Privacy and Data Security Archives - Page 7 of 23

GDPR 6 Months After Implementation: Where are We Now?

by Amy C. Pimentel and Mark E. Schreiber | Nov 13, 2018 | Privacy and Data Security

The General Data Protection Regulation (GDPR) was the biggest story of 2018 in the field of global privacy and data protection. The GDPR became enforceable in European Union Member States on May 25, 2018, significantly expanding the territorial reach of EU data protection law and introducing numerous changes that affected the way organizations globally process the personal data of their EU customers, employees and suppliers. These important changes required action by companies and institutions around the world. In almost six months after the GDPR’s effective date, organizations are still working on compliance—and will be for years to come.

Critical provisions

The GDPR applies to organizations inside and outside the EU. Organizations “established” inside the EU, essentially meaning a business or unit located in the EU, must comply with the GDPR if they process personal data in the context of that establishment. The GDPR also applies to organizations outside the EU that offer goods or services to, or monitor the behavior of, individuals located in the EU.

The GDPR uses other terms not familiar to US businesses but which need to be understood. Both “data controllers” and “data processors” have obligations under the GDPR, and data subjects can bring actions directly against either or both of those parties. A data controller is an organization that has control over and determines how and why to process data. A data controller is often, but not always, the organization that has the direct relationship with the data subject (the individual about whom the data pertains). A data processor is an organization that processes personal data on behalf of a data controller, typically a vendor or service provider. The GDPR defines “processing” to mean any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means (e.g., collection, recording, storage, alteration, use, disclosure and structuring).

The GDPR also broadly defines “personal data” as any information directly or indirectly relating to an identified or identifiable natural person, such as a name, identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Organizations in the US are used to a narrower definition of personal data, which typically includes information that, if breached, would put an individual at risk of identity theft or fraud and require notice (e.g., Social Security numbers, driver’s license numbers, and financial account, credit and debit card numbers). (more…)

7 Tips to Avoid Compliance Missteps During Open Enrollment

by Jacob Mattinson and Megan Mardy | Nov 6, 2018 | Employee Benefits, Health and Welfare Plans, Privacy and Data Security

One of the busiest times of year for an employee benefits professional is open enrollment. It is a crucial and yet stressful time of year that typically results in numerous employee questions and complaints and is a time of year with high potential for both employer and employee mistakes. Despite the stress and potential for problems, open enrollment provides an opportunity for a company to set itself up for success for the following year.

The Employee Retirement Income Security Act (ERISA) does not require an annual opportunity for employees to change benefit plan elections. However, because of compliance issues that can spring from not offering a regular enrollment period, most companies choose to offer an “open enrollment” period, usually taking place in mid- to late fall for calendar-year health and welfare benefit plans.

Employee attention to employer communications during this period is often high, and attention to detail in participant communications behooves an employer during this period. Well-written and timely notices may be relied upon to satisfy many compliance obligations. Inaccurate or incomplete open enrollment materials, however, can create employee confusion and result in legal liability under the complex network of federal laws governing employer-sponsored benefit programs.

Read the full article here for a sampling of key issues to consider to help you avoid compliance missteps during this year’s open enrollment period.

Originally published in BenefitsPRO.com, October 2018.

Internal Revenue Service Outlines Critical Cybersecurity Safeguards to Protect Sensitive Data

by Alan D. Nesburg, PC and Stephen Pavlick | Oct 16, 2018 | Employee Benefits, Health and Welfare Plans, Privacy and Data Security, Retirement Plans

The Internal Revenue Service and the Security Summit partners recently issued a news release outlining the “Security Six,” a list of essential steps to protect stored employee information on networks and computers. Employee benefits professionals, including those who administer welfare and retirement plans for employees and beneficiaries, should review and implement the “Security Six” in order to protect sensitive data from cyberattacks.

Access the full article.

We would also like to thank law clerk Charnae Supplee for contributing to this article.

Podcast | Telemedicine – The New Standard of Care

by Dale C. Van Demark and Lisa Schmitz Mazur | Jul 5, 2018 | Employee Benefits, Health and Welfare Plans, Privacy and Data Security

In the newest episode of the Of Digital Interest podcast, McDermott Digital Health partners, Lisa Schmitz Mazur and Dale Van Demark, share their perspectives on these questions and the various barriers, risks and opportunities associated with the rise of telemedicine and other technological advancements in health care delivery.

Access this episode at www.mwe.com/mcdermottdigitalhealth or subscribe to the podcast on iTunes, Pocket Casts or SoundCloud.

Telehealth and the Changing Regulatory Landscape: Opportunities and Challenges in the Digital Health Ecosystem

by Lisa Schmitz Mazur | Apr 17, 2018 | Employee Benefits, Health and Welfare Plans, Privacy and Data Security

What if you didn’t have to take time out of your day to see a physician in person when you needed a prescription? What if a diagnosis could be delivered over video chat? What if your psychiatrist was available at the press of a button or swipe on your screen?

These options are fast becoming a reality, as telehealth (or telemedicine) continues to take hold in a health care system that is desperate for increased efficiency and higher quality outcomes. And while telehealth offers exciting new possibilities in terms of convenience and access for patients, it also poses new regulatory challenges for industry stakeholders still learning the new rules of the game in today’s digital health ecosystem.

The Chronic Care Act

One of the biggest drivers of change in the industry right now is the Chronic Care Act. Last month, as part of the House and Senate budget deal to fund the government through March 23, legislators included the Creating High-Quality Results and Outcomes Necessary to Improve Chronic (CHRONIC) Care Act of 2017, which will increase reimbursement for a lot of different telemedicine programs.

For example, if you went to a rural hospital and they didn’t have a stroke neurologist and you were having a stroke, you would have an ED doctor with no stroke specialty diagnosing you—not an ideal situation. With telemedicine, it’s now possible for rural doctors to consult with specialty doctors at renowned sites, which the government will fund thanks to the Chronic Care Act. (more…)

Benefits Emerging Leaders Working Group

by Jacob Mattinson | Mar 1, 2018 | Benefit Controversies, Employee Benefits, Employee Stock Ownership Plans (ESOPs), Employment, Executive Compensation, Fiduciary and Investment Issues, Health and Welfare Plans, Labor, Privacy and Data Security, Retirement Plans

McDermott’s Benefits Emerging Leaders Working Group provides benefit professionals with tools to better serve employees in an ever-changing and evolving benefits landscape.

Presentations will tackle the latest benefits hot topics and best practice solutions, supplemented with important networking opportunities aimed to connect tomorrow’s benefit leaders with a broad network of professionals.

Planned agenda topics include:

What’s Happening in Washington?
Lessons from an RFP
Lunch Discussion: Changing Behavior through Benefits Communication
Global Benefit Plans
Moderated Group Discussion (including Voluntary Benefits)

Register Now.

Digital Health Year in Review: 2017 Trends and Looking Ahead to 2018

by Jiayan Chen, Lisa Schmitz Mazur, Michael Ryan, Ryan Marcus, Scott Weinstein, Sarah T. Hogan, Vernessa T. Pollard, McDermott Will & Emery, Bernadette M. Broccolo, Dale C. Van Demark and Jennifer S. Geetter | Feb 8, 2018 | Health and Welfare Plans, Privacy and Data Security

Throughout 2017, the health care and life sciences industries experienced a widespread proliferation of digital health innovation that presents challenges to traditional notions of health care delivery and payment as well as product research, development and commercialization for both long-standing and new stakeholders. At the same time, lawmakers and regulators made meaningful progress toward modernizing the existing legal framework in a way that will both adequately protect patients and consumers and support and encourage continued innovation, but their efforts have not kept pace with what has become the light speed of innovation. As a result, some obstacles, misalignment and ambiguity remain.

We are pleased to bring you this review of key developments that shaped digital health in 2017, along with planning considerations and predictions for the digital health frontier in the year ahead.

A Net-Neutral Decision for Health Care? What Providers Can Expect in the Wake of Net Neutrality Repeal

by Lisa Schmitz Mazur and Ryan Marcus | Jan 16, 2018 | Employee Benefits, Health and Welfare Plans, Privacy and Data Security

As the Federal Communications Commission repeals the Open Internet Order—more commonly known as the net-neutrality rules—health care consumers and providers have been left wondering how this change will affect their ability to receive and deliver health care using digital health tools. In this On the Subject, we outline how changes in internet access will affect digital health and what the regulatory landscape will look like in the coming months and years.

UK Employment Alert | What to Expect in UK Employment Law in 2018: GDPR, Brexit Negotiations and More

by Anthony A. Bongiorno, Katie Clark and Paul McGrath | Jan 11, 2018 | Employment, Privacy and Data Security

Whilst 2017 was anticipated to be a fairly static year for UK employment law, that did not in fact prove to be the case, and there were various notable developments. To a large degree, 2018 is likely to be defined by the ongoing Brexit negotiations and the passage of the EU Withdrawal Bill, which will, amongst other things, lay the framework for the future movement of EU workers to the United Kingdom. Employers should, however, be aware of some additional key developments on the horizon.

To Scan or Not to Scan: Surge in Lawsuits under Illinois Biometrics Law

by Lynette Ryan Arce, Michael G. Morgan and Mark E. Schreiber | Jan 9, 2018 | Employment, Privacy and Data Security

The Illinois Biometric Information Privacy Act is having its moment. At least 32 class action lawsuits have been filed by Illinois residents in state court in the past two months challenging the collection, use and storage of biometric data by companies in the state. This may cause a reassessment of company strategies and development of new defenses in the use of advancing biometric technology.

BLOG EDITORS

STAY CONNECTED

TOPICS

ARCHIVES

RECENT POSTS