Monthly Archives: January 2013

Pentagon to Increase Cybersecurity Force More than Five Times Current Size

In a recent article, the Washington Post reported that “The Pentagon has approved a major expansion of its cybersecurity force over the next several years, increasing its size more than fivefold to bolster the nation’s ability to defend critical computer systems and conduct offensive computer operations against foreign adversaries.”

The Pentagon’s plan would create three types of forces under the Cyber Command:

“national mission forces” to protect computer systems that undergird electrical grids,…

HIPAA “Omnibus” Regulations Published in Federal Register

The revised HIPAA regulations were formally published today in the Federal Register. In this form, they only take up 138 pages!

Law360 has a brief piece on the revised HIPAA rules, with the perspectives of various attorneys (including me) on the changes. While I’m not sure I agree with the quote that “This is a paradigm shift in the privacy world,” I do agree that this is “definitely something for all businesses to pay attention to.” Similarly,… More

Key Elements of the New “Omnibus” HIPAA

On January 18, 2013, nearly four years after the passage of the HITECH Act and its amendments to HIPAA, and nearly three years after it proposed regulatory amendments, the U.S. Department of Health and Human Services (“HHS”) has finally issued major “omnibus” revisions to HIPAA’s privacy and security regulations.

In the 563 pages of the regulations and related regulatory comments,… More

The Wait Is Over! HHS Finally Issues Revised HIPAA Privacy and Security Regulations

Nearly four years after the passage of the HITECH Act and its amendments to HIPAA, and nearly three years after it proposed regulatory amendments, the U.S. Department of Health and Human Services (“HHS”) has finally issued major revisions to HIPAA’s privacy and security regulations.

While we are still making our way through all 563 pages of the regulations and related regulatory comments (and will have a more detailed analysis shortly in this space),… More

Massachusetts Attorney General Secures $140,000 Settlement of Claims that Patient Information Was Left in a Town Dump

The Massachusetts Attorney General announced today that the former owners of a medical billing practice and four pathology groups have agreed to collectively pay $140,000 to settle allegations that medical records and patient billing information for “tens of thousands of Massachusetts patients were improperly disposed of at a public dump.” Under the settlements, the defendants have agreed to pay a total of $140,000 for civil penalties, attorney fees,… More

HHS Announces First HIPAA Breach Settlement Involving Less than 500 Patients

The Department of Health and Human Services’ Office for Civil Rights (“HHS OCR“) announced today that it was, for the first time, entering into a monetary HIPAA settlement for a breach involving less than 500 patients: the Hospice of North Idaho (HONI) has agreed to pay HHS OCR $50,000 to settle potential HIPAA security rule violations.

HHS OCR began its investigation after HONI reported to it that an unencrypted laptop computer containing the electronic protected health information (“ePHI”) of 441 patients had been stolen in June 2010.… More

NLRB Confirms that Comments Posted on Social Media May Be Entitled to Protection

In a post from earlier today, my colleagues, Lyndsey Kruzer and Mike Rosen, discuss the NLRB’s conclusion that social media comments can be protected activity:

The National Labor Relations Board (NLRB) recently issued a significant decision – solidifying the position it has staked out over the past 18 months – that an employee’s posts on social media may be entitled to protection under the National Labor Relations Act (NLRA),… More