The Coalition for Patient Privacy urges the Department of Health and Human Services to revise and repeal the interim final rule (IFR) establishing requirements for notification of breaches of unsecured protected health information. “We are dismayed and disappointed with the IFR, particularly with the inclusion of a ‘harm standard’. HHS went far beyond the intent…
Category: Legislation
AU: Banks send customers’ personal details overseas
Steve Lewis reports: Angry customers are urging the Federal Government to stop the big banks from sending their personal details to offshore processing centres. A national poll has found 83 per cent want the banks to seek written permission from their customers before sending confidential data to overseas. At least two of the major four…
House bill excludes some businesses from Red Flag Rules
The House of Representatives passed H.R. 3763, a bill that amends the Fair Credit Reporting Act to provide for an exclusion from Red Flag Guidelines for certain businesses. As passed by the House, the following would not be considered “creditors” under the new Red Flag Rules: a health care practice with 20 or fewer employees…
Consumer Watchdog Asks HHS to Repeal Rule Allowing Health Care Providers to Decide When Notification of Breached Electronic Medical Records is Necessary
Consumer Watchdog today called on the Health and Human Services Department to repeal a rule that allows health care providers and insurers to decide whether consumers must be notified when the security of their electronic confidential health information has been breached. In a letter to HHS Secretary Kathleen Sebelius the nonprofit, nonpartisan consumer advocacy group…
IE: Data breach consultation paper now out
TJ McIntyre writes on IT Law in Ireland: The Data Protection Review Group has now published a consultation paper (pdf) on reforming Irish law on notification of data breaches. Pages 33-38 on possible regulatory options are particularly useful, though the group is clearly hampered by the fact that any national reforms might soon be out…
Knowing or reckless misuse of personal data – introducing custodial sentences
From the UK Ministry of Justice: Reference Number : CP22/09 Status: Open Open date: 15 October 2009 Close date: 07 January 2010 A consultation on exercising the power to provide for custodial sanctions for those found guilty of knowingly or recklessly obtaining, disclosing, selling or procuring the disclosure of personal data without the consent of…