With all the wildly erroneous claims made by people about what is covered by HIPAA, here’s a great explainer by attorney Jeff Drummond on exactly what kinds of entities ARE covered by HIPAA (Spoiler alert: yes, your local bar CAN ask you your vaccination status without violating HIPAA because they are not covered by HIPAA)….
Category: Federal
Hackers to face 25 years in jail for cyber attacks on Australia’s national infrastructure
Zach Marzouk reports: Hackers could face up to 25 years in jail if found guilty of cyber offences against Australia’s critical infrastructure, under proposed changes introduced by the government today. The government tabled the Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022 in a bid to modernise criminal offences and procedures to respond to the threat of ransomware….
SEC’s breach notification proposal one step closer to a final vote
Tonya Riley reports: The Securities and Exchange Commission voted Wednesday 3-1 to approve a recommendation for tighter mandatory cybersecurity requirements for financial institutions. The proposed rule will now open to public comment before a final vote. “The proposed rules and amendments are designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisers…
Ethical hackers face tough sanction under Jamaican law
From the threats-to-ethical-hacking-and-a-free-press department, Edmond Campbell reports: Ethical hackers who find vulnerabilities on government or private websites in Jamaica could face a $3-million fine and three-year prison sentence if a provision in the Cybercrimes Act, 2015, remains and receives the nod from Parliament. That threat could penalise actors such as Zack Whittaker, the security editor at…
China Releases Draft Regulations on Network Data Security Management
Hunton Andrews Kurth writes: On November 14, 2021, the Cyberspace Administration of China (“CAC”) released for public comment its draft Regulations on Network Data Security Management (the “Draft Regulations”). The Draft Regulations are intended to implement portions of three existing laws – the Cybersecurity Law (“CSL”), the Data Security Law (“DSL”) and the Personal Information…
Revised Health Breach Notification Rule resources spell out companies’ legal obligations
Lesley Fair writes: Shoppers can find a plethora of apps, trackers, and sensors that hold or capture almost every conceivable form of personal health information. If your business or nonprofit offers products like that or provides certain services to entities that do – and you aren’t subject to HIPAA – you may be covered by…