Watch: HIPAA Crimes Webinar – How the New Crime Wave Affects You

Unfortunately, health care providers are the perfect mark for theft and extortion because they have huge amounts of sensitive information and maintain such information in computer databases at risk of infiltration. On May 17, Foley Hoag presented a webinar discussing the ongoing crime sprees involving theft of patients’ identities and health information; ransomware involved in these crimes; related data security issues affecting health care providers; and how they implicate law enforcement and the criminal law aspects of HIPAA.

To download a copy of the presentation, click here.

Watch a recording of the webinar:

Download the Presentation: The End of the “Safe Harbor” Rule for E.U./U.S. Data Transfer

On May 25, 2016, partners Catherine MuylColin Zick and Daniel Schimmel participated in a panel discussion on how companies can transfer personal data and remain compliant. The event, co-sponsored by The French-American Chamber of Commerce, Foley Hoag LLP and The Consulate General of France in New York, was part of the FACC’s “Tech, Media & Entertainment” task force.

Click here to download a copy of the presentation:

Capture

 

 

 

 

 

 

Obama Signs Defend Trade Secrets Act Into Law: Important New Tool for Victims of Data Breach

On May 11, 2016, President Obama signed the Defend Trade Secrets Act of 2016 (“DTSA”) into law.  Previously, companies could only bring misappropriation of trade secrets claims under state law.  (Unless they were able to convince federal prosecutors to bring criminal charges under the Economic Espionage Act, which rarely ever happens.)  Now, companies have the option of pursuing a federal cause of action for misappropriation of trade secrets, which brings with it… More

Join Us on May 25: The End of the “Safe Harbor” for E.U./U.S. Data Transfer

How Can Companies Transfer Personal Data and Remain Compliant?

The French-American Chamber of Commerce, Foley Hoag LLP and The Consulate General of France in New York are pleased to invite you to a timely panel discussion and networking event.

Date: Wednesday, May 25 Time: 6:00 pm – 8:00 pm Location: Consulate General of France 934 Fifth Avenue New York, NY

Please use the complimentary promo code FACC to register here.

Event background:

In October 2015, the European Court of Justice struck down the “safe… More

Cybersecurity, Corporate Governance, and Risk Management: Best Practices

As litigators, we help clients resolve conflicts that have matured into disputes.  In the realm of cybersecurity, we defend claims brought by private parties or governmental entities against companies facing the fallout from a data breach.

In advising clients in the context of litigation, we have identified tools that are available to mitigate or prevent the types of breaches that we see in litigation.  In the area of cybersecurity, companies have begun to consider the… More

Top Tips for OCR HIPAA Audit Preparation

Written by Elizabeth Snell | This article was originally published on HealthITSecurity.com 

The recently announced OCR HIPAA audits are not a cause for panic, according to experts, especially of organizations have proper documentation.

With the most recent round of OCR HIPAA audits announced just last month, many healthcare organizations are working to ensure that they are prepared should they be called for investigation.

OCR HIPAA audits will take thorough preparation

While the announcement should not come as a total surprise, several healthcare legal experts explain that covered entities that maintain thorough documentation of… More

EU General Data Protection Regulation Adopted

After years of intense discussions, the EU General Data Protection Regulation (GDPR) was finally adopted on 14 April 2016.

The GDRP sets out uniform new rules in the field of data protection across the EU, rules that will standardize the law in the 28 EU Member States and have an impact on both European and non-European companies.  For example:

data controllers (companies collecting and using personal information) will have a wide range of new obligations, including: data breach notification; implementation of the right to be forgotten; appointment of a data protection officer; privacy impact assessment before processing data; and implementation… More

EU-US Privacy Shield: Working Party Urges European Commission to Improve Current Scheme

After the invalidation of the Safe Harbor by the European Court of Justice (“ECJ”) last October in the Schrems case, negotiations between the European Commission and US authorities led to a new agreement called the EU-US Privacy Shield.  However, the EU’s 1995 Data Protection Directive provides that the Article 29 Working Party (“WP29”) has to issue an opinion on this kind of agreements and it did so on April 13. It concluded that the proposed version of the Privacy Shield does not offer a protection essentially equivalent to that offered under EU law. WP29 noted… More

How Hospitals Can Avoid Being the Next Ransomware Victim

Hospitals are increasingly the target of hackers, particularly in the form of “ransomware.”  What follows is a primer on ransomware and how to avoid being a target of it.

What is ransomware? 

Ransomware is a type of malware that limits users’ access to their computer systems. It functions by locking a user’s system and/or encrypting its files.  Once ransomware gains access to a single workstation, it can “travel across [a] network and encrypt any files located on… More

iPhone Access Gets Attention, ‘Stingrays’ Fly Under The Radar

Previously published in Law360, April 5, 2016. Posted with permission.

While eyes have been peeled on the U.S. Department of Justice’s efforts to obtain a court order to hack the iPhone of one of the San Bernardino killers, garnering far less scrutiny is law enforcement’s more routine use of powerful cellular tracking devices before a defendant is even charged. Called cell-site simulators, IMSI-catchers or “Stingrays” after the brand name of the leading product in the field, these trackers… More