The FTC Wants to Regulate the Internet of Things, Including Your Car
The FTC recently filed a comment on the National Highway Traffic Safety Administration’s advance notice of proposed rulemaking related to vehicle-to-vehicle communications. The comment left no doubt...
View ArticleNew Rule Permits CMS to Revoke Medicare Billing Privileges for...
On December 5, 2014, the Centers for Medicare & Medicaid Services (CMS) issued a final rule titled “Requirements for Medicare Incentive Reward Program and Provider Enrollment” (“the Rule”). The...
View ArticleNLRB Disregards Security Concerns in Ruling That Employees Have a Right to...
Our colleages have analyzed a significant NLRB decision in Purple Communications Inc. that, in most circumstances, employees have a right to use employer email systems for non-business purposes during...
View ArticleBoth Sides Now: Cloud Security and Privacy Enter the Modern Era with ISO 27018
Until recently, many cloud users felt like Joni Mitchell in her classic song, “Both Sides Now.” No matter how you looked at clouds, you never really understood them, how they worked, or what happened...
View ArticleOne More New Year’s Resolution: Change Your Passwords Before Groundhog Day
The SplashData list of worst passwords of 2014 was just published, and it looks very similar to the list in 2013, 2012, 2011, etc......By: Colin J. Zick
View ArticleLife Sciences Alert FDA Issues Draft Guidance on General Wellness Products
On January 16, 2015, the Food and Drug Administration (FDA) issued a draft guidance document titled “General Wellness: Policy for Low Risk Devices.” The draft guidance carves out a category of...
View ArticleFDA Issues Draft Guidance on Medical Device Accessories
On January 16, 2015, the Food and Drug Administration (FDA) issued a draft guidance document titled “Medical Device Accessories: Defining Accessories and Classification Pathway for New Accessory...
View ArticleSEC Office of Compliance Inspections and Examinations Releases Cybersecurity...
Our colleagues Catherine M. Anderson and Kate Leonard of our Investment Management group have summarized the February 3, 2015 findings by the Office of Compliance Inspections and Examinations (OCIE) of...
View ArticleUpdate on President Obama’s “Summit on Cybersecurity and Consumer...
As a follow up to our summary of the key takeaways from the White House’s first Summit on Cybersecurity and Consumer Protection, the centerpiece of which was President Obama’s signing of a new...
View ArticleHIPAA Compliant Technology and the Importance of Encryption
We welcome this guest blog by Gene Fry, Compliance Officer, Scrypt, Inc. The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. This...
View ArticleNow's the Time to Review Your OFAC Compliance Program
Obama Executive Order Targets International Cyberattacks Against U.S. with New Sanctions - New Sanctions Are Part of U.S. Escalation of Efforts to Bolster Cyber-Security: As part of a series of...
View ArticleMassachusetts Legislation Proposes Cost Disclosures and Price Caps for...
The Massachusetts Legislature is currently considering Senate Bill 1048, “An Act to Promote Transparency and Cost Control of Pharmaceutical Drug Prices.” The bill, sponsored by State Senator Mark...
View ArticleSurprise Bills Laws Enacted in California and New York
What Do They Mean for Providers? - Both California and New York have recently enacted so-called “Surprise Bills Laws” that require out-of-network providers to give notice to patients that a particular...
View ArticleReflections on “Privacy in the Modern Age”
With the heart of the summer vacation season upon us, it seems like a good time for some reflection. Here, it comes in the form of excerpts from an essay by privacy maven, Deborah Hurley. The one time...
View ArticleWhat is reasonable? The emerging legalities of cybersecurity post-Wyndham
This month’s edition of the Advanced Cyber Security Center’s newletter includes my discussion of lessons to be learned from the Wyndham decision: Historically, security was an issue reserved in a back...
View ArticleThe European Court of Justice Invalidates Safe Harbor
The European Court of Justice has just issued a decision (ECJ 6 October 2015 Case C-362/14, Maximillian Schrems v. Data Protection Commissioner) that invalidates the so-called US-EU “Safe Harbor”...
View ArticleEU Gives US Until “The End of January” to Find Safe Harbor Solution or...
On October 16, 2015, EU authorities gave the U.S. and European Union until the end of January 2016 6o find a replacement for the former US-EU Safe Harbor regime, or enforcement actions could begin. The...
View ArticlePhishing for Christmas
As the Wall Street Journal noted yesterday, banks are being deluged with phishing attacks. These attacks are especially fierce around the holiday season, when more personnel are absent and normal...
View ArticleEU Safe Harbor Update: No Solution in January?
As we have noted previously, in the wake of the ECJ’s decision that undid the US-EU Safe Harbor, we were told that there would be no enforcement of the EU Directive until after January 31, to allow the...
View ArticleEU Commission and United States agree on new framework for transatlantic data...
What follows below is the EU’s press release regarding the agreement on a replacement for the EU-US Safe Harbor. We are working to get details and will schedule a webinar on the new framework...
View ArticleThe Cybersecurity Act of 2015: Implications for Threat Sharing
On December 18, 2015, President Obama signed the Cybersecurity Act of 2015 (The “Act”), legislation designed to combat online threats to the federal government, state and local governments, and private...
View ArticleFebruary 3, 2016 Statement of the Article 29 Working Party on the...
In response to the announcement of the EU-U.S. Privacy Shield, the Article 29 Working Party issued its own statement, the key elements of which are as follows......By: Colin J. Zick
View ArticleIn Cybersecurity, No Harm Does Not Necessarily Mean No Foul
How much does the question of harm matter in cybersecurity law? The answer is: It depends on who is bringing the claim. Businesses confronting data breaches can face litigation from private consumers...
View ArticlePresident Obama Signs the Judicial Redress Act (H.R.1428/S.1600)
As part of implementing the EU-US Privacy Shield, on February 24, 2016, President Obama signed the Judicial Redress Act (H.R.1428/S.1600). This law is designed to give EU citizens the right to sue the...
View ArticleChallenging the Conventional Wisdom on Mandatory Password Changes
Very interesting thought piece from the FTC’s Chief Technologist. Do mandatory password resets actually make us less secure?...By: Colin J. Zick
View ArticleHHS OCR Launches Phase 2 of HIPAA Audit Program–So What?
You have seen all the hysterical headlines — “The HIPAA audits are coming, the HIPAA audits are coming….” But when you really think about it, what is the big deal? If you are a HIPAA covered entity,...
View ArticleCybersecurity News and Notes – June 2016
In Case You Missed It: US and EU officials signed on to the so-called “Privacy Umbrella” deal last week. The agreement is designed to protect the personal data of EU citizens when it is transferred to...
View ArticleBad News for HIPAA Business Associates: HHS OCR Announces $650,000 Settlement...
Catholic Health Care Services of the Archdiocese of Philadelphia (“CHCS”), a HIPAA business associate, has agreed to pay the Department of Health and Human Services Office of Civil Rights (“OCR”)...
View ArticleQuick Thoughts About the Yahoo Breach
Another day, another 500 million Yahoo accounts reached. Our friends at the FTC are right on top of this with guidance for individuals with Yahoo accounts. First and foremost, change your Yahoo...
View ArticleSharing Consumer Health Information? Look to HIPAA and the FTC Act
Does your business collect and share consumer health information? Check out these tips from the FTC for complying with HIPAA and the FTC Act....By: Colin J. Zick
View ArticleMore on HIPAA Audits for 2016 and 2017–Desk Audits and On-Site Audits
As part of the ongoing HHS OCR HIPAA audit initiative, it is conducting “HIPAA desk audits.” These audits don’t involve auditors coming in your facility. Instead, covered entities are being asked to...
View ArticleHHS OCR Alert: Phishing Email Disguised as Official OCR Audit Communication
This alert just in from HHS OCR: “It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels. This...
View ArticleAdditional Clarification regarding HHS OCR Phishing Email Alert
More information from HHS OCR about the phishing threat... ..On November 28, 2016, the HHS Office for Civil Rights issued a listserv announcement warning covered entities and their business associates...
View ArticleWant to Know Why Memorial Healthcare Systems Is Paying HHS OCR $5.5 Million?
On February 16, 2017, HHS OCR announced that Memorial Healthcare Systems (MHS) had paid the U.S. Department of Health and Human Services (HHS) $5.5 million to settle potential violations of HIPAA’s...
View ArticleIs Computer Security Broken?
The Economist certainly thinks computer security is broken (and it’s hard to argue the contrary). In its April 8 edition, The Economist’s cover story proclaims, “Why computers will never be safe.”...
View ArticleGoogle Docs Phishing (in real time, May 3, 2017, 4:30pm)
If you check your email this afternoon, you may see a message that someone you know is sharing something on Google Docs....By: Colin J. Zick
View Article“If You Are Reading This, You Probably Weren’t Hacked Last Week”– So Now What?
First, the basic facts about the recent ransomware attack: ..US-CERT has received multiple reports of WannaCry ransomware infections in several countries around the world. ..Ransomware is a type of...
View ArticleThe Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!
Great article in the Wall Street Journal this week (paywall), on the history of passwords and password management. I did not know that the seeming obsession with passwords featuring a strange mixing of...
View ArticleSo They’ve Hacked Equifax…. Is Anyone Safe? And What Should You Do Now?
Me and 143 million of my closest friends may have had our personal information inappropriately accessed through a breach at Equifax–is there no safe haven anywhere? Deferring that question for another...
View ArticleYes, You Were Likely a Victim of the Equifax Hack, But Here’s What You Can Do...
As we previously said, the Equifax breach affects approximately 143 million Americans. While the hackers stole data that includes addresses, birth dates, full names and Social Security numbers, there...
View ArticleThe Massachusetts Attorney General’s Complaint Against Equifax
As most are aware, the Massachusetts Attorney General has won the race to the courthouse and been the first regulator to file suit against Equifax....By: Colin J. Zick
View ArticleSchrems II Judgment Rendered
A 152 page judgment was rendered on October 3, 2017 by the Irish High Court in Schrems II: DPC v Facebook Final. Nor surprisingly, the court decided to refer the case to the Court of Justice of the...
View ArticleJAMA: Cybersecurity Concerns and Medical Devices – Lessons from a Pacemaker...
Interesting viewpoints from this Journal of the American Medical Association article on FDA’s August 2017 notice re: cyber security issues with certain pacemakers, including:......By: Colin J. Zick
View ArticleGRDP Update: WP29 Guidelines adopted for Data Protection Impact Assessment
The new GDPR is much more detailed than the 1995 Directive. The GDPR has 99 articles, versus 34 in the Directive. And a few new key concepts clearly require new guidance....By: Colin J. Zick
View ArticleHHS Office for Civil Rights Issues Guidance on How HIPAA Allows Information...
Following President Trump’s declaration of a nationwide public health emergency regarding the opioid crisis, the HHS Office for Civil Rights has released new guidance on when and how health care...
View ArticleSome Cyber Monday Shopping Tips
As you enjoy the holiday weekend, and even some Cyber Monday shopping, keep in mind these online shopping tips from the FTC: ..Know the seller and the item. Put the company or product name in a search...
View ArticleRecent New York Legislation Demonstrates Growing Governmental Interest in the...
Recent legislation in the New York State Assembly reflects a growing governmental interest in blockchain as a technology in cybersecurity systems. On November 27, four different bills addressing...
View ArticleThe Legal Benefits and Practical Problems of Data Encryption in the Workplace...
Partner Colin Zick was recently invited to speak to the Union College Computer Science Department’s Seminar Series. His presentation addressed the difficulties in implementing encryption in the...
View ArticleThe New EU General Data Protection Regulation: What It Means For US...
Cultural gap between the EU and the US - EU Data Protection Rules - Why should you care about those rules? ..GDPR is « general » i.e. it applies to all activities including the Healthcare/Life...
View ArticleDNC Sues Russia, the Trump campaign, Wikileaks
It’s probably not going to change anything, but the Democratic National Committee has sued Russia (and members of the Russian establishment), members of the Trump campaign, and Wikileaks regard the...
View Article
