Tag Archives: US Congress

OCR Issues Two New Reports to Congress on HIPAA Compliance and Enforcement from 2011 to 2012

Written by
Last week the HHS Office for Civil Rights (“OCR”) presented certain findings regarding Health Insurance Portability and Accountability Act (“HIPAA”) compliance and enforcement to the National Committee on Health and Vital Statistics (“NCHVS”), an HHS advisory committee. The presentation reviewed OCR’s two recently issued reports to Congress. OCR is required to submit such reports under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. The first report, “HIPAA Privacy, Security, and Breach Notification Rule Compliance,” examines the number and [...] Read more

Energy and Commerce Committee to Hold First U.S. House of Representatives Hearing in 2014 on Protecting Consumer Information and Preventing Data Security Breaches

Written by
Following the recent announcement of two U.S. Senate committee hearings on data security breaches, the House Energy and Commerce Committee announced the first U.S. House of Representatives hearing to examine the issue. During the same week as the Senate hearings, the committee’s Subcommittee on Commerce, Manufacturing and Trade (CMT), chaired by Rep. Lee Terry (R-NE), will hold a hearing entitled “Protecting Consumer Information: Can Data Breaches Be Prevented?” on Wednesday, February 5, 2014, at 9:30 a.m. EST in 2123 Rayburn House Office Building. According to the hearing notice released [...] Read more

U.S. Senate Banking and Judiciary Committees to Hold Hearings Examining Data Security Breaches, Identity Theft, and the Safeguarding of Consumers’ Financial Data

Written by
The U.S. Senate Committees on Banking and the Judiciary will each host hearings during the week of February 3, 2014, to examine the impact on consumers from recently reported data security breaches and what measures may be taken to protect sensitive information of consumers, including customer financial information, from criminal acquisition and misuse. Consistent with the assigned jurisdiction and oversight authority of each committee, the Banking Committee will examine the protection of consumer financial data, whereas the Senate Judiciary Committee will focus on the prevention of data security [...] Read more

Senator Leahy Reintroduces “Personal Data Privacy and Security Act”: Federal Data Breach Notification Law Includes Criminal Penalties for Failure to Notify

Written by
On January 8, 2014, Senator Leahy (D-VT) reintroduced the “Personal Data Privacy and Security Act” (S. 1897) in an effort to both enhance criminal penalties for computer hacking, and create a tough Federal data breach notification statute. The bill was originally cosponsored (at the time of its introduction) by Senators Chuck Schumer (D-NY), Al Franken (D-MN) and Richard Blumenthal (D-CT), and has since been cosponsored by Senator Robert Menendez (D-NJ). The bill has been referred to the Senate Judiciary Committee for consideration, and the committee is expected to hold a hearing on [...] Read more

House of Representatives Passes Health Exchange Security and Transparency Act of 2014: HR 3811 Would Require HHS to Notify Affected Individuals of a Breach of a Health Insurance Exchange Within 2 Days of Discovery

Written by
On Friday, January 10, 2014, the House of Representatives passed H.R. 3811, the “Health Exchange Security and Transparency Act of 2014” by a vote of 291 to 122. The bill was introduced on January 7, 2014 by Representative Joe Pitts (R-PA), and has a total of 75 cosponsors. Under the bill, the Secretary of Health and Human Services would be required to provide notice to each individual “[n]ot later than two business days after the breach of security of any system maintained by an Exchange established under section 1311 or 1321 of [the Affordable Care Act] which is known to have [...] Read more

Congress Considers Cybersecurity Bills

Written by
Earlier last week, House Homeland Security Committee Chairman Michael McCaul (R-TX) introduced H.R. 3696, a bill to amend the Homeland Security Act to make certain improvements regarding cybersecurity and critical infrastructure protection. The committee circulated the draft earlier this year, and had planned to mark up the bill when the Edward Snowden revelations became public. The bill faces several criticisms, including that the House passed a bipartisan bill earlier in the year that addressed the major issues facing cybersecurity. Also, the main provision of Chairman McCaul’s bill—designating [...] Read more

California Attorney General Announces Upcoming Best Practices Guidelines for Do-Not-Track Disclosures; Guidelines Will Not Delay New A.B. 370 Do-Not-Track Disclosure Requirements from Taking Effect on January 1, 2014

Written by
On December 10, 2013, the Privacy Enforcement and Protection Unit of the California Office of the Attorney General (CA AG) held a meeting in San Francisco for interested stakeholders to discuss best practices in light of the Assembly’s enactment of A.B. 370, California’s new do-not-track disclosure law that goes into effect on January 1, 2014. A.B. 370 amended the California Online Privacy Protection Act (CalOPPA) to require operators of websites, online services and mobile applications to amend their privacy policies as of the new year to either (1) disclose how they respond to do-not-track [...] Read more