Category: U.S.

Oregon Amends Data Breach Notification and Information Security Laws

Posted on by Dissent

David Stauss of Ballard Spahr writes: In March, we reported that the Oregon legislature was considering amending its data breach notification and information security laws. That legislation has now passed the Oregon legislature and been signed into law by Oregon’s governor.  A copy of the new law is available here. The most notable changes are as follows: Amendments to Oregon’s Breach Notification…

Read more

South Dakota Enacts Breach Notification Law

Posted on by Dissent

Hunton & Williams write: As reported in BNA Privacy Law Watch, on March 21, 2018, South Dakota enacted the state’s first data breach notification law. The law will take effect on July 1, 2018, and includes several key provisions: Definitions of Personal Information and Protected Information. The law defines personal information as a person’s first name or…

Read more

Is OCR Moving the Goal Posts on Vendor Management?

Posted on by Dissent

Yesterday, I posted an item about a settlement between New Jersey and Virtua Medical Group after a 2016 data leak by their transcription vendor exposed approximately 1,600 patients’ information on the internet.  New Jersey took the position that this was a HIPAA violation and that the entity was responsible for what its vendor had done…

Read more

Virtua Medical Group Agrees to Pay Nearly $418,000, Tighten Data Security to Settle Allegations of Privacy Lapses Concerning Medical Treatment Files of Patients

Posted on by Dissent

There’s a follow-up to a breach previously reported on this site in 2016 in which a transcription vendor’s error resulted in the exposure of some Virtua Medical Group’s patients’ protected health information on the internet.  It appears that New Jersey has settled charges against VMG over the incident. Of note, the charges are that the VMG…

Read more