The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announces its thirteenth settlement of an enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative as an enforcement priority in 2019 to support individuals’ right to timely access their health records at a reasonable cost…
Category: Federal
Twitter Fine: a View into the Consistency Mechanism, and “Constructive Awareness” of Breaches
Mark Young, Shona O’Donovan and Paul Maynard of Covington & Burling writes about the recent news-making fine the DPC issued to Twitter. They write, in part: Process aside, the DPC’s decision contains some interesting points on when a controller is deemed to be “aware” of a personal data breach for the purpose of notifying a…
Federal Financial Agencies Propose Requirement for Computer Security Incident Notification
A press release from the FDIC on December 18: Federal financial regulatory agencies today announced a proposal that would require supervised banking organizations to promptly notify their primary federal regulator in the event of a computer security incident. In particular, alerts would be required for incidents that could result in a banking organization’s inability to…
Federal financial regulators propose computer-security incident notification for banks
Sindhu Ajay reports: The US Office of the Comptroller of the Currency, the Federal Reserve Board, and the Federal Deposit Insurance Corporation Friday proposed a new computer-security incident notification requirement for banking organizations and their bank service providers. The proposed rule would require a banking organization to provide its primary federal regulator a prompt notification of…
In wake of horrific Vastaamo breach, Finnish government tables laws to protect data from cyber criminals
Gerard O’Dwyer reports: The huge data security breach and cyber-ransom attack at Finland’s Vastaamo Psychotherapy Centre has provoked a swift response from the government, which is primed to introduce more rigid laws and measures to protect the country’s databases and sensitive information from cyber criminals. […] In a significant bolstering of Finland’s data security laws,…
OCR Releases Its 2016-2017 Audit Report on Health Care Industry Compliance with the HIPAA Rules
Today, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) released its 2016-2017 HIPAA Audits Industry Report that reviewed selected health care entities and business associates for compliance with certain provisions of the HIPAA Privacy, Security, and Breach Notification Rules. The Health Information Technology for Economic and Clinical…