Privacy and Data Security Archives | Page 9 of 23

Protecting Against SEC Whistleblower Enforcement Actions: Employment and Severance Agreements

by Evan A. Belosa, Fredric D. Firestone, Jeremy White and Thomas P. Conaghan | Jan 5, 2017 | Employment, Privacy and Data Security

Large fines have recently been imposed against public companies due to using confidentiality provisions that violate whistleblower provisions under federal securities law. Many standard confidentiality clauses in employment agreements, severance agreements, release agreements, non-compete agreements and other employment related agreements will violate these whistleblower provisions. Recently, the Office of Compliance Inspections and Examinations at the US Securities and Exchange Commission announced that it is actively reviewing these agreements to determine if there are possible securities law violations.

This webinar will address the whistleblower provisions relevant to employment related agreements, the recent SEC enforcement actions, the compliance issues raised by typical confidentiality clauses and actions for employers to consider for existing and future employment related agreements.

On-demand presentation link available here.

MP4 downloadable link available here.

The Impact of the EU Data Protection Regulation

by Anthony A. Bongiorno, McDermott Will & Emery, Dr. Paul Melot de Beauregard and Maximilian Baur | Sep 15, 2016 | Privacy and Data Security

The EU General Data Protection Regulation 2016/679 (GDPR) was published in the Official Journal of the European Union on 4 May 2016 following the compromise agreed among the Council of the European Union and the European Parliament.

The GDPR will essentially affect any business coming into contact with European personal data.

Read the full article here to learn of the impact and next steps.

The Privacy Shield: September 30, 2016, Deadline for Early Self-Certification Offers Compliance Opportunity and Risk

by Anthony A. Bongiorno, Amy C. Pimentel and Michael G. Morgan | Sep 6, 2016 | Privacy and Data Security

The European Commission recently determined that the Privacy Shield Framework is adequate to legitimize data transfers under EU law, providing a replacement for the Safe Harbor program. The Privacy Shield is designed to provide organizations on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States. Organizations that apply for Privacy Shield self-certification by September 30, 2016, will be granted a nine-month grace period to conform their contracts with third-party processors to the Privacy Shield’s new onward transfer requirements.

Read the full article here.

Brexit Update: The Effect of Brexit on Data Transfers between the United Kingdom and the European Union

by Dr. Claus Färber | Sep 1, 2016 | Privacy and Data Security

With the United Kingdom having voted to leave the European Union (Brexit) on 23 June 2016, the free flow of personal data between the United Kingdom and EU and European Economic Area (EEA) countries is at risk. Should the United Kingdom also leave the EEA and thus become a “third country” for the purposes of data transfers, EU/EEA businesses that are currently retaining UK service providers or data centres to handle or store personal data, or are planning to do so, would have to carefully re-evaluate this decision.

Read the full article here.

HIPAA Privacy and Security Compliance for Group Health Plan Sponsors

by McDermott Will & Emery | Aug 18, 2016 | Health and Welfare Plans, Privacy and Data Security

Joanna Kerpen authored an article on final HIPAA rules for privacy enforcement and audit programs, particularly those with additional requirements aimed at group health plan sponsors. This report focuses on the final regulations issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), in January 2013, HIPAA enforcement and audit programs, HIPAA-related additional requirements of group health plan sponsors, and the actions that must be taken by group health plan sponsors to ensure compliance with the final regulations and requirements and to prepare for potential audits and enforcement actions.

“The final HIPAA regulations made many changes to the existing HIPAA privacy and security rules that are applicable to covered entities,” Ms. Kerpen wrote, and she urged plan sponsors to conduct a comprehensive review of their compliance plans to prepare for audits or enforcement action.

Read the full article here.

Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws

by Anthony A. Bongiorno and Michael G. Morgan | Aug 15, 2016 | Privacy and Data Security

On July 28, 2016, US Department of Health and Human Services (HHS) issued guidance (guidance) under the Health Insurance Portability and Accountability Act (HIPAA) on what covered entities and business associates can do to prevent and recover from ransomware attacks. Ransomware attacks can also trigger concerns under state data breach notification laws.

Ransomware is a type of malware (malicious software). It is deployed through devices and systems through spam, phishing messages, websites and email attachments, or it can be directly installed by an attacker who has hacked into a system. In many instances, when a user clicks on the malicious link or opens the attachment, it infects the user’s data. Ransomware attempts to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware. After the user’s data is encrypted, the ransomware attacker directs the user to pay a ransom in order to receive a decryption key. However, the attacker may also deploy ransomware that destroys or impermissibly transfers information from an information system to a remote location controlled by the attacker. Paying the ransom may result in the attacker providing the key necessary needed to decrypt the information, but it is not guaranteed. In 2016, at least four hospitals have reported attacks by ransomware, but additional attacks are believed to go unreported.

Read the full article here to learn about the indications of a ransomware attack, what do in the event of a ransomware attack and what circumstances constitute a HIPAA breach.

Integration of Technology Into Health Care Delivery

by Dale C. Van Demark and Lisa Schmitz Mazur | Jul 19, 2016 | Health and Welfare Plans, Privacy and Data Security

The integration of technology into health care delivery is exploding throughout the health industry landscape. Commentators speculating on the implications of the information revolution’s penetration of the health care industry envision delivery models rivaling those imagined by celebrated science fiction authors, and claim that the integration of information technology into even the most basic health care delivery functions can reduce cost, increase access, improve quality and, in some instances, fundamentally change the way health care is delivered.

These visions are difficult to refute in the abstract; the technology exists or is being developed to achieve what just a few years ago seemed the idle speculation of futurists. But delivering this vision in an industry as regulated as health care is significantly harder than it may seem. While digital health models have existed for many years, the regulatory and reimbursement environment have stifled their evolution into fully integrated components of the health care delivery system.

(more…)

Developing and Implementing an Effective Telemedicine Informed Consent Form

by Lisa Schmitz Mazur | Jun 9, 2016 | Health and Welfare Plans, Privacy and Data Security

The search by consumers, payers and providers for more efficient, effective and convenient care delivery models has led to an explosion of technological innovation in the health care sector. This explosion has supported the increased use of telemedicine by providers to reach patients who were previously out of reach, and to provide more timely and cost-effective care.

With the use of telemedicine technologies comes a responsibility on the part of providers to educate and inform patients on the benefits, and more importantly, on the risks associated with receiving care via telemedicine. Like any other care setting, compliance with this responsibility serves the dual purpose of providing consumers with the information needed to make an informed decision about their care, but also mitigates the provider’s potential liability exposure from medical malpractice claims.

Read the full article.

Phase 2 HIPAA Audits Are Underway

by Anthony A. Bongiorno | May 5, 2016 | Health and Welfare Plans, Privacy and Data Security

The US Department of Health and Human Services Office for Civil Rights (OCR) will soon begin a second phase of audits for compliance with HIPAA privacy, security and breach notification standards as required by the HITECH Act. In this second phase, OCR will audit both covered entities and their business associates, unlike the pilot audits of 2011 and 2012, which focused on covered entities alone. This On the Subject details practical steps that covered entities, including employer-sponsored group health plans, and their business associates can take to prepare for a potential audit.

Read the full article.

Fiduciary Issues and Data Privacy: Is Your Plan Data Really Safe?

by Anthony A. Bongiorno and Andrew Liazos | Apr 7, 2016 | Privacy and Data Security

Despite the fact that Personally Identifiable Information (PII) definitions are continuously broadening with the addition of new data elements, and proposed federal legislation aims to reconcile state laws, security breach threats remain.

Review the full presentation here.

BLOG EDITORS

STAY CONNECTED

TOPICS

ARCHIVES

RECENT POSTS