LabMD is back in the news. This time, however, it’s not the FTC’s administrative action against LabMD that’s making headlines. (For information about the administrative action, please see our prior posts here and here.) Instead, LabMD’s federal court actions against the FTC – one in the United States Court of Appeals for the Eleventh Circuit and […]
Privacy & Cyber Regulatory Enforcement
OCR Issues New Guidance on the HIPAA Privacy Rule and Sharing of Mental Health Information
Late last week, the HHS Office for Civil Rights (OCR) published guidance designed to help health care providers understand when, consistent with the HIPAA Privacy Rule, they may share information related to a patient’s mental health with others. As we have previously written, HHS seeks to balance a patient’s privacy rights in mental health records […]
FTC Denies LabMD’s Motion to Dismiss
The FTC – in a decision that should surprise no one – refused to dismiss its administrative complaint (“Complaint”) against LabMD. This case – like the FTC’s case against Wyndham Worldwide – illustrates the continuing fight regarding the scope of the FTC’s power for regulate inadequate data security practices. In particular, this decision is important because it […]
Complimentary Seminar – Payment Card Breaches: How to Prepare, How to Survive – March 5, 2014
Please join Alston & Bird, Dell SecureWorks and AIG for a discussion on how to prepare for and respond to payment card breaches. Recent payment card breaches in the retail industry have highlighted the need to fully prepare for similar types of attacks, both in terms of increasing security controls where appropriate and enhancing incident […]
NIST releases final Cybersecurity Framework
The National Institute of Standards and Technology (“NIST”) has released the final version of the much-anticipated Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”). The Framework was developed by NIST at the direction of President Obama’s February 12, 2013, Executive Order 13636, “Improving Critical Infrastructure Cybersecurity” (the “Executive Order”). The Framework largely retains the structure […]