On March 24, 2020, the Office for Civil Rights (OCR) at the Department of Health and Human Services issued guidance on how HIPAA covered entities may disclose protected health information (PHI) about an individual who has been infected with or exposed to COVID-19 to law enforcement, paramedics, other first responders, and public health authorities in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule.… More
Tag Archives: disclosure
In early June, the Cyberspace Administration of China released for public comment new draft regulations applicable to the collection of personal information relating to children under 14 by online service providers.
The draft regulations share many of the same structures as those utilized by the Children’s Online Privacy Protection Act (“COPPA”) in the United States:
- online service operators will have to obtain parental consent based on a comprehensive disclosure about the collection,…
The Cost of a Free Press: Allergy Practice Pays $125,000 to Settle Physician’s Disclosure of Patient Information on TV
Allergy Associates of Hartford, P.C. (“Allergy Associates”), has agreed to pay $125,000 to the Office for Civil Rights (“OCR“) at the U.S. Department of Health and Human Services (“HHS”) and to adopt a corrective action plan to settle potential violations of the HIPAA Privacy Rule. Allergy Associates is a health care practice that specializes in treating individuals with allergies, and is comprised of three doctors at four locations across Connecticut.… More
Data breaches are crisis moments that businesses must prepare for in many ways: not just in taking steps at prevention, but also mitigating losses, arranging for business continuity, complying with legal and regulatory requirements, and communicating adequately with customers. Waiting to think about such issues when a data breach occurs can increase costs (including the costs associated with the time needed to restore normal business operations) and harm a company’s reputation.… More
As we noted back in October, the SEC issued CF Disclosure Guidance: Topic No. 2: Cybersecurity.
This guidance provides the Division of Corporation Finance’s views regarding disclosure obligations relating to cybersecurity risks and cyber incidents.
“Once More Unto the Breach, Dear Friends, Once More”: The Increasing Recognition of Complexity in Data Breach Response and Reporting
In an article in today’s New York Times, we get some real-life insight into the difficulties in responding to a data breach. Even simple questions, like whether or not to report the breach and who is responsible for reporting it, take on unforeseen complexity.
I was interviewed and quoted as part of a Compliance Week article on the new SEC guidance on disclosures of cyber security incidents:
Colin Zick, a partner at law firm Foley Hoag, says the guidance is too general and that companies will have to think hard when assessing what information to disclose. “There are a lot of cyber-incidents, and there are lots of ways how these will affect your business,”… More
On October 13, the SEC issued CF Disclosure Guidance: Topic No. 2: Cybersecurity.
This guidance provides the Division of Corporation Finance’s views regarding disclosure obligations relating to cybersecurity risks and cyber incidents. It follows Chairman Schapiro’s June 2011 letter to Senator Rockefeller on the subject. More