based” Fee Calculations for Access to Medical Records

By Lynn Sessions and Suchismita Pahi on June 9, 2016 Posted in Medical Privacy

By couching its position in an individual’s right to access protected health information (PHI), beginning on January 7, 2016, the U.S. Department of Health & Human Services’ Office for Civil Rights (OCR) issued guidance to covered entities clarifying access to PHI set forth in the Health Insurance Portability and Accountability Act of 1996 (HIPAA). §45 … Continue Reading

New Cop on the Block – FCC’s Proposed Data Privacy and Security Rulemaking for Broadband Internet Access Providers

By Alan L. Friel and Suchismita Pahi on May 6, 2016 Posted in Cybersecurity

In 2015, the Federal Communications Commission (FCC or global Commission) issued its Open Internet Order, applying Section 222 of the federal Communications Act to broadband Internet access services (BIAS), and in doing so took jurisdiction over privacy and data security matters for Internet Service Providers (ISPs). In doing so, it declined requests by some advocacy … Continue Reading

Internet Service Providers Face New Regulatory Environment in the FCC’s Privacy and Security Proposal

By Alan L. Friel and Suchismita Pahi on May 6, 2016 Posted in Cybersecurity

On March 31, 2016, the Federal Communications Commission (FCC) issued a Notice of Proposed Rulemaking (NPRM) of privacy and security regulations for Internet service providers (ISPs). The NPRM, In The Matter of Protecting the Privacy of Customer of Broadband and Other Telecommunications Service, available here, is intended to apply privacy requirements of the federal Communications … Continue Reading

FTC And ASUS Reach Settlement Over Risk To Consumer Privacy In ASUS-Branded Routers

By Kathryn Mellinger and Suchismita Pahi on March 3, 2016 Posted in Online Privacy

To date, the U.S. Federal Trade Commission has brought over 60 enforcement actions regarding company data security practices, and 2016 is already no different. On February 23, 2016, the FTC and Taiwanese computer hardware manufacturer ASUSTeK Computer, Inc., settled the FTC’s charges that ASUS-branded wireless routers, which were manufactured for home use and allowed consumers … Continue Reading

Protecting Patient Data From Hacker Ransom Demands

By Suchismita Pahi on February 26, 2016 Posted in Medical Privacy

Forty bitcoins later (approximately $17,000), Hollywood Presbyterian Hospital can now access its electronic medical health records and return to treating its patients as scheduled. But as hackers develop new tools to access information, an increasing number of providers will be targeted and ransom demands will escalate, putting hospitals and patients at risk. Focusing on technical … Continue Reading

SAMHSA Proposes Updates to Substance Abuse Records Security and Confidentiality Regulation

By Suchismita Pahi on February 16, 2016 Posted in Medical Privacy

The U.S. Department of Health and Human Services’ (HHS) Substance Abuse and Mental Health Services Administration (SAMHSA) has released proposed changes to the Confidentiality of Alcohol and Drug Abuse Patient Records regulations (45 C.F.R. Part 2) for the first time since 1987. The proposed changes address challenges that 42 C.F.R. Part 2 programs have faced … Continue Reading

ALJ Upholds OCR’s $239,800 CMP for Healthcare Provider

By Lynn Sessions and Suchismita Pahi on February 15, 2016 Posted in Medical Privacy

On January 13, 2016, the Department of Health and Human Services’ Administrative Law Judge upheld the Office for Civil Rights’ (OCR’s) civil monetary penalty (CMP) against Lincare, Inc., d/b/a United Medical (Lincare), for $239,800 in an appeal of OCR’s Health Insurance Portability and Accountability Act (HIPAA) CMPs. Lincare is a home health company that provides … Continue Reading

EU’s Network and Information Security Directive: Regulating “operators of essential services” and “digital service providers”

By Suchismita Pahi and Kathryn Mellinger on December 22, 2015 Posted in Cybersecurity

The European Union continues to move forward with a proposed unified framework to strengthen network and information security systems across its member countries. On December 18, 2015, the Permanent Representatives Committee (Coreper) approved a provisional agreement reached on December 7, 2015, by the European Parliament and European Council on the Network and Information Security Directive … Continue Reading

Another Day, Another OCR Resolution Agreement – Numerous Repeated Breaches Lead to $3.5 Million Settlement

By Suchismita Pahi on December 2, 2015 Posted in HIPAA/HITECH, Medical Privacy

On the heels of the Lahey Hospital and Medical Center resolution agreement, OCR announced a resolution agreement with Triple-S Management Corporation and its subsidiaries, Triple-S Salud Inc. and Triple-C Inc. (collectively “Triple-S”). As part of the announcement, Office for Civil Rights (OCR) Director Jocelyn Samuels flagged two specific areas for covered entities to focus their … Continue Reading

New York Department of Financial Services Sets Forth Extensive Cybersecurity Regulatory Framework Proposal

By Suchismita Pahi and Kathryn Mellinger on December 1, 2015 Posted in Cybersecurity, Information Security, State Legislation

On November 9, 2015, the New York State Department of Financial Services (NYDFS) issued a letter to the members of the Financial and Banking Information Infrastructure Committee (FBIIC) detailing a new cybersecurity framework proposal for “covered entities,” or financial institutions regulated by NYDFS. The framework builds on data from NYDFS reports surveying cybersecurity programs from … Continue Reading

OIG Emphasizes Proactive Enforcement of Privacy Rule and Monitoring of Repeat Offenders

By Lynn Sessions and Suchismita Pahi on November 11, 2015 Posted in HIPAA/HITECH

The Office of Inspector General’s (OIG) recently released Privacy Standards report assessed the Office for Civil Rights’ (OCR) oversight of covered entities’ compliance with the Privacy Rule as well as the extent to which Medicare Part B providers are aware of HIPAA privacy standards. To that end, the OIG found that Part B providers fell … Continue Reading