Archives: Breach Notification

Subscribe to Breach Notification RSS Feed

OCR Settles Potential HIPAA Violations with County Government for $215,000

By Kimberly M. Wong on Posted in Breach Notification, Data Breaches, Enforcement, HIPAA/HITECH, Medical Privacy
Co-Authored by Charles K. Shih. To start 2014, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its first resolution agreement of the year and its first settlement with a county government – signaling that even local and county governments, regardless of size, must safeguard the privacy and security of patient … Continue Reading

North Dakota Breach Notification Law – Personal Information Includes Health Information

By Kimberly M. Wong on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, HIPAA/HITECH, Medical Privacy, State Legislation
North Dakota has amended its Notice of Security Breach for Personal Information statute, North Dakota Century Code Section 51-30 et seq., to expand the definition of  “personal information” to include “medical information” and health insurance information.”  Pursuant to the amended statute, “medical information” includes any information regarding an individual’s medical history, mental or physical condition, … Continue Reading

Vermont and North Dakota Amend Breach-Notice Laws

By Michael Young on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Financial Privacy, HIPAA/HITECH, Medical Privacy
On May 13, 2013, Vermont Governor Peter Shumlin signed H.513 into law. The new law includes an amendment to Vermont’s Security Breach Notice Act, 9 V.S.A. § 2435. Previously, under § 2435, Vermont-regulated financial institutions were exempt from notifying any Vermont authority in case of a security breach involving personally identifiable data. The new law … Continue Reading

What Covered Entities and Business Associates Need to Do to Prepare for the New HIPAA/HITECH Requirements (Part II)

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Enforcement, HIPAA/HITECH, Medical Privacy
There has been a lot of discussion about the impact of Final Omnibus Rule modifying the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules as well as the breach notification rules of the Health Information Technology for Economic and Clinical Health Act (HITECH).  In Part I, we discussed what HIPAA … Continue Reading

What Covered Entities and Business Associates Need to Do to Prepare for the New HIPAA/HITECH Requirements (Part I)

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Enforcement, HIPAA/HITECH, Medical Privacy
The Department of Health and Human Services (HHS) issued, on January 17, 2013, its Final Omnibus Rule modifying the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules as well as the breach notification rules of the Health Information Technology for Economic and Clinical Health Act (“HITECH”).  Our initial discussion can … Continue Reading

The HIPAA/HITECH Final Rule Has Been Released

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Enforcement, Federal Legislation, HIPAA/HITECH, Identity Theft, Medical Privacy
The long awaited HIPAA/HITECH Final Rule is out.  The final rule is effective March 26, 2013, but covered entities (CEs) and business associates (BAs) will have 180 days beyond the effective date to come into compliance. While we are still conducting a comprehensive review of this 563-page document, below are a few of the changes we have found so far: … Continue Reading

Connecticut to Require Notice to Attorney General Following a Breach

By Kimberly M. Wong on Posted in Breach Notification, Data Breach Notification Laws, Enforcement
Connecticut has been in the forefront in protecting the personal information of its residents.  In July 2010, in the first action by a state attorney general for violations of HIPAA since HITECH authorized state attorneys general to enforce HIPAA, a settlement was reached between HealthNet and the state of Connecticut – stemming from a May … Continue Reading

France’s New Breach Notification Requirements

By Maryanne Stanganelli on Posted in Breach Notification, Data Breach Notification Laws, International Privacy Law
On May 28, 2012, the French data protection regulator (CNIL) released new guidance on breach notification laws.  The guidance regards a 2011 ordinance that recently came into force on April 1.  Among other things, the ordinance amends existing French data protection law (Law on Information Technology and Liberties (78-17 of 1978)) to reflect the EU … Continue Reading

Significant Changes to Vermont’s Data Protection and Notification Law

By Kimberly M. Wong on Posted in Breach Notification, Data Breach Notification Laws
On May 8, 2012, the Vermont General Assembly approved changes to the state’s consumer protection law (Act 109, in effect on passage 5/8/12).  The changes include substantial revisions to Vermont’s data protection and notification law.  A summary of the changes are provided below.  The term “personally identifiable information” (“PII”) has been adopted.  “Security breach” is … Continue Reading

Privacy and Data Breach Regulatory Activity–A Year in Review

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Enforcement, HIPAA/HITECH, Identity Theft, Information Security, Medical Privacy, Online Privacy, Payment Card Industry
While plaintiffs continue to face an uphill battle proving damages in privacy litigation – regulatory actions and investigations seem to be increasing.  During 2011, we saw activity from many government agencies—both state and federal—including the Federal Trade Commission (FTC), Department of Education (DOE), Department of Health and Human Services (HHS) Office for Civil Rights (OCR), … Continue Reading

Data Breach Response: A Year in Review

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches
In 2011, we saw some of the most significant data breaches in U.S. history.  There are a plethora of causes—ranging from hackers to employee error to criminals using sophisticated malware.  Notification letters are being sent so frequently, consumers are almost becoming immune to the daily announcements that personal information has been breached.  Still, corporations facing data … Continue Reading

Baker Hostetler Data Breach Emergency Response Team Launches Data Breach Hotline

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches
After you learn of a potential data breach, the clock is ticking and potential liabilities are mounting. Quickly identifying the right team to guide your company through the complexities of the response is paramount. Baker Hostetler’s Privacy, Security & Social Media Emergency Response Team has launched a dedicated hotline so it can be reached at … Continue Reading

The A to Z of Healthcare Data Breaches

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, HIPAA/HITECH, Medical Privacy
I recently presented on the topic of Healthcare Data Breaches–A to Z at the annual American Society for Healthcare Risk Management (ASHRM) conference in Phoenix.  Attendees at any conference are always looking for practical takeaways to share with their colleagues and to help guide them even before a crisis event occurs.  During my presentation, with … Continue Reading

California Strengthens Breach Notification Requirements

Photo of Lynn SessionsBy Lynn Sessions on Posted in Breach Notification
This week California Governor Jerry Brown signed into law a new California data breach statute that strengthens notification requirements for residents of California. California currently has some of the most prolific and detailed consumer protection oriented laws impacting privacy and breach protection in the country. The current law requires that any entity that owns or … Continue Reading

HIPAA Audits ARRA Coming! Is your PHI Secure?

Photo of John MulhollanBy John Mulhollan on Posted in Breach Notification, Data Breach Notification Laws, HIPAA/HITECH, Medical Privacy
In the growing world of RAC audits, Voluntary Disclosure Protocols, IRS Form 990 disclosures, “Never Events” and HIPAA breach notifications, there is a new kid on the block in the area of federal audit and oversight for health care providers, health plans and their business associates under the health information privacy and security provisions of … Continue Reading

Sony & Epsilon Support National Data Breach Notice Law in Testimony Before House Subcommittee

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Breach Notification, Data Breach Notification Laws, Federal Legislation
On June 2, 2011, representatives from Sony Network Entertainment International and Epsilon Data Management, LLC appeared before a House panel to answer questions regarding their responses to recent security breaches.  The hearing of the House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade was called by Subcommittee Chairwoman Mary Bono Mack (R-Calif.) as part … Continue Reading

Three National Data Breach Notification Legislative Proposals Issued

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Breach Notification, Data Breach Notification Laws, Federal Legislation
So far this month, three legislative proposals containing a national data breach notification requirement have been issued.  On May 4, Rep. Bobby L. Rush (D-Ill.) reintroduced the Data Accountability and Trust Act.  On May 11, Rep. Cliff Stearns (R-Fla.) introduced the Data Accountability and Trust Act (DATA) of 2011.  One day later, the White House … Continue Reading

Noteworthy Data Privacy and Information Security Events in 2010

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Behavioral Advertising, Breach Notification, Data Breach Notification Laws, Enforcement, Federal Legislation, Financial Privacy, HIPAA/HITECH, Information Security, Medical Privacy, Online Privacy
The two events that drew the most attention in 2010, both of which occurred at year-end, were reports from the FTC and the Department of Commerce.  Below is a brief summary of those two reports and other issues drawing attention in the past year: (1) FTC Issues Long-Awaited Consumer Privacy Policy Report On December 1, … Continue Reading
LexBlog