Tag Archives: compliance

Compliance and Cybersecurity Best Practices Rewarded with HIPAA Safe Harbor

Photo of Vimala DevassyPhoto of Sara GoldsteinPhoto of Kyle GregoryBy Vimala Devassy, Sara Goldstein and Kyle Gregory on Posted in Healthcare, HIPAA/HITECH
On January 5, 2021, H.R. 7898 was signed into law with little fanfare, thereby amending the Health Information Technology for Economic and Clinical Health Act.[1] As the healthcare industry continues to serve as one of the top targets for cybersecurity threat actors, the amendment creates a “HIPAA safe harbor” that should hopefully provide some much-needed relief to those … Continue Reading

ONC Announces Delay of Information Blocking Provisions

Photo of Vimala DevassyBy Vimala Devassy on Posted in Healthcare, HHS
The Department of Health and Human Services’ (HHS)’ Office of the National Coordinator (ONC) published an interim final rule today delaying several key compliance deadlines in the ONC 21st Century Cures Act final rule – including that of the information blocking provisions, which were slated to become effective on November 2, 2020 – until April 5, … Continue Reading

CCPA Expansion Proposed

Photo of Taylor A. BloomBy Alan L. Friel and Taylor A. Bloom on Posted in CCPA
On Monday, Feb. 25, California Attorney General Xavier Becerra, together with Sen. Hannah-Beth Jackson (D), announced Senate Bill 561 to amend the California Consumer Privacy Act (CCPA). Most significantly, SB 561 would effectively eliminate the AG’s responsibility to provide guidance to businesses on how to comply with the CCPA while simultaneously expanding the right of … Continue Reading

Insurance Data Security Model Law Picks Up Steam

Photo of Andreas KaltsounisPhoto of BakerHostetlerBy Andreas Kaltsounis and BakerHostetler on Posted in Cybersecurity, State Legislation
Three states recently enacted variations of the National Association of Insurance Commissioner’s (NAIC) Insurance Data Security Model Law (MDL-668), based on the landmark cybersecurity requirements issued by the New York Department of Financial Services (NYDFS) in March 2017. The NYDFS requirements apply to certain banking, insurance and financial service entities licensed in the state of … Continue Reading

“No Deal” Brexit May Bring Practical Problems for Privacy and Data Protection

By Laura E. Jehl, Kyle R. Fath and Jaime B. Petenko on Posted in EU-U.S. Privacy Shield Framework, International Privacy Law
With a “No Deal” Brexit seeming more likely than ever after the UK Parliament voted down a proposed deal in January 2019, concerns are rapidly multiplying about the effects of such a withdrawal from the EU for organizations doing business in the UK, and how those organizations will address numerous practical issues, privacy and data … Continue Reading

Public Forums on the California Consumer Privacy Act Continue in Los Angeles – Rulemaking to Follow

By Alan L. Friel and Niloufar Massachi on Posted in CCPA
The public forums on the California Consumer Privacy Act (CCPA), held by the California Attorney General (AG) and the Department of Justice, continued on Friday, Jan. 25, in Los Angeles, California. At the forum, speakers had a brief opportunity to provide their comments on the CCPA. Prior to opening up the floor to members of … Continue Reading

Physician Hospitalist Group Settles with OCR and Enters Into a Resolution Agreement for Failure to Have HIPAA Policies and Business Associate Agreement in Place

By Paulette Thomas on Posted in Data Breach Notification Laws, Data Breaches, HIPAA/HITECH, Medical Privacy
On Dec. 5, 2018, the Office for Civil Rights (OCR) of the U. S. Department of Health and Human Services (HHS) announced that Advanced Care Hospitalists PL (ACH) had entered into a $500,000 settlement and resolution agreement (RA) resulting from OCR’s investigation of ACH’s breach notification on April 11, 2014, and subsequent supplemental notification. On … Continue Reading

Clock Ticking, European Commission Launches GDPR Implementation Guidance Website

Photo of Melinda L. McLellanBy Melinda L. McLellan and Aaron Lancaster on Posted in Enforcement, International Privacy Law
With only four months remaining until the EU General Data Protection Regulation takes effect on May 25, 2018, the European Commission has launched a new website offering guidance on requirements and implementation targeted at an array of stakeholders including Member State governments, businesses, data subjects, and other entities whose operations or data processing activities will … Continue Reading

Proposed FFIEC Guidance on Financial Institution Social Media Use

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Financial Privacy, Social Media
The Federal Financial Institutions Examination Council (FFIEC) released for comment on January 17 its proposed Social Media: Consumer Compliance Risk Management Guidance.  There is a 60-day comment period.  The purpose of the guidance is to help banks, savings associations, credit unions, and non-bank entities supervised by the Consumer Financial Protection Bureau (CFPB) understand and address … Continue Reading

PCI DSS Compliance–“A Necessary and Worthwhile Investment”

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Payment Card Industry
Cisco released a white paper on January 12, 2011, which reported that results from its survey of 500 IT decision makers show that PCI DSS compliance is no longer viewed as overly expensive and burdensome.  Instead, the survey revealed “one overwhelming message: Organizations of all types view PCI compliance as a necessary and worthwhile investment.”  … Continue Reading
LexBlog