Paula Stannard, one of the practice leaders of the firm’s HIPAA Privacy & Security Team authored, “Business Associates’ HIPAA Compliance: Should Covered Entities Be Concerned?” in Bloomberg BNA’s Health IT Law & Industry Report. The article discusses why HIPAA covered entities (or business associates) should be concerned about the ability of their business associates (or […]
Regulation
Virginia Becomes First State To Mandate Advanced Credit Card Security for State Agencies
On May 5, Virginia Governor Terry McAuliffe signed Executive Directive 5 (2015), which requires the state’s technology and finance secretaries, treasurer and comptroller to update Virginia’s main purchasing card program to include advanced chip-and-pin technology by December. The Directive notes that many of Virginia’s political subdivisions and authorities have already converted purchase card programs to […]
DOJ Issues Data Breach Guidance
On Wednesday, April 29, 2015, the Department of Justice Computer Crime and Intellectual Property Section (CCIPS) Cybersecurity Unit issued new, detailed guidance on data breach incident response best practices. The document was announced at an invitation-only round table hosted by DOJ and provides guidance on what DOJ regards as “best practices for victims and potential […]
FTC Settles With Retail Tracking Firm Regarding Alleged Opt-out Misrepresentation
On April 23, 2015, the FTC and Nomi Technologies, Inc. (“Nomi”) settled the FTC’s misrepresentation charges related to Nomi’s “Listen” service, a multiple sensor technology that allows retailers to measure consumers’ in-store movements. Nomi’s sensors track consumers as they browse physical stores. According to the complaint, “Nomi places sensors in its clients’ retail locations that detect […]
HHS Issues Guidance on HIPAA and Workplace Wellness Programs
On Thursday, April 16, 2015, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued guidance, consisting of two frequently asked questions (FAQs), on the application of the HIPAA Privacy, Security, and Breach Notification Rules to workplace wellness programs. HHS explains in one of the FAQs that the […]