Beyond FERPA: Safeguarding Student Data Is Key Obligation for Postsecondary Educational Institutions

Share

Most institutions of higher education are very familiar with the Family Educational Rights Protection Act (FERPA), which applies to all state and local, public and private educational institutions that receive federal funds through programs administered by the U.S. Department of Education (ED). Unless at least one of FERPA’s exceptions applies, institutions risk sanctions from ED – including the potential loss of all federal funding – if they disclose a student’s personally identifiable information (PII) from an education record without the student’s express prior written consent.  Beyond FERPA, higher education institutions have additional legal responsibilities to assiduously secure and protect student data from inadvertent disclosure, particularly financial information maintained by an institution regarding students or their families.

Continue reading “Beyond FERPA: Safeguarding Student Data Is Key Obligation for Postsecondary Educational Institutions”

OCR Responds to Rise in Health Care Cyberattacks

Share

After recent WannaCry ransomware and Petya/notPetya malware attacks exposed the data security vulnerabilities of health care organizations and pharmaceutical companies globally, the Department of Health and Human Services and Office for Civil Rights have rolled out resources to prevent future attacks. The OCR’s resources, such as its Quick-Response Checklist, infographic and informational newsletter, are meant to support health care organizations every step of the way, from planning and contingency plans to response and mitigation procedures.

We’ve outlined some of the key points in the OCR and HHS documents in this recent alert.

And the Winner is….. FTC Announces Winner of IoT Home Device Security Contest

Share

Earlier this year the FTC launched the IoT Home Inspector Challenge competition to challenge innovators to create a tool that will help protect consumers from security vulnerabilities in the software of home IoT devices.  Submissions were received in May and reviewed by a panel of five judges, including security experts from a range of private companies, universities and the government.  The FTC announced the winners on July 26, 2017.
Continue reading “And the Winner is….. FTC Announces Winner of IoT Home Device Security Contest”

Time to Focus on Cybersecurity in Health Care

Share

In the wake of the WannaCry global attack that impacted the U.K.’s National Health Service, the need to protect valuable health care data has never been more urgent. The U.S. government has begun to take steps in the right direction with the passing of executive orders on cybersecurity, the Cybersecurity Act of 2015, and the Government Accountability Office report on the Internet of Things.

Continue reading “Time to Focus on Cybersecurity in Health Care”

Disrupting the Health Care Cybersecurity Model (or Lack Thereof): Health Care Industry Cybersecurity Task Force Calls Out Regulatory Barriers

Share

In a previous blog post, our team evaluated the draft recommendations prepared by the Health Care Industry Cybersecurity Task Force in its “Report on Improving Cybersecurity in the Health Care Industry.”  

We recently examined three of the six major recommendations in the report and their potential impact on the existing health care regulatory environment. These include:

  • HHS and a Comprehensive Health Care Security Framework
  • Government and Private Incentives to Migrate Vulnerable Health Care Providers to More Secure Environments
  • Development of Fraud and Abuse Exemptions to Foster Collaboration and Permit Shared Resources

For more insight, read our detailed review of the health care security recommendations above.

An Early Review of the Trump Administration’s Health Care Cybersecurity Task Force Report

Share

Formed by the Cybersecurity Act of 2015, a task force established to share cybersecurity information between federal government and private industry representatives has released its “Report on Improving Cybersecurity in the Health Care Industry.” They presented six major action items for Congress, the Department of Health and Human Services, other government agencies and private industry.

The Report organized its recommendations under six Imperatives:

  • Define and streamline leadership, governance, and expectations for health care industry cybersecurity;
  • Increase the security and resilience of medical devices and health IT;
  • Develop the health care workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities;
  • Increase health care industry readiness through improved cybersecurity awareness and education;
  • Identify mechanisms to protect research and development efforts and intellectual property from attacks or exposure; and
  • Improve information sharing of industry threats, weaknesses, and mitigations.

In a recent alert, we evaluated the action items and draft recommendations prepared by the Task Force, = and discuss how the Trump administration will react to these new proposals.

Read our review of the Health Care Cybersecurity Task Force Report

©2022 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.