Archives: US

Subscribe to US RSS Feed

States Increase HIPAA Enforcement

Overview of Recent Settlement Actions Recent Health Insurance Portability and Accountability Act (“HIPAA”) enforcement settlements for Virtual Medical Group (“VMG”) in New Jersey and EmblemHealth in New York may signal a broader trend of increased state HIPAA enforcement.  Under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act’s amendment to HIPAA, codified at … Continue Reading

Federal Financial Institutions Examination Council Cautions Companies Not to Over-Rely On Cyber Insurance in Lieu of Robust Security Controls

In a Joint Statement issued this week, the Federal Financial Institutions Examination Council (“FFIEC”) – which comprises the principals of the Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, and State Liaison Committee – cautioned the … Continue Reading

The CLOUD Act, Part 2

Our March 22, 2018 our readers were directed to a post published on our sister Anticorruption Blog which discussed the at the time proposed The CLOUD Act.  The act was signed into law as part of the Omnibus Spending Bill on March 23, 2018.  In Part 2 of her article, Ericka Johnson focuses on The … Continue Reading

Clarifying Lawful Overseas Use of Data – The Cloud Act

In Part 1 of an upcoming series of posts on our sister Anticorruption Blog, DC-based associate Ericka Johnson explores the recently proposed CLOUD Act and the increasing gap between technology and the law. Of special interest to our readers, The CLOUD Act updates standards for when governments may be able to obtain information stored outside … Continue Reading

Supreme Court Hears Arguments on Cloud Security

On February 27, 2018 the Supreme Court heard arguments surrounding the privacy of data stored abroad and the reach of U.S. search warrants to retrieve such data.  While the Supreme Court decides the merits of United States v. Microsoft, Congress will debate on overhauling the Stored Communications Act (“SCA”) to reflect technological advances that were … Continue Reading

Recent HHS Settlement Showcases that Alleged HIPAA Liability Attaches Even After a Business Closes its Doors

The HHS Office of Civil Rights announced earlier this month that a court appointed receiver for Illinois moving and storage company, Filefax, has entered into a resolution agreement and corrective action plan to settle alleged violations of the HIPAA Privacy and Security Rules.  The receiver for Filefax, which went out of business during OCR’s investigation, … Continue Reading

HHS Office for Civil Rights Issues Updated HIPAA and Research Guidance in Response to 21st Century Cures Act Mandate

Last month, the Department of Health and Human Services Office for Civil Rights (“OCR”) issued two helpful new HIPAA guidance documents regarding research uses and disclosures of PHI, fulfilling a mandate in the 21st Century Cures Act (Public Law 114-255) (the “Act”).  Although the documents merely reaffirm prior guidance in many places, the documents also … Continue Reading

Increased Recognition to Improve Cybersecurity in Healthcare Sector

There is an increasing recognition of the need to improve cybersecurity in the healthcare sector (particularly relating to medical devices).  For example, the Chairman of the House of Representatives’ Committee on Energy and Commerce recently asked HHS in a formal letter to “develop a plan of action for creating, deploying, and leveraging [bill of materials] … Continue Reading

While Ninth Circuit Finds No Additional Harm Required for Standing Under the VPPA, It Applies a Narrow Reading of What Constitutes PII Under the VPPA

In Eichenberger-v.-ESPN., Case No. 15-35499 (Nov. 29, 2017), the United States Court of Appeals for the Ninth Circuit affirmed the district court judgment holding that the serial numbers on a consumer’s video streaming device and the titles of the videos an individual watches do not constitute personally identifiable information (PII) under the Video Privacy Protection … Continue Reading

Independent Bank Class Action Alleges Specific Equifax Security Failures, Actual Harm and the Threat of Future Harm

In another lawsuit against Equifax, the Independent Community Bankers of America (ICBA), on behalf of thousands of community banks, seeks to hold Equifax accountable for the July 2017 data breach that potentially affected more than 145.5 million consumers. ICBA, along with Bank of Zachary and First State Bank, filed the class action last week in … Continue Reading

Privacy Shield: First Annual Review Report Published

On 18 October 2017, the European Commission (“Commission”) published its first annual report on the functioning of the US-EU Privacy Shield (“the Report”), the successor to the Safe Harbor framework after its invalidation in Schrems. The Report will be widely welcomed by businesses on both sides of the Atlantic as the Commission continues to back … Continue Reading

“Bug Bounty” Programs – US DOJ’s Guidance

These days, organizations (including the U.S. Air Force) have been turning to third parties to help hunt for security weaknesses (under “bug bounty” programs) in company software and applications. In July 2017, the Department of Justice released guidance for a structured program (entitled, A Framework for a Vulnerability Disclosure Program for Online Systems) designed to … Continue Reading
LexBlog