Reflecting the movement to toughen data security laws on a state-by-state basis, on July 25, 2019, Governor Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act” or the “Act”). The Act amends New York State’s current data breach notification law, which covers breaches
Ellen is a senior counsel in the Corporate Department and a member of the Health Care Group. She assists clients in the health care, life sciences, sports and non-profit industries.
Ellen advises on complex health care regulatory matters, health privacy and data security issues, and health-related labor and employment matters. Her work with social services and charitable organizations particularly focuses on corporate governance matters. Ellen’s clients are diverse, spanning hospital systems, physician groups and other health care providers and associations, health technology companies, social services and charitable organizations, professional sports leagues, pharmaceutical and medical device companies, private equity firms, health plans, health management companies, and tissue banks and organ procurement organizations.
Ellen is accredited by the International Association of Privacy Professionals as a certified information privacy professional in the U.S. private sector. She has written and lectured widely on health care law, policy and ethics.
Before joining Proskauer, Ellen was an associate for law with The Hastings Center, a private, nonpartisan education and research institute that examines ethical and policy issues in medicine, health and the environment. She also has served as associate counsel to the New York State Task Force on Life and the Law, a state law reform commission, where she helped to develop laws and regulations on care of the dying, organ transplantation and assisted reproduction.
On November 19, 2015, Lahey Hospital and Medical Center (“Lahey”) entered into an $850,000 settlement with the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) for alleged violations of the Health Insurance Portability and Accountability Act of 1996 or “HIPAA”. As part of the settlement, Lahey must adopt a robust corrective action plan, which became operational on November 19, 2015, and will last for two years.
The settlement reinforces the importance of conducting HIPAA risk assessments with respect to the individually identifiable information in electronic form that is protected by HIPAA, referred to as “electronic protected health information” or “ePHI.” The settlement also underscores that covered entities must timely identify and respond to security incidents, and promptly mitigate any harmful effects. In addition, the settlement highlights the critical nature of physical workstation security, in particular where health care delivery involves the use of portable devices that store ePHI, and the value of employing technical solutions that encrypt data at rest that is stored on portable devices.
On June 30, 2015, the Governor of Connecticut signed into law S.B. 949, “An Act Improving Data Security and Agency Effectiveness.” The new law updates Connecticut’s data security laws, including by adding a 90-day hard deadline for data breach reporting, requiring companies in some cases to offer data breach…
Anthem Inc. (Anthem), the nation’s second-largest health insurer, revealed late on Wednesday, February 4 that it was the victim of a significant cyber attack. According to Anthem, the attack exposed personal information of approximately 80 million individuals, including those insured by related Anthem companies.