Mary Mosquera reports: The Health & Human Services Department published draft guidance to help healthcare providers and payers figure out what is expected of them in doing a risk analysis of their protected patient health information. The security rule of the Health Insurance Portability and Accountability Act (HIPAA) requires that providers, payment plans and their…
Category: Legislation
New breach notification requirements in effect in Canada
From the Office of the Privacy Commissioner of Alberta: Amendments to the Personal Information Protection Act (PIPA) were proclaimed in force on May 1, 2010, and added a new requirement for organizations to notify the Information and Privacy Commissioner of incidents “involving the loss of or unauthorized access to or disclosure of personal information where…
Court Delays Red Flags Rule for AICPA Members
A district court has granted a delay in the enforcement of the Federal Trade Commission’s Red Flags Rule governing identity theft prevention for members of the American Institute of CPAs in public practice. The Red Flags Rule is part of the Fair and Accurate Credit Transactions Act, which Congress passed in 2003. The rule requires…
Debit card protection bill advances in New Jersey
The Associated Press reports: Consumers who use their debit cards to make purchases at New Jersey businesses could soon see new protections aimed at thwarting identity theft. The state Senate Commerce Committee recently endorsed a measure that would require merchants to truncate debit card account numbers and expiration dates on all sales receipts, including copies…
California Senate again OKs breach notification law update
Dan Kaplan reports: The California Senate has approved a bill that would update the state’s pioneering data breach notification law, the lawmaker who introduced the legislation announced Friday. The bill from Democratic Sen. Joe Simitian is a reintroduction of the same measure that he proposed last year, but which was ultimately vetoed by Gov. Arnold…
Last State Without a Breach Notice Law? Not Mississippi
Tanya Forsheit reports: Yesterday, Mississippi Governor Haley Barbour approved Mississippi’s first breach notification law, House Bill 583, leaving only four states without a notification law (Alabama, Kentucky, New Mexico, and South Dakota). Read more on InformationLawGroup. The law goes into effect July 1, 2011.