security

A $1.2 Million Photocopier Mistake: Health Plan Settles with HHS in HIPAA Breach Case

By Ryan P. Blaney on August 20, 2013

We have heard the well-publicized stories of stolen laptops and resulting violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and we generally recognize the inherent security risks and potential for breach of unsecured electronic protected health information posed by computer hard drives. We remember to “wipe” the personal data off of our phones or computers before they are disposed, donated, or recycled.

A recent HIPAA settlement offers a costly reminder that other types of office equipment we use regularly have similar hard drives capable of storing confidential personal information.

PCI Security Standards Council Unveils New Data Security Standards

By Proskauer Rose on November 6, 2010

On Thursday, October 28, 2010, the PCI SSC promulgated version 2.0 of its Data Security Standard and its Payment Application Data Security Standard (“PA DSS”).
…

Decrypting HHS Guidance on Breach Notification and Security under the HITECH Act: NIST, FIPS, and More

By Sara Krauss on June 5, 2009

Two months after Congress mandated notification for the breach of unsecured protected health information (PHI), the Secretary of Health and Human Services (HHS) defined what it means to be “unsecured.” As required by Section 13402 of the HITECH Act, H.R. 1, 111th Cong. (1st Sess. 2009) (which was part of the American Recovery and Reinvestment Act of 2009), the Secretary issued guidance and a request for comments on the technologies and methodologies rendering information unusable, unreadable or indecipherable. 74 Fed. Reg. 19006 (Apr. 27, 2009) (to be codified at 45 C.F.R. pts. 160, 164).
…

More on Cloud Compliance

By Proskauer Rose on April 15, 2009

I recently spoke with Lora Bentley of IT Business Edge regarding privacy, data security, and cloud computing — There’s More Than One Way to Tackle Privacy in the Cloud.
…

No Harm, No Lawsuit: Seventh Circuit Refuses Data Breach Lawsuit Where Credit Monitoring Costs Are the Only “Damages” Sought

Posted on September 10, 2007

Where the only “damages” alleged following a data security breach are the costs of credit monitoring, a plaintiff has no case, so ruled the Seventh Circuit on August 23, 2007. The decision dealt another blow to so-called “identity exposure” plaintiffs seeking to recover damages stemming from the unauthorized disclosure of their personal information, as the Seventh Circuit’s ruling joined the unanimous line of lower court decisions denying recovery in the absence of actual, present harm.

In Pisciotta v. Old National Bancorp, — F.3d –, 2007 WL 2389770 (7th Cir. Aug. 23, 2007), the court ruled that “Indiana law would not recognize the costs of credit monitoring that the plaintiffs seek to recover in this case as compensable damages.” Id. at *6. In doing so, the Seventh Circuit joins a chorus of federal district courts that uniformly reject such costs as a form of cognizable injury sufficient to support legal claims for damages.

Proskauer on Privacy

security

A $1.2 Million Photocopier Mistake: Health Plan Settles with HHS in HIPAA Breach Case

PCI Security Standards Council Unveils New Data Security Standards

Decrypting HHS Guidance on Breach Notification and Security under the HITECH Act: NIST, FIPS, and More

No Harm, No Lawsuit: Seventh Circuit Refuses Data Breach Lawsuit Where Credit Monitoring Costs Are the Only “Damages” Sought

About Proskauer Rose LLP

Topics

Archives