Mobile Health Apps & the FTC’s late (but serious) entry to the Breach Notification Game
How the FTC breach notification rule affects mobile app vendors and developers.
Privacy and Security
What will the CPRA passing mean to anyone doing business with Californians?
With the California Privacy Rights Act (CPRA) passage (aka Prop 24), the CCPA, already strict in its interpretation of PII, expands consumer rights and places new requirements on businesses. A few loopholes close, definitions gain clarity – and it becomes even more imperative to educate and notify consumers on data use, personalization, and so forth. … Read more
What’s the California Assembly’s Course Correction mean to CCPA?
Well, remember the issues around what the “HIPAA exemption” in the California Consumer Privacy Act (CCPA) really applied to? We wrote about it here all the way back in May 2019. Turns out our impression was correct – so correct that California just passed a law to correct it! Here’s the skinny: On September 5, … Read more
Telework & Telehealth: How Can We Work Securely During a Pandemic?
Remember that brief moment when we thought the COVID-19 business impact was lifting? It was a nice thought, but we were wrong. We’re firmly in the midst of the pandemic with alleviation an ever-moving target. What does this mean for businesses, especially covered entities (CE) and business associates (BA)? Telework and telehealth present security risks, … Read more
How the SHIELD Act Expands Legal Reach on Breaches
Interested in some (thankfully) non-pandemic related news? New York State’s SHIELD Act is in effect as of March 21, 2020. The SHIELD Act (Stop Hacks and Improve Electronic Data Security Act) takes several actions, including: broadening the definition of “Private Information”, expanding the definition of breach, and expanding the reach of the law to include … Read more
Return from Remote Work: How do you secure remotely used data & devices?
As things ease up, and slowly people return to the office, what steps do you need to take to make sure data and devices are secure? It’s not quite a reversal of what covered entities (CE) and business associates (BA) went through when everyone who was non-essential was required to go to remote work, but … Read more
Video Hijacking Have You Worried? Try these 5 Steps from the FBI
The healthcare industry reports that video hijacking, or teleconference hijacking, emergence on the rise as telehealth appointments replace typical in-person ones during the COVID-19 crisis. The FBI has received multiple reports of conferences being disrupted by pornographic images, hate images and threatening language. Yet another reason that, even though OCR has indicated it will not … Read more
When It’s OK to Share: OCR’s Novel Coronavirus Disease (COVID-19) Limited Waiver
Novel Coronavirus, aka COVID-19, is on track to stretch our healthcare system to the breaking point, and our healthcare providers along with it. In effect as of March 15, 2020, the OCR’s published a Limited Waiver of HIPAA Sanctions and Penalties that during this National Emergency could give care providers one less source of anxiety … Read more
Teleworking Safely: Precautions for Working Remotely during COVID-19
As we cope with the COVID-19 pandemic, it’s important to take a few extra measures to protect your organization, your patients and clients, and your data. Teleworking, where more and more individuals are working remotely, is widely accepted to prevent further spread of the virus. Now is a good time to address the risks that … Read more
What does the CCPA have to do with Policies & Procedures?
Compliance with CCPA is entwined with how you do business. Your business operations (the “how and what”) directly link to company policy, controls, processes: policies and procedures. You could say that the CCPA has everything to do with policies and procedures. Which is why you need to update yours – yesterday. Not convinced? Let’s go … Read more
