Search Results for: privacy

The Legal 500 United States Names Reed Smith ‘Data Protection and Privacy: 2015 Firm of the Year’

Reed Smith’s Information Technology Privacy & Data Security Group has been doing phenomenal work for years, linking experienced cybersecurity and privacy professionals with veteran intellectual property litigators, information governance advisors, technology contracting specialists and others with a similar data-oriented perspective.  And now it has been recognized by The Legal 500 United States as its ‘Data Protection … Continue Reading

State Attorneys General Address Data Privacy and Security Issues

State attorneys general across the United States have taken recent action towards addressing data privacy and security issues. In Connecticut, the attorney general announced the establishment of a Privacy and Data Security Department to handle investigations and litigation relating to data privacy and security. This month’s National Association of Attorneys General (NAAG) Southern Region Meeting featured presentations on big data, cybersecurity, cloud computing and data breaches, and next month’s NAAG presidential initiative summit will address topics such as intellectual property theft, cloud computing and digital currency. Finally, Washington’s attorney general has proposed several amendments to expand the scope of that state’s data breach notification requirements.… Continue Reading

FTC Offers Privacy and Security Guidance for Medical Devices in ‘Internet of Things’ Report

On January 27, the Federal Trade Commission (FTC) issued a 71-page Staff Report on privacy and security issues with the Internet of Things (IoT) – the growing ability of everyday devices to monitor and communicate information through the Internet. The Staff Report – which follows up on the FTC’s public workshop over concerns with the IoT, as well as the FTC’s first enforcement action brought in September 2013 – is especially relevant in the life sciences industry, which may see potentially revolutionary advances as a result of the IoT.… Continue Reading

New Jersey Enacts Data Privacy Law for Health Insurance Carriers

New Jersey Governor Chris Christie has signed a law requiring health insurance carriers in that state to encrypt individuals’ personal information. This new law will be enforced in conjunction with the New Jersey Consumer Fraud Act (NJCFA), and failure to obey the law will be classified as a violation of the NJCFA, which could result in financial penalties for the carriers. The new legislation may also affect business associates through the contractual terms of business associate agreements.… Continue Reading

U.S. Senator Schumer Calls for Increased Regulation of Wearable Electronic Devices to Avoid Data Privacy Issues

Reed Smith’s Global Regulatory Enforcement Law Blog features a post on the recent phenomenon of wearable electronic devices and the legal issues that may arise from these gadgets. “Wearable Device Privacy – A Legislative Priority?,” written by Reed Smith attorneys Frederick Lah and Khurram Gore, discusses a recent press release issued by U.S. Senator Chuck Schumer of New York expressing concern that personal health data collected by wearable devices and fitness apps, including medical conditions, sleep patterns, calories burned, GPS locations, blood pressure, weight, and more, will be provided to third parties without the user knowing it. Schumer, citing this as a threat to personal privacy, has urged the Federal Trade Commission to mandate that device and app companies provide users with an explicit “opt-out,” allowing them to block the distribution of this information to any third parties.… Continue Reading

California AG’s Guidance on California Online Privacy Protection Act

The California Attorney General, Kamala D. Harris, has issued a long-awaited guide on how companies can comply with the California Online Privacy Protection Act (CalOPPA). CalOPPA applies to all companies which collect personally identifiable information from California residents online, regardless of whether that information is collected via a commercial website or a mobile application. This … Continue Reading

HHS Seeks to Reduce Gun Violence Via Modifications to the HIPAA Privacy Rule

After receiving more than 2,000 comments to its April 2013 Advance Notice of Proposed Rulemaking, the Department of Health & Human Services has proposed to amend the HIPAA Privacy Rule to expressly permit certain covered entities to report to the National Instant Criminal Background Check System (“NICS”) the identities of individuals who are prohibited by federal law, for mental health reasons, from possessing firearms (commonly referred to as the “mental health prohibitor”).

OCR has cited concerns that the existing HIPAA Privacy Rule may be preventing some state entities (which likely perform both HIPAA-covered and non-covered functions) from reporting to the NICS the identities of individuals subject to the mental health prohibitor. Therefore, HHS has proposed to add to the Privacy Rule new provisions at 45 CFR § 164.512(k)(7), which would permit certain covered entities to disclose the minimum necessary demographic and other information for NICS reporting purposes.… Continue Reading

HHS Considers Amending the HIPAA Privacy Rule to Encourage Reporting of Mental Health Information to the National Instant Criminal Background Check System

The Department of Health and Human Services (“HHS”) is seeking comments on a proposal to amend the HIPAA Privacy Rule to expressly permit covered entities to disclose certain mental health information to the National Instant Background Check System (NICS), the federal government’s background check system for the sale or transfer of firearms by licensed dealers. … Continue Reading

OCR Announces Expansion of its Health Information Privacy Enforcement Team

On February 27, 2013, the HHS Office for Civil Rights (“OCR”) announced the availability of several Health Information Privacy Specialist positions. This expansion of OCR’s health information privacy enforcement team signals that OCR’s increased enforcement activity during 2012 will continue in 2013. In 2012, OCR announced several enforcement actions resulting from a breach self-report required by HITECH’s Breach Notification Rule, including the $1.7 million settlement in June with the Alaska Department of Health and Social Services and the Massachusetts Eye and Ear Infirmary’s $1.5 million settlement in September. OCR’s 2012 enforcement actions, and OCR leadership comments subsequent to the release of the HITECH Final Rule, suggest that the agency’s focus will be on Security Rule compliance (specifically with regard to the whether a regulated entity has conducted a Security Rule Risk Assessment), the lack of overall HIPAA compliance that may lead to a breach (as opposed to the breach itself), and issues involving marketing or the sale of Protected Health Information. Covered entities and business associates should expect OCR enforcement, including audits, to continue to increase over the next year.… Continue Reading

LexBlog