The Senate Commerce Committee held a hearing “Examining Safeguards for Consumer Data Privacy” on September 26, which included testimony from tech industry executives.
Senator John Thune’s opening statement noted that with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have put the issue of consumer data privacy squarely on the Congress’s doorstep. “The question is no longer whether we need a federal law to protect consumers’ privacy,” he said. “The question is what shape that law should take.”
Continue reading “The Devil is in the Definitions for Federal Consumer Data Privacy Safeguards”
The Department of Health and Human Services, Office for Civil Rights (OCR) announced three separate settlements with Boston Medical Center (BMC), Brigham and Women’s Hospital (BWH), and Massachusetts General Hospital (MGH), respectively, over potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule totaling $999,000. According to the settlements, the potential violations were the result of the alleged disclosure of patient protected health information (PHI) to ABC News employees during the production and filming of the docuseries called “Save My Life: Boston Trauma,” at each hospital.
Continue reading “Three Separate OCR Settlements Resulting from Hospital Failures to Obtain Patient Authorization for Use of Protected Health Information Before Filming Television Docuseries”
Policy holders alleging that computer fraud provisions of their insurance policies extended to fraud that stemmed from an intercepted email and a spoofing attack notched wins before two separate appellate courts recently. The first involves Travelers Casualty and Surety of America and American Tooling Center Inc., and the second involves Chubb Ltd. and Medidata Solutions Inc.
Continue reading “Sixth and Second Circuits Rule In Favor of Insurance Policy Holders in Computer Fraud Provisions Cases”
The Internet Association (IA), a group of 40 major internet and technology firms, called for the establishment of a national privacy framework anchored by six privacy principles on Wednesday. In its press release announcing the principles, the IA indicated its support for the American approach to federal privacy legislation that is “consistent nationwide, proportional, flexible, and encourages companies to act as good stewards of the personal information provided to them by individuals.”
Continue reading “Enough of the Patchwork: Tech Industry Group Calls for a National Privacy Framework”
Expanded use of Electronic Health Records (EHRs) is an integral component of the ongoing modernization of the U.S. health care system through digitalization. Among the anticipated advantages of using EHRs are improvements in patient care (e.g., through faster access to relevant information and consequently improved care coordination), increased patient engagement, as well as reduction of medical errors and cost savings. On the other hand, implementing EHRs in a sustainable and legally compliant way requires upfront investment in hardware, software, training, workflow restructuring, as well as management of risks unique to electronic records, such as vulnerability to malicious interference. When EHRs are combined with mobile platforms, the cybersecurity risks multiply. Addressing this latest challenge can be daunting, both for medical practices and EHR product providers.
Continue reading “Security Recommendations for Mobile Health Apps”
The UK Information Commissioner’s Office (ICO) announced that it has fined a direct marketing company, Everything DM Ltd. (EDML) £ 60,000 ($77,421) for failing to take reasonable steps to ensure that unsolicited marketing emails sent on behalf of its clients complied with privacy laws applicable to electronic communications.
Continue reading “UK Information Commissioner’s Office Fines Direct Marketing Company for PECR Violation”