Tag Archives: Final Rule

Privacy Policies Going Digital: The CFPB’s Final Rule Ditches Requirement to Distribute Annual Paper Copies

By William W. Hellmuth on Posted in Online Privacy
On October 20, 2014, the Consumer Financial Protection Bureau (“CFPB”) announced that it had finalized a rule that alters the way that financial institutions provide privacy policies to their customers. Under the Gramm-Leach-Bliley Act of 1999 (“GLBA”), financial institutions are required under Regulation P to provide their customers with initial and annual notices regarding their … Continue Reading

New DoD Rule Promotes Voluntary Sharing of Cyber-Security Threat Information Between DoD and Defense Contractors

Photo of Gerald J. FergusonBy Gerald J. Ferguson on Posted in Cybersecurity
Co-authored by: Alan Pate On October 22, 2013, the Department of Defense (DoD) published its Final Rule establishing a program for promoting voluntary sharing of cyber threat information between the DoD and government contractors. The DoD intends this information sharing program to “enhance and supplement” participating defense contractors’ capabilities to safeguard DoD information.  Unlike failed … Continue Reading

OCR Releases Model Notices of Privacy Practices

By Kimberly M. Wong on Posted in HIPAA/HITECH, Medical Privacy
Under the Privacy Rule,  an individual has the right to adequate notice of how a covered entity may use and disclose PHI about the individual, as well as his/her rights and the covered entity’s obligations with respect to that information.   Thus, a covered entity must develop and provide to individuals with a Notice of Privacy … Continue Reading

Health Plan Settles HHS OCR Investigation Related to Photocopier Breach for $1.2m

By Kimberly M. Wong on Posted in Enforcement, HIPAA/HITECH, Medical Privacy
The Department of Health and Human Services Office for Civil Rights (HHS OCR) today announced its 4th resolution agreement of 2013.  Affinity Health Plan, Inc., a not-for-profit managed care plan serving the New York metropolitan area, has agreed to settle potential violations of the HIPAA Privacy and Security Rules for $1,215,780.  The resolution agreement relates … Continue Reading

What Covered Entities and Business Associates Need to Do to Prepare for the New HIPAA/HITECH Requirements (Part II)

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Enforcement, HIPAA/HITECH, Medical Privacy
There has been a lot of discussion about the impact of Final Omnibus Rule modifying the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules as well as the breach notification rules of the Health Information Technology for Economic and Clinical Health Act (HITECH).  In Part I, we discussed what HIPAA … Continue Reading

What Covered Entities and Business Associates Need to Do to Prepare for the New HIPAA/HITECH Requirements (Part I)

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Enforcement, HIPAA/HITECH, Medical Privacy
The Department of Health and Human Services (HHS) issued, on January 17, 2013, its Final Omnibus Rule modifying the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules as well as the breach notification rules of the Health Information Technology for Economic and Clinical Health Act (“HITECH”).  Our initial discussion can … Continue Reading

The HIPAA/HITECH Final Rule Has Been Released

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Enforcement, Federal Legislation, HIPAA/HITECH, Identity Theft, Medical Privacy
The long awaited HIPAA/HITECH Final Rule is out.  The final rule is effective March 26, 2013, but covered entities (CEs) and business associates (BAs) will have 180 days beyond the effective date to come into compliance. While we are still conducting a comprehensive review of this 563-page document, below are a few of the changes we have found so far: … Continue Reading
LexBlog