Category Archives: Data Security

Telehealth, Privacy and The Three Little Pigs: The Final Episode

Written in collaboration with Melissa Chaplik, JD Candidate 2024 The COVID-19 Public Health Emergency (PHE) is ending on May 11, 2023, and so are HIPAA compliance flexibilities for telehealth. Here’s to hoping that the first two episodes of Telehealth, Privacy and The Three Little Pigs inspired action.  In the first episode, I warned: Telehealth is […]

CT AG Announces Online Breach Reporting Form

Today, the Connecticut Attorney General’s office announced that it created an online form for data breach reporting.  According to the CT AG’s office, “[t]he need for a standardized, online submission form was also motivated by recent amendments to Connecticut’s data breach notification statute.”  Those amendments, which took effect on October 1, 2021, include a broadened definition of personal information and a reduced timeframe for notification and reporting from 90 days to 60 days. 

My Incident Response Planning Epiphany

(2 min read) 3:35 AM.  Alarm blaring.  Disoriented, I pop out of bed, reach for my glasses and ask, “what is that?”  “It’s the security alarm” my spouse replies.  For a moment, I was relieved because I feared it was the fire alarm.  For a split second, fire seemed like a better option than an intruder.  After briefly playing out the intruder scenario in my head, the fear returned.

Connecticut Adopts an Act Incentivizing the Adoption of Cybersecurity Standards

Today, Connecticut’s Governor signed An Act Incentivizing the Adoption of Cybersecurity Standards for Businesses, Public Act 21-119 (the Act). The Act prohibits the assessment of punitive damages against an entity sued for negligent data protection practices related to a data breach involving personal information or information that can be used to identify an individual if the entity adopts and implements recognized cybersecurity standards.

A Conversation with IT Direct About the HIPAA Risk Analysis

One of the most common areas of enforcement under HIPAA involves a failure to perform an accurate and thorough risk analysis. Despite the known enforcement history and growing frequency of cybersecurity incidents, lack of compliance with the risk analysis requirement is very common. I sat down with Sammy De La O of IT Direct to get his perspective on performing a risk analysis and addressing the results.

Watch Part 1 of the 3-Part HIPAA Security and Cybersecurity Webinar Series

Part I: How to Improve Your Cybersecurity Defenses Through HIPAA Security Rule Compliance HIPAA Security Rule compliance significantly reduces the risk that a healthcare entity will suffer a cyber incident. During this session, we will look closely at three key HIPAA Security Rule requirements and examine the processes and technologies that both enable compliance as […]

DMC Law and IT Direct Team Up to Offer a 3-Part HIPAA Security and Cybersecurity Webinar

October is Cybersecurity Awareness Month!  It’s no secret that healthcare entities and the businesses that serve them are a popular target for cybercriminals – costing millions each year and damaging reputations. In fact, hacking and IT incidents are the leading cause of reported HIPAA breaches.   Healthcare executives need to understand both the risks and […]

COVID-19 TECHNOLOGY AND PRIVACY Part I – Contact Tracing: The Apple | Google API

This is part one of a two-part series focused on COVID-19 contact tracing technology and its implications for US privacy law. The next installment of this series will examine legislative solutions to protect data subjects from misuse of information collected through contact tracing apps and related technologies.

Final Rules on Interoperability and Information Blocking Released

Yesterday, the Centers for Medicare and Medicaid Services (CMS) and the Office of the National Coordinator of Health Information Technology (ONC) released their long-awaited final rules on interoperability and information blocking.

Privacy Legislation Season is Underway!

Just two weeks into the new year and at least three states already have proposed privacy legislation boasting CCPA and GDPR-like provisions. This flurry of early legislative activity is just a preview of what we are likely to see during state legislative sessions throughout the year.