Compliance Checkup & Corporate TIPS: OCR Agrees to $1.5 Million Settlement with Orthopedic Clinic for HIPAA Breach
on September 30, 2020
Data breaches have been top of mind for a while now, and their risk to the health care sector has never been higher. On September 21, 2020, the Office of Civil Rights (OCR) settled with Athens Orthopedic Clinic PA (Athens) for $1.5 million for a cyber breach it self-reported back in 2016...
Corporate TIPS (Video): The Importance of Incident Response Plans
on August 13, 2020
Cybercrime is on the rise in every industry. In this video, attorney Nicole Thorn discusses how proactive preparation of an incident response plan can help companies when they experience a data breach....
Corporate TIPS: Back to Work - From Home - Remote Work Policies for a New "Normal"
on June 24, 2020
Do you have a remote work policy? That is the first question we ask when advising companies on getting back to work and working from home. The answer 90% of the time is, "no..." So how do we operate our companies with employees scattered? Even with many state's lifting stay-at-home orders most companies will retain some level of their workforce in a remote environment. Businesses need to operate (even remotely) safely and securely and that starts with having proper policies in place to govern data security and network access....
Corporate TIPS: Litigation Considerations if Your Business Experiences a Breach
on May 13, 2020
When a data breach occurs, businesses rightly focus on identifying and rectifying the breach. The last thing a business is likely thinking about at that time is the threat of litigation. However, recent data breaches demonstrate that the threat of litigation is real and growing and should be considered at the outset....
Corporate TIPS and Compliance Checkup: CCPA v. HIPAA - CCPA Gets Tested in the Health Care Space
on April 16, 2020
The California Consumer Privacy Act (CCPA) has been in effect since January 2020, and is still the most stringent of all state laws regarding personally identifiable information (PII). The CCPA exempts some protected health information (PHI) from its requirements. Although there is no blanket exemption for health care providers, most of these providers are familiar with similar data privacy requirements under the Health Insurance Portability and Accountability Act (HIPAA). There is no private right of action for an individual under HIPAA for data breaches. The CCPA on the other hand, does provide such an action, which is why the state law is one of the more powerful privacy laws....