Disclaimer

This Blog/Web Site ("Blog") does not provide specific legal advice. It is for educational purposes only. Use of the Blog does not create any attorney-client relationship between you and Holland & Knight LLP or the author(s) of any posts. The Blog does not constitute legal advice and is not a substitute for competent legal advice from a licensed attorney in your state. Any links from another site to the Blog are beyond the control of Holland & Knight LLP and do not convey their approval, support or any relationship to any site or organization.

Find News & Knowledge

Cybersecurity and Privacy Topics

Data Breach    COPPA    

    Mobile    Privacy    

Cybersecurity    HIPAA

Incident Response

FTC    Legislation

  

Cybersecurity and Privacy Videos

 
How to Choose the Right
Cybersecurity Firm

Cybersecurity, Data Breach and Privacy Blog

Holland & Knight's Cybersecurity, Data Breach and Privacy Blog provides insights and analysis on privacy, information security, and information governance laws.

Showing 1-20 of 102 results
Sort By:
 
Next
On May 30, 2018, the White House released a key report, entitled "Assessment of Electricity Disruption Incident Response Capabilities," which was required by the May 2017 White House Cybersecurity Executive Order 13800 discussed in a prior blog. The report, written by the U.S. Departments of Homeland Security (DHS) and Energy (DOE), reviews the state of preparedness by the electricity sector and its ability to manage cybersecurity attacks, with a focus on how such respective attacks would impact other sectors.
Read more »
June 5, 2018
|
Cybersecurity risks to the health and medical device sector continue to be front and center both in Congress and the executive branch, with increasing risks coming from nation states, nonstate actors and other attackers. The health sector is one of 16 Critical Infrastructure (CI) sectors as defined by the U.S. Department of Homeland Security (DHS).
Read more »
May 21, 2018
|
On Feb. 21, 2018, the Securities and Exchange Commission (SEC) issued interpretive guidance on its expectations for corporate disclosures on cybersecurity risks.
Read more »
February 23, 2018
|
CMS issued a memo to state survey agency directors on December 28, 2017, to clarify CMS’s position on texting patient information. The memo, which indicates that it is effective “immediately,” states that CMS prohibits texting of orders by healthcare providers. Specifically, “texting orders from a provider to a member of the care team is not in compliance with the Conditions of Participation (CoPs) or Conditions of Coverage (CfCs).” In support of its position, CMS cites “§489.24(b),” which appears to be a typographical error. The rule dictating the form and retention of hospital records is 42 C.F.R. §482.24(b) .The rule states that “[m]edical records must be accurately written, promptly completed, properly filed and retained, and accessible.”
Read more »
December 29, 2017
|
The Usable Security & Privacy Group at Berkeley has published a website entitled AppCensus which purports to give a privacy health check for Android mobile apps. However, the Washington Post just featured the AppCensus site in a story about (alleged) COPPA non-compliance.
Read more »
July 28, 2017
The Department of Health and Human Services’ Office for Civil Rights, on July 25, 2017, announced an updated online tool that can be used to learn about breaches currently under investigation.
Read more »
Last week’s ransomware attack was one of the most widespread attacks we have seen, with (so far) more than 200,000 machines hit across more than 150 countries.
Read more »
May 15, 2017
|
On May 11, 2017, President Trump signed the long anticipated Cybersecurity Executive Order (EO), entitled "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure." The Executive Order is broken down into three sections (1) Cybersecurity of Federal Networks; (2) Cybersecurity of Critical Infrastructure; and (3) Cybersecurity for the Nation.
Read more »
May 12, 2017
|
As the HHS Office for Civil Rights continues to issue press releases about HIPAA settlements and enforcement actions, now is a good time to re-examine HIPAA and data privacy compliance efforts. Healthcare Partner Shannon Hartsfield discusses three things covered entities and business associates can do to help reduce the chances of coming to the attention of OCR.
Read more »
A recent HHS OCR resolution agreement further emphasizes the importance of conducting risk analyses and addressing them appropriately.
Read more »
A recent HIPAA enforcement action by the HHS Office for Civil Rights makes it clear that delaying or avoiding compliance efforts could result in significant fines.
Read more »
February 13, 2017
|
The Department of Health and Human Services' Office for Civil Rights (OCR), in January 2017, published a cyber newsletter regarding the importance of audit controls with respect to HIPAA compliance.
Read more »
January 18, 2017
|
The Department of Health and Human Services recently announced the first HIPAA settlement based on a late breach notice, reinforcing the importance of having a written incident response plan.
Read more »
January 12, 2017
|
The effective date for proposed cybersecurity regulation for financial services companies regulated by the New York Department of Financial Services (NYDFS) has been extended to permit regulated entities more time to come into compliance with the new requirements.
Read more »
December 22, 2016
|
On Friday, December 2, 2016, the White House Commission on Enhancing National Cybersecurity (the Commission) released its much anticipated report, detailing six major "imperatives," 16 recommendations and 53 action items.
Read more »
December 5, 2016
|
The Department of Defense issued a final rule following-up on the interim rules it issued in 2015 regarding safeguarding contractor networks and purchasing cloud computer services.
Read more »
October 24, 2016
|
Plaintiffs recently filed a putative class action complaint against a NFL team, a mobile app company, and an audio-beacon technology company, citing violations of the Electronic Communications Privacy Act. Plaintiffs contend that the NFL team's mobile app surreptitiously records end-users’ conversations to enable its beacon technologies.
Read more »
October 20, 2016
|
In recent guidance, OCR confirmed a number of positions it has taken informally over the years regarding how HIPAA affects cloud computing arrangements.
Read more »
October 19, 2016
|
On September 20, 2016, the U.S. Department of Transportation (DOT) issued its long awaited guidance on autonomous vehicles. At the same time, the National Highway Traffic Safety Administration (NHTSA) sent a Final Notice for Safety Defects and Automated Safety Technologies to the Federal Register, making it clear that safety issues that result from the use of automated technology, as well as cybersecurity, fit under its existing enforcement authorities.
Read more »
September 21, 2016
|
The state and federal banking and financial services sector continues its cybersecurity oversight with two important updates. First, the New York Department of Financial Services (NYDFS) has issued its "first-in-the-nation" cybersecurity regulations and second, the Office of the Comptroller of the Currency (OCC) Bank Supervision Plan lists cybersecurity as a primary objective.
Read more »
September 16, 2016
|
Next