Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Monthly Archives: June 2012

HIPAA Audit Protocols Now Public

Posted in Data Compliance & Security, HIPAA/HITECH, Privacy Regulation

Written by:  Dianne Bourque and Stephanie Willis As promised by the Department of Health and Human Services’ Office of Civil Rights (OCR) and as reported here on June 11th, OCR has released its HIPAA privacy and security audit protocols.  The audit protocols are intended to cover the three main areas of HIPAA privacy and security enforcement: Privacy Rule requirements,… Continue Reading

FTC Sues Wyndham Hotels

Posted in Data Breach, Federal Trade Commission, Privacy Litigation

Written by Amy Malone The Federal Trade Commission (FTC) has announced that it has filed suit in U.S. District Court in Phoenix against Wyndham Worldwide Corporation and three of its subsidiaries.  The lawsuit cites “alleged data security failures that led to three data breaches at Wyndham hotels in less than two years.”   The breaches in question… Continue Reading

OMB Extends Review Period for HIPAA/HITECH Omnibus Rule

Posted in Uncategorized

Written by: Dianne Bourque and Stephanie Willis The Office of Management and Budget (OMB) announced on Friday, June 22, 2012, that it has extended the review period for the highly-anticipated omnibus rule intended to update key definitions and enforcement provisions relating to the implementation of  the Health Insurance Portability and Accountability Act (HIPAA).  As we noted in a previous post, the rule was originally… Continue Reading

HITECH: Business Associates Beware – New Rules, Audits and Enforcement on the Horizon!

Posted in Data Compliance & Security, HIPAA/HITECH

The upcoming HIPAA Omnibus Rule is poised to transform an already challenging privacy and security landscape for business associates or those who provide services to HIPAA “covered entities.” The HITECH Act has already imposed greater compliance responsibility on business associates and their subcontractors. The rules are set to change further and failure to comply can result in… Continue Reading

Revisions to Connecticut Data Breach Notification Law Pass in Budget Bill

Posted in Data Breach Notification, Privacy Regulation

We have been following proposed legislation to modify the Connecticut data breach notification law as it worked its way (unsuccessfully) through the 2012 General Session of the legislature.   To our surprise, it has, nonetheless, been passed as part of the state’s General Assembly’s Special Session —  included in the state’s Budget Bill as Section 130.   The text… Continue Reading

NLRB Continues to Speak Out on Social Media

Posted in Employee Privacy, Privacy Regulation

Recently, the National Labor Relations Board Acting General Counsel Lafe E. Solomon issued his third and latest report on social media cases, providing specific guidance on how to construct a lawful social media policy.  In the report, Solomon takes a narrow view of what types of policy provisions are acceptable and instructs, for example, that… Continue Reading

OCR Shares Preliminary HITECH Audit Results; What’s Next??

Posted in HIPAA/HITECH, Privacy Regulation

Written by Dianne J. Bourque Last week at the OCR/NIST conference, Building Assurance through HIPAA Security, Linda Sanches of the Office for Civil Rights provided an extensive update on the pilot HITECH audit program, including preliminary findings,  what regulated entities can expect next and suggestions for covered entities concerned about being audited.  Mintz Levin attended… Continue Reading

Spokeo Agrees to $800,000 FTC Settlement

Posted in Federal Trade Commission

Written by Adam Veness Spokeo, Inc. has agreed to pay the FTC $800,000 to settle the FTC’s claims alleging that Spokeo violated the Fair Credit Reporting Act (FCRA) and committed unfair or deceptive acts or practices under the FTC Act.  Spokeo is a data broker that collects personal information of millions of consumers and compiles… Continue Reading

Weekend Reading

Posted in Uncategorized

Here is some weekend reading for those looking at e-discovery issues.  Our colleagues, John Koss and Rebecca Diamond,  have published an article in Bloomberg BNA – Digital Discovery and e-Evidence delving into deleted text messages in the Deepwater Horizon controversy. Read In the Slick of It: Will BP Go Down With an Employee Who Purportedly… Continue Reading

HHS Office of Civil Rights Director Speaks

Posted in HIPAA/HITECH, Privacy Regulation

Our colleagues over at the Mintz Health Law & Policy Matters blog have been attending this week’s HIPAA Security Conference and have posted an update here. Two big takeaways — Office of Civil Rights (the agency that enforces the HIPAA privacy and security standards) Director Leon Rodriguez says that HIPAA compliance expectations are higher than ever… Continue Reading

LinkedIn Passwords Hacked – UPDATE

Posted in Data Breach

4:44 PM — LinkedIn has confirmed reports of hacking – http://blog.linkedin.com/2012/06/06/linkedin-member-passwords-compromised/   It’s time for a little password hygiene. ZDNet reports that a Russian organization claims to have downloaded over 6.4 million passwords from LinkedIn.  They also report that some 300,000 of them may have already been accessed.  LinkedIn has yet to confirm these details… Continue Reading

Updated Mintz Matrix

Posted in Data Breach, Data Breach Notification, Privacy Regulation

Welcome to June!   It’s time for an an updated version of our “Mintz Matrix” — the Mintz Levin matrix of state data security breach notification laws.  We update this matrix quarterly, or as developments dictate. The June, 2012 Mintz Matrix can be found  here – UPDATED Data Breach Matrix (6_2012) And, the updated version can… Continue Reading