RSS Print Email

US Congress

OCR Issues Two New Reports to Congress on HIPAA Compliance and Enforcement from 2011 to 2012

Last week the HHS Office for Civil Rights (“OCR”) presented certain findings regarding Health Insurance Portability and Accountability Act (“HIPAA”) compliance and enforcement to the National Committee on Health and Vital Statistics (“NCHVS”), an HHS advisory committee. The presentation reviewed OCR’s two recently issued reports to Congress. OCR is required to submit such reports under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. The first report, “HIPAA Privacy, Security, and Breach Notification Rule Compliance,” examines the number and type of complaints received by OCR regarding HIPAA violations and the agency’s response. The second report, “Breaches of Unsecured Protected Health Information,” reviews breach notifications received by OCR and the agency’s response. The report also includes the agency’s first enforcement actions under the Breach Notification Rule.

Read More

Energy and Commerce Committee to Hold First U.S. House of Representatives Hearing in 2014 on Protecting Consumer Information and Preventing Data Security Breaches

Following the recent announcement of two U.S. Senate committee hearings on data security breaches, the House Energy and Commerce Committee announced the first U.S. House of Representatives hearing to examine the issue. During the same week as the Senate hearings, the committee’s Subcommittee on Commerce, Manufacturing and Trade (CMT), chaired by Rep. Lee Terry (R-NE), will hold a hearing entitled “Protecting Consumer Information: Can Data Breaches Be Prevented?” on Wednesday, February 5, 2014, at 9:30 a.m. EST in 2123 Rayburn House Office Building. According to the hearing notice released yesterday, witnesses will include executives from Target and Neiman Marcus, as well as government officials from the United States Secret Service and Department of Homeland Security. The Subcommittee will examine the preparations made by businesses to prevent data security breaches and the resources that exist to identify threats and improve the security of consumer information. The CMT Subcommittee notice also referenced the subcommittee’s recently issued data breach resource guide, which is a webpage that provides consumers with information they can use to help protect themselves against identity theft and take action when they learn of potential fraudulent charges on their accounts.

Read More

U.S. Senate Banking and Judiciary Committees to Hold Hearings Examining Data Security Breaches, Identity Theft, and the Safeguarding of Consumers’ Financial Data

January 28, 2014 | Posted by | Topic(s): Online Privacy, US Congress, Legislation, Identity Theft, Data Security, Cybersecurity, Financial Privacy, Hearing, Data Breach, Senate, Cybercrime

The U.S. Senate Committees on Banking and the Judiciary will each host hearings during the week of February 3, 2014, to examine the impact on consumers from recently reported data security breaches and what measures may be taken to protect sensitive information of consumers, including customer financial information, from criminal acquisition and misuse. Consistent with the assigned jurisdiction and oversight authority of each committee, the Banking Committee will examine the protection of consumer financial data, whereas the Senate Judiciary Committee will focus on the prevention of data security breaches and combating cybercrime. While these hearings will be open to the public at the Senate office buildings in Washington, D.C., each hearing will also be webcast live to the public via the committees’ hearing web pages at the links provided below. Witness testimony will not be made publicly available until the hearings start, but will be posted and available at the same committee web pages. (Please click on “Read More” to see more detailed information on each hearing and links to the committee webpages.)

Read More

Senator Leahy Reintroduces “Personal Data Privacy and Security Act”: Federal Data Breach Notification Law Includes Criminal Penalties for Failure to Notify

On January 8, 2014, Senator Leahy (D-VT) reintroduced the “Personal Data Privacy and Security Act” (S. 1897) in an effort to both enhance criminal penalties for computer hacking, and create a tough Federal data breach notification statute. The bill was originally cosponsored (at the time of its introduction) by Senators Chuck Schumer (D-NY), Al Franken (D-MN) and Richard Blumenthal (D-CT), and has since been cosponsored by Senator Robert Menendez (D-NJ). The bill has been referred to the Senate Judiciary Committee for consideration, and the committee is expected to hold a hearing on data security breach issues within the coming weeks.

Read More

House of Representatives Passes Health Exchange Security and Transparency Act of 2014: HR 3811 Would Require HHS to Notify Affected Individuals of a Breach of a Health Insurance Exchange Within 2 Days of Discovery

On Friday, January 10, 2014, the House of Representatives passed H.R. 3811, the “Health Exchange Security and Transparency Act of 2014” by a vote of 291 to 122. The bill was introduced on January 7, 2014 by Representative Joe Pitts (R-PA), and has a total of 75 cosponsors. Under the bill, the Secretary of Health and Human Services would be required to provide notice to each individual “[n]ot later than two business days after the breach of security of any system maintained by an Exchange established under section 1311 or 1321 of [the Affordable Care Act] which is known to have resulted in personally identifiable information of an individual being stolen or unlawfully accessed.” By contrast, the HITECH Act requires HIPAA covered entities to provide breach notifications to individuals, to HHS (if the breach involves the PHI of 500 or more individuals), and/or to the media (if required) “without unreasonable delay and in no case later than 60 calendar days after the discovery of a breach by the covered entity involved.” The bill would require HHS to notify individuals not only with respect to breaches of security of a federally facilitated health insurance exchange – a health insurance exchange established and operated by HHS that is accessed through – but also with respect to breaches of security of any health insurance exchange established and operated by a State under the Affordable Care Act.” 

Read More

Congress Considers Cybersecurity Bills

December 16, 2013 | Posted by Jeffrey Sural | Topic(s): US Congress, Legislation, Cybersecurity, Hearing

Earlier last week, House Homeland Security Committee Chairman Michael McCaul (R-TX) introduced H.R. 3696, a bill to amend the Homeland Security Act to make certain improvements regarding cybersecurity and critical infrastructure protection. The committee circulated the draft earlier this year, and had planned to mark up the bill when the Edward Snowden revelations became public. The bill faces several criticisms, including that the House passed a bipartisan bill earlier in the year that addressed the major issues facing cybersecurity. Also, the main provision of Chairman McCaul’s bill—designating the Department of Homeland Security to facilitate information sharing--was accepted as an amendment to the Cyber Intelligence Sharing and Protection Act (CISPA).

Read More

House Passes Updated CISPA Cybersecurity Legislation With Broader Bipartisan Support After Privacy Amendments Adopted

April 18, 2013 | Posted by Jeff Sural and Paul Martino | Topic(s): US Congress, Legislation, Marketing, Data Security, Cybersecurity, Privacy, House of Representatives

Today the House voted 288-127 to pass the Cyber Intelligence Sharing and Protection Act (CISPA), H.R. 624. The bill passed by a wider margin than last Congress, with 92 Democrats voting in favor of H.R. 624. Several amendments regarding privacy concerns were adopted. Ranking Member Dutch Ruppersberger (D-MD) stated after the vote “CISPA recognizes that you can’t have true security without privacy, and you can’t have privacy without security. This bill effectively works to protect both.”

Read More

House Intelligence Committee Approves Bipartisan Cybersecurity Legislation with Privacy and Civil Liberties Amendments

Yesterday afternoon the House Permanent Select Committee on Intelligence marked up H.R. 624, the Cyber Intelligence Sharing and Protection Act (CISPA), which was introduced in February. The bill passed the Committee by a vote of 18-2 after the approval of six amendments.

Ranking Member Dutch Ruppersberger (D-MD) praised the “collaborative effort” on improving privacy and civil liberties, while Chairman Mike Rogers (R-MI) noted the amended bill will help American businesses protect their networks from “cyber looters” while improving the cybersecurity marketplace, and without imposing unfunded mandates or additional federal regulation on the private sector.

Written by Jeff Sural, Counsel, Legislative & Public PolicyPrivacy & Data Security | Alston & Bird LLP

Chairman Rogers and Ranking Member Ruppersberger Reintroduce Cyber Intelligence Sharing and Protection Act (CISPA)

February 13, 2013 | Posted by | Topic(s): US Congress, Legislation, Data Security, Cybersecurity, Privacy, House of Representatives

House Intelligence Committee Chairman Mike Rogers (R-MI) and Ranking Member Dutch Ruppersberger (D-MD) re-introduced the Cyber Intelligence Sharing and Protection Act (CISPA) this morning. The bill has been numbered H.R. 624.

In their press release, Chairman Rogers and Ranking Member Ruppersberger confirmed that this bill is identical to the version that the full House of Representatives approved by a bipartisan vote of 248-168 on April 26, 2012. The bill sponsors also noted that CISPA had 112 bipartisan cosponsors last Congress. As with all pending legislation in Congress, the start of the 113th Congress last month required the bill sponsors to reintroduce the bill in order to begin the Congressional consideration process again this session.

Read More

Senate Judiciary Committee Approves S. 1223, Location Privacy Protection Act, Sponsored by Senator Al Franken

December 14, 2012 | Posted by | Topic(s): Online Privacy, US Congress, Legislation, Mobile Technologies, Privacy, Children's Privacy, Senate, Mobile Privacy

Last evening, the Senate Judiciary Committee approved by voice vote a location privacy bill -- S. 1223, the Location Privacy Protection Act -- sponsored by Senator Al Franken (D-MN) and cosponsored by four other Democratic members of the committee. In his remarks before the vote, Senator Franken stated that “companies that collect our location information are not protecting it the way they should.”

Read More

Congressional Bi-Partisan Privacy Caucus Holds Roundtable Briefing on Data Broker Practices

December 13, 2012 | Posted by | Topic(s): Online Privacy, Federal Trade Commission (FTC), US Congress, Legislation, Privacy, Children's Privacy, House of Representatives

This morning, Congressmen Edward J. Markey (D-MA) and Joe Barton, (R-TX), Co-Chairmen of the Congressional Bi-Partisan Privacy Caucus, hosted a roundtable briefing with Federal Trade Commission (FTC) Chairman Jonathan Leibowitz, FTC Commissioner Julie Brill, and invited representatives of companies and consumer advocacy groups to discuss the “data broker” industry and consumer concerns with the transparency of data collection practices.

Read More

U.S. Senator Sends Cybersecurity Inquiry Letter to American Businesses as White House Executive Order Nears Completion

September 21, 2012 | Posted by | Topic(s): US Congress, Legislation, The White House, Cybersecurity, Senate

Chief executives of each of the Fortune 500 companies will soon receive a letter from Senator John D. Rockefeller IV (D-W.Va.) asking them to describe how their companies address computer network security, or “cybersecurity.” In the letter, Senator Rockefeller explains that he is addressing Fortune 500 companies directly because of the recent stalling of the Cybersecurity Act (S. 3414) in the U.S. Senate.

Read More

Rep. Markey Introduces Mobile Device Privacy Act (H.R. 6377)

Rep. Ed Markey (D-MA) today introduced in the U.S. House of Representatives the “Mobile Device Privacy Act”, which was numbered H.R. 6377 and will be referred to the House Energy & Commerce Committee for further consideration. Congressman Markey serves as a member of the committee and Co-Chair of the Bi-Partisan Congressional Privacy Caucus. In his released statement, the Congressman remarked, “Consumers should be in control of their personal information, including if and when their mobile devices are transmitting data to third parties.”

Read More

Senate Republicans Reintroduce Revised Cybersecurity Bill, S. 3342, the SECURE IT Act

June 27, 2012 | Posted by | Topic(s): US Congress, Legislation, The White House, Data Security, Cybersecurity, Privacy, Senate, House of Representatives

This afternoon, Senators John McCain (R-AZ), Kay Bailey Hutchison (R-TX), Chuck Grassley (R-IA), Saxby Chambliss (R-GA), Lisa Murkowski (R-AK), Dan Coats (R-IN), Ron Johnson (R-WI), and Richard Burr (R-NC) reintroduced the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology (SECURE IT) Act, which now bears the number S. 3342.

Read More

Senate Commerce Committee Holds Privacy Hearing

Today the Senate Committee on Commerce, Science, and Transportation held a hearing entitled “The Need for Privacy Protections: Perspectives from the Administration and the Federal Trade Commission.” The hearing examined the need for privacy legislation and the recent privacy reports from the White House and the Federal Trade Commission. Testifying on behalf of the federal government were Cameron Kerry, General Counsel at the Department of Commerce, Jon Leibowitz, Chairman of the Federal Trade Commission (FTC), and Maureen Ohlhausen, FTC Commissioner. The witness statements and an archive of the hearing webcast may be found here.

Written by Paul Martino, Partner | Alston & Bird LLP