Information Security & Data Breach Report November 2013 Update
|
|
- Dominick Marshall
- 7 years ago
- Views:
Transcription
1 Information Security & Data Breach Report November 2013 Update
2 2 Information Security and Data Breach Report Headlines like State Attorneys General Are Crucial Force in Enforcement of Data Breach Statutes and Lawmakers Push for Federal Data Breach Notification Law demonstrate increasing local and national concern with information security. 1 With more regulatory bodies taking notice of data privacy events, it has become clear that companies need the proper risk management protocols in place to handle this increasingly complex environment. We are pleased to present our latest report, which is designed to provide you insights into notable breaches and identify trends with the objective of answering the following principal questions: 1. What is the total number of breaches per quarter? 2. What types of entities are experiencing breaches? 3. What is the average number of days between discovery and disclosure of a data breach? 4. What types of data are being compromised? 5. What is the average number of records per breach? 6. What are the leading causes of data breaches? 7. What is the average total cost of a data breach? METHODOLOGY USED FOR IDENTIFYING DATA BREACHES Navigant captured all major data breaches disclosed publicly during the second quarter of 2013 (April 1, 2013 June 30, 2013) for comparison against data from the prior four quarters ( Four Quarter Average ). 2 As part of the methodology, Navigant evaluated multiple sources to compile a list of breaches that took place in the United States involving a minimum of 1,000 exposed or potentially exposed records. 3 The incidents identified in this report involve breaches in which physical or electronic records were hacked, lost, stolen, or improperly exposed or discarded. DATA BREACH SCORECARD Healthcare entities accounted for the largest percentage of the data breaches in both reporting periods (Q2: 52% vs. : 45%). The average number of days between discovery and disclosure of Corporate breaches decreased to 51 days from the prior of 61 days. Hospitals experienced breaches more often than other healthcare entities across reporting periods (Q2: 34% vs. : 37%). The average number of records exposed per data breach was 56% below the four quarter average (Q2: 19,694 vs. : 44,445). There was a 47% decrease in the number of records breached between reporting periods (Q2: 1.24 million records vs. : 2.32 million records). 1. WHAT IS THE TOTAL NUMBER OF BREACHES PER QUARTER? we identified 77 breaches in Q The Q2 breaches exposed 1,240,698 records, which is 1.08 million records fewer than the prior of 2,322,263. Half of the top ten breaches in Q2 involved Government entities followed by two Healthcare breaches, two Corporate breaches and one breach in the Education sector. The top five breaches in Q2 represented over 724,000 thousand records, 58% of the total. During the prior four quarters, seven out of the top ten breaches were either Corporate or Education entities. One of the largest breaches identified in Q2 occurred at a regional medical center in California. In late 2012, the hospital contracted with a local vendor to digitize and then destroy X-Rays from patient files. The medical center learned from law enforcement in March 2013 that its files were missing. The hospital, working with local law enforcement, immediately began an internal investigation to determine what happened. The missing radiology records pertain to dates of service prior to February 2011 and may include patient names, dates of birth (DOBs), addresses, medical record numbers, physician names, diagnoses, radiology procedures, radiology interpretations, health insurance numbers and, in some instances, Social Security numbers (SSNs). In response to this incident, the company contacted all affected users and offered free credit monitoring. The medical center also set up a toll free number for those affected and implemented additional security measures to protect patients from future breaches. 2. WHAT TYPES OF ENTITIES ARE EXPERIENCING BREACHES? Our report classifies the organizations affected by data breaches into five categories: Healthcare, Corporate, Education, Government and Other. 4 These designations provide an overview of the entities that experienced a physical or electronic records breach. Across Q2 and the, Healthcare entities experienced the largest percentage of breaches identified. In Q2, Healthcare entities accounted for 52% of all breaches identified, followed by Corporate (19%), Government (16%), Education (10%), and Other (3%) (See Figure 1). For the, Healthcare entities experienced 45% of the data breaches identified, followed by Corporate (17%), Education (17%), Government (16%), and Other (5%) (See Figure 2). As part of Navigant s analysis, we further segmented Healthcare entities to get a better sense of the types of organizations affected by data breaches. The types of Healthcare entities which experienced data breaches in Q2 and the prior four quarters are shown on the following page. Hospitals are the largest single category of Healthcare data breaches; 34% in Q2 and an average of 37% in the prior four quarters. The percentage of data breaches occurring at Physician Offices declined significantly, from 25% in the to 15% in Q2. Conversely, the number of Mental Health Treatment Facility breaches increased to 15% in Q2 from only 3% in the. We identified 63 major data breaches in Q2 compared to the average of 52 from the previous four quarters, a 21% increase. This is second largest number of breaches identified in the history of this report; in our inaugural edition,
3 3 FIGURE 1: BREACHES BY TYPE OF ENTITY Other 3% Corporate 19% Education 10% A notable Healthcare data breach involving the loss of sensitive medical and personal data took place at a counseling and treatment center with several locations across southern Arizona. One of the center employees was the victim of a burglary resulting in the loss of a company laptop and external hard drive. The thief broke into the employee s home sometime in mid-march The employee, upon discovering the laptop and external hard drive were missing, filed a police report. The external hard drive contained the names, DOBs and treatment plans of over 3,000 patients who visited the centers between 2011 and Those affected by the data breach were notified by letter and offered free credit monitoring. According to news reports, it is not clear what additional remediation steps the company took following this breach. Healthcare 52% FIGURE 2: PRIOR FOUR QUARTERS BREACHES BY TYPE OF ENTITY Other 5% Corporate 17% Government 16% Education 17% 3. WHAT IS THE AVERAGE NUMBER OF DAYS BETWEEN DISCOVERY AND DISCLOSURE OF A DATA BREACH? Data security regulations and the increasing danger of identity theft have elevated the importance of a timely response and disclosure after the discovery of a data breach. Forty-six states and several U.S. territories including Guam, the Virgin Islands and Puerto Rico have enacted data breach reporting requirements. Some states allow for a company to conduct a reasonable investigation of the incident before notification while other states have established specific timelines for notification. States such as North Dakota, South Carolina and Vermont have recently passed legislation strengthening their data breach notification rules. In North Dakota, the state legislature expanded the definition of personal information under House Bill No to include health insurance information and medical information. Vermont now requires financial institutions regulated by the state to provide notice of a breach to the Department of Financial Regulation. Vermont, under House Bill No. 513, must notify consumers no later than 45 days after the discovery of a data breach and the Attorney General within 14 business days. States without specific data breach notification laws include Alabama, Kentucky, New Mexico and South Dakota. Healthcare Entity Type Healthcare 45% Four Quarter Average () Hospitals (34%) Hospitals (37%) Physician Offices (15%) Physician Offices (25%) Mental Health Treatment Facility (15%) Mental Health Treatment Facility (3%) Clinics (15%) Clinics (9%) Health System (9%) Health System (10%) Home Health Services (6%) Home Health Services (7%) Surgical Center (3%) Surgical Center (1%) Dental Practice (3%) Dental Practice (6%) Rehabilitation Facility (0%) Rehabilitation Facility (2%) Government 16% Q2 Trend From The average number of days between discovery and disclosure for all breaches decreased to 54 days in Q2 from 55 days in the. We also track the average number of days between discovery and disclosure by type of entity (See Figure 3). The two entity types that experienced significant change in this metric were Corporate and Other. The significant decrease in time between discovery and disclosure for Corporate entities can be attributed to several breaches that were disclosed less than 20 days after discovery of the incidents. One of these breaches involved the largest provider of discounted phone service to low-income families. A newspaper investigation found more than 170,000 customer records from 26 different states available online. The records were identified through a Google search and included SSNs, DOBs and information about participation in other governmentassistance programs. The records were being stored online by a third party vendor who helps the company determine eligibility for the program. Of the 170,000 records; 44,000 were application or certification forms while 127,000 were supporting documents such as photos of driver s licenses, tax records,
4 4 Information Security and Data Breach Report FIGURE 3: AVERAGE NUMBER OF DAYS BETWEEN DISCOVERY AND DISCLOSURE BY TYPE OF ENTITY Corporate Education Government Healthcare Other pay stubs including bank account information or passports. The company, upon learning of the breach, removed the information from the Internet and began an internal investigation. Several hundred applicants who were at heightened risk of identity theft and those in Texas, Minnesota, Nevada and Illinois were contacted about the breach. The company established a hotline for those affected by the incident and has offered free credit monitoring to those most at risk. Currently, both federal and state authorities require that entities holding personal health information must disclose that a data breach has occurred. The Department of Health & Human Services (HHS) issued data breach regulations in August At the same time, similar breach notification regulations were issued by the Federal Trade Commission (FTC). As part of directives under the Health Information Technology for Economic and Clinical Health (HITECH) Act, finalized in January 2013, both the HHS and the FTC require HIPAA-covered entities to provide notification following a breach of protected health information no later than 60 days after the incident. 5 Our analysis shows the average number of days between discovery and disclosure of breaches of medical records was 70 days for the prior four quarters compared to 64 days in Q2, representing a 9% decrease. 4. WHAT TYPES OF DATA ARE BEING COMPROMISED? The types of data being compromised include personally identifiable information (PII), such as names, DOBs, name or SSNs; protected health information (PHI), such as information related to medical conditions, the provision of healthcare, or payment for the provision of healthcare; and financial information, such as bank account or credit card numbers. We identified several categories of data commonly at risk in data breaches including: Names, Contact information, SSNs, DOBs, Medical records, Credit Cards, addresses, Financial information and Miscellaneous information (See Figure 4). Many of the incidents identified in this report have multiple types of data associated with each breach. In Q2, the percentage of breaches involving some of the most sensitive data was below the Four Quarter Average, including SSNs (Q2: 52% vs. : 56%) and DOBs (Q2: 40% vs. : 42%), Healthcare entities accounted for over 68% of the total breaches involving DOBs in Q2. A breach that involved almost 6,000 patient records containing PHI and other data took place at a pediatric primary care clinic in Florida. In April 2013, the clinic, part of a university health system, was notified by federal authorities and the Secret Service that an employee potentially accessed patient medical records as part of an identity theft ring. The employee may have used the records to steal personal information including names, addresses, DOBs and SSNs. The university began an internal investigation and immediately terminated the employee. The employee s job description permitted access to patient records. The university clinic, out of caution, set up a toll free hotline to answer questions and offered identity theft monitoring services for one year. It is not clear from news reports what steps, if any, the clinic took to enhance its protocols and security measures concerning patient record access. FIGURE 4: BREACHES BY TYPE OF INFORMATION Name Contact SSN DOB Medical 50 Credit Card Financial Misc
5 5 Breaches of medical information, on the other hand, were above the (Q2: 49% vs. : 48%). 5. WHAT IS THE AVERAGE NUMBER OF RECORDS PER BREACH? Navigant has calculated the average number of records per breach by type of entity (See Figure 5). This analysis revealed that the average number of records per breach was 56% lower in than the previous four quarters (: 44,445 vs. Q2: 19,694). The largest change between reporting periods was an 81% decrease for Other entities (: 25,454 vs. Q2: 4,863). The average number of records per breach for Corporate entities in Q2 decreased 69% from the prior four quarters (: 75,340 vs. Q2: 23,517). Government entities experienced a 58% decline from 89,392 records in the prior four quarters to 37,271 records in Q2. The average number of records per breach for Education entities was 53,948 during the prior four quarters versus 28,350 in Q2, a decrease of 47%. Healthcare entities averaged 15,518 records during the prior four quarters compared to 12,302 records in Q2, a 21% decrease. FIGURE 5: AVERAGE RECORDS PER BREACH BY TYPE OF ENTITY FIGURE 6: BREACHES BY TYPE OF METHOD Unauthorized access/use 18% Theft 25% Virus 6% Hack 18% Public Access or Distribution 22% Loss 11% FIGURE 7: BREACHES BY TYPE OF METHOD Unauthorized Access/Use 13% Virus 4% Hack 19% Improper Disposal 3% 75,340 89,392 Loss 11% 53,948 23,517 28,350 37,271 12,302 15,518 4,863 25,454 Theft 35% Public Access or Distribution 15% Corporate Education Government Healthcare Other 6. WHAT ARE THE LEADING CAUSES OF DATA BREACHES? The different causes of a data breach are summarized into seven major categories: Virus, Hacking, Loss, Theft, Public Access/ Distribution, Unauthorized Access/Use, and Improper Disposal. 6 The relative volume of data breach methods used in Q2 are shown in Figure 6. The had a similar break-out (See Figure 7). In Q2, Public Access or Distribution, Unauthorized Access/Use and Virus were trending up compared to the ; however Theft was trending downward and Hacking and Loss were essentially unchanged. Looking at the data by method of breach and type of entity, we identified some interesting statistics. Across both reporting periods, 67% of Thefts took place at Healthcare entities. In the prior four quarters, 40% of breaches at Education entities involved Public Access or Distribution and only 16% in Q2. Government entities were most often hit with breaches involving Hacking or Public Access or Distribution across both reporting periods. In the prior four quarters, 22% of Coporate entity breaches involved Unauthorized Access/Use, but in Q2 this method accounted for only 17%.
6 6 Information Security and Data Breach Report A western state s administrative court system was breached by hackers exposing up to 160,000 SSNs and possibly one million driver s license numbers. The hack happened sometime in September 2012 but was not detected until early The court system launched an internal investigation and discovered that hackers gained access to data through a commercial software program used by the state. The state immediately patched the software and disclosed the breach in Q2. Those affected by the breach were from two specific groups. The first group includes individuals who were booked into jail between September 2011 and December 2012 and had their name and SSN accessed. The second group includes individuals who received a DUI citation in the state between 1989 and 2011, had a traffic case resolved between 2011 and 2012, or had a criminal case filed against them that was resolved in 2011 and The state, following its investigation, took several steps to increase security of its records including isolating sensitive data to more protected areas and implementing additional code to detect hackers and new encryption rules. The state also set up a website and toll free hotline to answer questions about the incident. Navigant also tracked the format of breached records in three categories: physical, electronic and a combination of both. Electronic records are defined as those that may be accessed via CD-ROM, laptop, thumb drive, other media devices, , website or server. In Q2, 79% of the records compromised were electronic, 16% were physical records and 5% were unknown. Across the, 83% of compromised records were electronic while 13% were physical records. 1% were classified as a combination of both electronic and physical records, while 3% were in an unknown format. 7. WHAT IS THE AVERAGE TOTAL COST OF A DATA BREACH? Cost may be the first concern of an organization in the wake of a data breach. One of the foremost studies on this issue is published by the A community college in Iowa suffered a data breach affecting more than 125,000 current and former students on March 13, Hackers were able to gain access to student application records from February 2005 to March 2013 by accessing the course-application portal. The application information included applicant names, DOBs, race, contact information and SSNs. According to news reports, once the college identified the breach, it notified the FBI and contracted a data security firm. Following the investigation, the college began to contact those affected in early April with a letter explaining the breach and offering identity theft monitoring free of charge. Using the Ponemon Institute study estimates, the total cost of this data breach might be as high as $24 million. Following the breach, the college took down the course-application portal for almost four weeks to improve its security. Ponemon Institute provides statistics regarding the total costs of a data breach. Costs may include detection, discovery, notification, potential legal costs, ex-post costs, loss of customers, and/or brand damage, but will vary with each specific breach. For purposes of this report, Navigant used the Ponemon cost per record to estimate the average total cost of a data breach by type of entity and method of breach. 7 The average total cost of a data breach in Q2 was $3,702,400, a 56% decrease from the of $8,355,700. Some notable results from the analysis of average total cost of a data breach by entity were (See Figure 8): In Q2, Government ($7,006,967), Education ($5,329,863) and Corporate ($4,421,212) entities were above the average total cost of $3,702,400. Healthcare and Other entities were below the average by 38% and 75% respectively. At, $16,805,713, Government entities costs were more than double the total cost. Corporate ($14,163,993) and Education ($10,142,160) entities were also above the average total cost, while Healthcare and Others entities were below the average. FIGURE 8: AVERAGE TOTAL COST BY TYPE OF ENTITY $16,805,713 $14,163,993 $10,142,160 $7,006,967 $4,421,212 $5,329,863 $2,312,713 $2,917,398 $914,150 $4,785,284 Corporate Education Healthcare Other
7 7 FIGURE 9: AVERAGE TOTAL COST BY TYPE OF BREACH $20,302,236 $11,802,550 $7,558,443 $6,901,514 $6,769,799 $6,688,241 $4,834,554 $3,355,800 $3,984,370 $2,966,146 $1,714,454 $1,094,809 $213,756 $697,010 Hack Improper Disposal Loss Public Access or Distribution Theft Unauthorized Access/Use Unknown Virus The average total cost of a data breach varied widely by type of entity between quarters. Average cost for Other entities was $914,150 in Q2 from $4,785,284 in the prior four quarters, an 81% decrease, the largest between reporting periods. Corporate entities decreased 69%, from the of $14,163,993 to $4,421,212 in Q2. Government entities decreased 58% from $16,805,713 during the period to $7,006,967 in Q2. Education entities decreased their average total cost by 47% between reporting periods (: $10,142,160 vs. Q2: $5,329,863). The average total cost for Healthcare entities decreased 21% (: $2,917,398 vs. Q2: $2,312,713). Navigant also calculated the average total cost by method of breach (See Figure 9). Hacking (: $20,302,236 vs. Q2: $6,901,514), showed the most significant decrease in costs from the to Q2. Virus saw the largest percentage decrease between reporting periods, a 90% reduction (: $6,688,241 vs. Q2: $697,010). The other categories with significant reductions in average cost included Theft, Loss and Unauthorized Access/Use. In Q2, Hacking ($6,901,514) was the most expensive type of breach, followed by Loss ($6,769,799) and Public Access or Distribution ($4,834,554). For the, Hacking ($20,302,236) was again the most expensive type of breach, followed by Loss ($11,802,550) and Public Access or Distribution ($7,558,443).
8 8 Information Security and Data Breach Report SPOTLIGHT ON NOTABLE BREACHES Company/Organization: Drupal.org Industry: Internet Record Type: Electronic Method: Hacking Size of Breach: 1 Million User Accounts Type of Data Breached: Addresses, User Names, Passwords Drupal.org, a popular open-source content website, was hacked in May The Portland, Oregon based collective said a routine security audit found that hackers had installed malicious software on its website allowing others to look through account information. Drupal, following the hack, shut down both drupal. org and groups.drupal.org before beginning a forensic security review. The company notified users of the intrusion on its website and required those logging into the site to change their passwords to gain access. According to news reports, the hack involved 1 million users and the files breached contained user names, addresses, countries where users live and hashed passwords. Following the incident, the company took several steps to improve security including scanning for malicious or dangerous files and creating a static archive of older files. 1 State Attorneys General Are Crucial Force in Enforcement of Data Breach Statutes, Bloomberg BNA (October 7, 2013) and Lawmakers Push for Federal Data Breach Notification Law, PC World (July 18, 2013) includes Q Q For purposes of this study Living Social, Drupal Association, Facebook and Scribd were considered outliers in the last quarter and thus not reported as part of the quarterly data. The Drupal breach is discussed under the Notable Data Breaches section of this report. Quarterly data reported in prior studies may change when information regarding breaches is identified or amended. 4 Insurance companies are classified as Corporate entities for the purposes of this study, although protected health information may be included in breach incidents involving insurance companies A Virus is an intrusive malware that infects computers, servers and networks. A virus often carries out unwanted operations on a host computer. A virus could be used for hacking or it could be unintentionally loaded into a system and cause damage. Hacking occurs when a group or individual attempts to gain unauthorized access to computers or computer networks and tamper with operating systems, application programs, and databases. Unauthorized Access/Use is designated when an employee, contractor or volunteer of an organization wrongfully accesses or uses records. Improper Disposal occurs when either physical records or electronic media are not properly disposed and could be accessed by other parties. A Theft involves physical records or electronic media that have been stolen or taken from an organization without permission by an employee or other party. Loss is designated when either physical records or electronic media have been lost and cannot be located by the organization. Public Access or Distribution occurs when records or data are made available publicly or to inappropriate parties. This includes data made accessible via a server, website or network and sent to inappropriate recipients via paper or electronic methods Cost of Data Breach Study United States, Ponemon Institute LLC, May The total average cost per compromised record was $188. For purposes of this study, we estimated the total cost of each data breach using this figure calculated by the Ponemon Institute.
9 9 ABOUT NAVIGANT Navigant (NYSE: NCI) is a specialized independent consulting firm providing dispute, financial, investigative, regulatory and operations advisory services to government agencies, legal counsel and large companies facing the challenges of uncertainty, risk, distress and significant change. The Company focuses on industries undergoing substantial regulatory or structural change and on the issues driving these transformations. CONTACT» For questions related to the data presented herein: Lead Data Breach Forensic Investigators Steven Visser svisser@navigant.com Greg Osinoff, Esq greg.osinoff@navigant.com Daren Hutchison dhutchison@navigant.com Strategic Initiative Contacts Scott Paczosa scott.paczosa@navigant.com Jonathan Drage jonathan.drage@navigant.com Darin Bielby dbielby@navigant.com Research Lead Bill Schoeffler bschoeffler@navigant.com navigant.com The authors would like to thank Vanessa Nelson Meihaus and Angela Krulc for their invaluable assistance. Both specialize in practice specific and general business development research in Navigant s Research Services Group. Brad Pinne bpinne@navigant.com Bill Hardin bill.hardin@navigant.com Cuyler Robinson crobinson1@navigant.com 2013 Navigant Consulting, Inc. All rights reserved Navigant Consulting is not a certified public accounting firm and does not provide audit, attest, or public accounting services. See for a complete listing of private investigator licenses.
Information Security & Data Breach Report 2011 / 2012 Annual Review
Information Security & Data Breach Report 2011 / 2012 Annual Review 2 Information Security and Data Breach Report Data breaches and large scale cyber attacks continue to make headlines for entities of
More informationInformation Security & Data Breach Report November 2012 Update
Information Security & Data Breach Report November 2012 Update 2 Information Security and Data Breach Report The impact of data breaches continues to be discussed in boardrooms across America as well as
More informationInformation Security & Data Breach Report June 2012 Update
Information Security & Data Breach Report June 2012 Update 2 Information Security and Data Breach Report Data breaches continue to be one of the Achilles heels for corporations as these incidents become
More informationIowa Health Information Network (IHIN) Security Incident Response Plan
Iowa Health Information Network (IHIN) Security Incident Response Plan I. Scope This plan identifies the responsible parties and action steps to be taken in response to Security Incidents. IHIN Security
More informationCSR Breach Reporting Service Frequently Asked Questions
CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationDATA PRIVACY ENFORCEMENT EFFORTS BY STATE ATTORNEYS GENERAL
DATA PRIVACY ENFORCEMENT EFFORTS BY STATE ATTORNEYS GENERAL State AGs have been very active in the leadership of data privacy protection initiatives across the country, and have dedicated considerable
More information12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013
Regulatory Updates Eric M. Wright, CPA, CITP Schneider Downs & Co., Inc. December 5, 2013 Eric M. Wright, CPA, CITP Eric has been involved with Information Technology with Schneider Downs since 1983. He
More informationIntroduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide
Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com
More informationThis presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in
This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American
More informationHealth Care Data Breach Discovery Strategies for Immediate Response
Health Care Data Breach Discovery Strategies for Immediate Response March 27, 2014 Pillsbury Winthrop Shaw Pittman LLP Faculty Gerry Hinkley Partner Pillsbury Winthrop Shaw Pittman LLP Sarah Flanagan Partner
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationHealth Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know
Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection
More informationA-79. Appendix A Overview and Detailed Tables
Table A-8a. Overview: Laws Expressly Granting Minors the Right to Consent Disclosure of Related Information to Parents* Sexually Transmitted Disease and HIV/AIDS** Treatment Given or Needed Alabama 14
More informationHIPAA Privacy Breach Notification Regulations
Technical Bulletin Issue 8 2009 HIPAA Privacy Breach Notification Regulations On August 24, 2009 Health and Human Services (HHS) issued interim final regulations implementing the HIPAA Privacy Breach Notification
More informationPROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS
PROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS The following claim scenarios are hypothetical and are offered solely to illustrate the types of situations that may result in claims. Although sorted by industry,
More informationNCHICA HITECH Act Breach Notification Risk Assessment Tool. Prepared by the NCHICA Privacy, Security & Legal Officials Workgroup
NCHICA HITECH Act Breach Notification Risk Assessment Tool Prepared by the NCHICA Privacy, Security & Legal Officials Workgroup NORTH CAROLINA HEALTHCARE INFORMATION AND COMMUNICATIONS ALLIANCE, INC August
More informationHIPAA Compliance. 2013 Annual Mandatory Education
HIPAA Compliance 2013 Annual Mandatory Education What is HIPAA? Health Insurance Portability and Accountability Act Federal Law enacted in 1996 that mandates adoption of Privacy protections for health
More informationHIPPA Goes HITECH. Data Protection for Agents
HIPPA Goes HITECH Data Protection for Agents For agent information only. this material should not be distributed to the public or used in any solicitation. 13-0127 Course objectives Agents will be able
More informationHCCA Compliance Institute 2013 Privacy & Security
HCCA Compliance Institute 2013 Privacy & Security 704 Conducting a Privacy Risk Assessment A Practical Guide to the Performance, Evaluation and Response April 23, 2013 Presented By Eric Dieterich Session
More informationPrivacy Rights Clearing House
10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights
More informationHIPAA Privacy and Security and Research
ICTS Brown Bag Seminar Successful Completion: Participants must complete an evaluation form to receive a certificate of completion Contact Hours: 1 contact hours is available to those who meet the successful
More informationCOMPLIANCE ALERT 10-12
HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment
More informationCommon Data Breach Threats Facing Financial Institutions
Last Updated: February 25, 2015 Common Data Breach Threats Facing Financial s Although exact figures are elusive, there is no question that the number of data security breaches both reported and unreported
More informationPresentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy
Presentation for : The New England Board of Higher Education Hot Topics in IT Security and Data Privacy October 22, 2010 Rocco Grillo, CISSP Managing Director Protiviti Inc. Quote of the Day "It takes
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationPrivacy Legislation and Industry Security Standards
Privacy Legislation and Issue No. 3 01010101 01010101 01010101 Information is generated about and collected from individuals at an unprecedented rate in the ordinary course of business. In most cases,
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationData Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked
Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Linda Vincent, R.N., P.I., CITRMS Vincent & Associates Founder The Identity Advocate San Pedro, California The opinions expressed
More informationThe Future of Data Breach Risk Management Response and Recovery. The Cybersecurity Forum April 14, 2016
The Future of Data Breach Risk Management Response and Recovery Increasing electronic product life and reliability The Cybersecurity Forum April 14, 2016 Today s Topics About Merchants Information Solutions,
More informationStudent Data Breaches: Is Your District Prepared?
Student Data Breaches: Is Your District Prepared? Colleen A. Sloan, Esq., Manager, Labor Relations and Associate School Attorney JoAnn Balazs, Director, Management Services Janell Hallgren, Manager, Policy
More informationData Breach Strikes - Nerds & Geeks Unite: Effective Cooperation Between Privacy and Technical Experts Presented by: Paul H. Luehr, Managing Dir.
Data Breach Strikes - Nerds & Geeks Unite: Effective Cooperation Between Privacy and Technical Experts Presented by: Paul H. Luehr, Managing Dir. Stroz Friedberg Gerard M. Stegmaier, Esq. Wilson Sonsini
More informationEverett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law
Everett School Employee Benefit Trust Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Introduction The Everett School Employee Benefit Trust ( Trust ) adopts this policy
More informationGuadalupe Regional Medical Center
Guadalupe Regional Medical Center Health Insurance Portability & Accountability Act (HIPAA) By Debby Hernandez, Compliance/HIPAA Officer HIPAA Privacy & Security Training Module 1 This module will address
More informationPRIVACY BREACH MANAGEMENT POLICY
PRIVACY BREACH MANAGEMENT POLICY DM Approval: Effective Date: October 1, 2014 GENERAL INFORMATION Under the Access to Information and Protection of Privacy Act (ATIPP Act) public bodies such as the Department
More informationComputer Security at Columbia College. Barak Zahavy April 2010
Computer Security at Columbia College Barak Zahavy April 2010 Outline 2 Computer Security: What and Why Identity Theft Costs Prevention Further considerations Approach Broad range of awareness Cover a
More information2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security
2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009
More informationZip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July 2012. Tex Med. 2012;108(7):33-37.
Zip It! Feds, State Strengthen Privacy Protection Practice Management Feature July 2012 Tex Med. 2012;108(7):33-37. By Crystal Conde Associate Editor When it comes to enforcing HIPAA data security and
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Pam Townley, AVP / Eastern Zonal Manager AIG Professional Liability Division Jennifer Bolling, Account Executive Gallagher Management Liability Division
More informationAUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN. 1250 Siskiyou Boulevard Ashland OR 97520
AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN 1250 Siskiyou Boulevard Ashland OR 97520 Revision History Revision Change Date 1.0 Initial Incident Response Plan 8/28/2013 Official copies
More informationManaging Cyber & Privacy Risks
Managing Cyber & Privacy Risks NAATP Conference 2013 NSM Insurance Group Sean Conaboy Rich Willetts SEAN CONABOY INSURANCE BROKER NSM INSURANCE GROUP o Sean has been with NSM Insurance Group for the past
More informationData Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com
Data Security 101 A Lawyer s Guide to Ethical Issues in the Digital Age Christopher M. Brubaker cbrubaker@clarkhill.com November 4-5, 2015 Pennsylvania Bar Institute 21 st Annual Business Lawyers Institute
More informationCybercrime: Protecting Your Digital Assets in Today's Threat Landscape
Cybercrime: Protecting Your Digital Assets in Today's Threat Landscape Presented by Rachel Ratcliff OM03 Saturday, 10/5/2013 9:30 AM - 10:45 AM Cybercrime: Protecting Your Digital Assets in Today s Threat
More informationHIPAA Privacy, Security, Breach, and Meaningful Use. CHUG October 2012
HIPAA Privacy, Security, Breach, and Meaningful Use Practice Requirements for 2012 CHUG October 2012 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Standards for Privacy of Individually
More informationIDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Data Breach Notification Policy 10240
IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Data Breach Notification Policy 10240 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel & Compliance
More informationReporting of HIPAA Privacy/Security Breaches. The Breach Notification Rule
Reporting of HIPAA Privacy/Security Breaches The Breach Notification Rule Objectives What is the HITECH Act? An overview-what is Protected Health Information (PHI) and can I protect patient s PHI? What
More informationCompliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations
Enabling a HITECH & HIPAA Compliant Organization: Addressing Meaningful Use Mandates & Ensuring Audit Readiness Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard Compliance Mandates Increased
More informationInformation Privacy and Security Program. Title: EC.PS.01.02
Page: 1 of 9 I. PURPOSE: The purpose of this standard is to ensure that affected individuals, the media, and the Secretary of Health and Human Services (HHS) are appropriately notified of any Breach of
More informationHIPAA Privacy and Information Security Management Briefing
HIPAA Privacy and Information Security Management Briefing Karen Pagliaro-Meyer Privacy Officer kpagliaro@columbia.edu (212) 305-7315 Soumitra Sengupta Information Security Officer sen@columbia.edu (212)
More informationYour Agency Just Had a Privacy Breach Now What?
1 Your Agency Just Had a Privacy Breach Now What? Kathleen Claffie U.S. Customs and Border Protection What is a Breach The loss of control, compromise, unauthorized disclosure, unauthorized acquisition,
More informationHIPAA 101. March 18, 2015 Webinar
HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses
More informationSMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015
SMB Data Breach Risk Management Best Practices By Mark Pribish February 19, 2015 Presentation Agenda About Mark Pribish Information Governance The Threat Landscape Data Breach Trends Legislative and Regulatory
More informationImagine discovering at the end of the day that your wallet is missing. Your driver s license, credit cards
EMPLOYMENT LAW Update Data Security Breaches: Are Your Human Resources Policies Equipped to Avoid and/or Repair the Damage? By Daniel Klein, Esq. INTRODUCTION Imagine discovering at the end of the day
More informationGovernment Focus on Cybersecurity Elevates Data Breach Legislation. by Experian Government Relations and Experian Data Breach Resolution
Government Focus on Cybersecurity Elevates Data Breach Legislation by Experian Government Relations and Experian Data Breach Resolution Will Congress pass data breach legislation in 2015/2016? Recent high-profile
More informationFive Rivers Medical Center, Inc. 2801 Medical Center Drive Pocahontas, AR 72455. Notification of Security Breach Policy
Five Rivers Medical Center, Inc. 2801 Medical Center Drive Pocahontas, AR 72455 Notification of Security Breach Policy Purpose: This policy has been adopted for the purpose of complying with the Health
More informationData Security Breach Notice Letter
View the online version at http://us.practicallaw.com/3-501-7348 Data Security Breach Notice Letter DANA B. ROSENFELD & ALYSA ZELTZER HUTNIK, KELLEY DRYE & WARREN LLP A letter from a company to individuals
More informationRoxio Secure Solutions for Law Firms
Roxio Secure Solutions for Law Firms Law firms can easily protect sensitive data stored on CD, DVD, Blu-ray Disc and USB flash media with Roxio Secure Solutions Introduction Law firms and their clients
More information4/9/2015. One Year After the HIPAA Omnibus Rule: Lessons Learned in Breach Notification. Agenda
One Year After the HIPAA Omnibus Rule: Lessons Learned in Breach Notification Adam H. Greene, JD, MPH Partner Davis Wright Tremaine HCCA Compliance Institute April 22, 2015 Doug Pollack Chief Strategy
More informationCompromises in Healthcare Privacy due to Data Breaches
Compromises in Healthcare Privacy due to Data Breaches S. Srinivasan, PhD Distinguished Professor of Information Systems Jesse H. Jones School of Business Texas Southern University, Houston, Texas, USA
More informationArt Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches
Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Speakers Phillip Long CEO at Business Information Solutions Art Gross President & CEO of HIPAA
More informationHIPAA and Privacy Policy Training
HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training
More informationData Breach 101 How to Avoid a Virtual Catastrophe
Data Breach 101 How to Avoid a Virtual Catastrophe Presented by Eduard Goodman, J.D., LL.M., CIPP Chief Privacy Officer In partnership with IDentity Theft 911 is solely responsible for the content of this
More informationHow to Prepare for a Data Breach
IT Forum How to Prepare for a Data Breach Expediting Response and Minimizing Losses Presentation for SURA IT Committee November 5,,2014 Laura Whitaker, Senior Research Director eab.com Getting to Know
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationBeazley presentation master
The Art of Breach Management Beazley presentation master February 2008 A Brief Review of Data Breaches What is a Data Breach? Actual release or disclosure of information to an unauthorized individual/entity
More informationDATA BREACH INCIDENT RESPONSE WORKBOOK. For Questions or Immediate Help With a Data Breach, Call 1.877.441.3009
DATA BREACH INCIDENT RESPONSE WORKBOOK For Questions or Immediate Help With a Data Breach, Call 1.877.441.3009 Notice to Readers This workbook is not intended as legal advice and AllClear ID encourages
More informationTrust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
More informationHow To Protect Your Data From Theft
Understanding the Effectiveness of a Data Protection Program IIA: Almost Free Seminar 21 June 2011 Agenda Data protection overview Case studies Ernst & Young s point of view Understanding the effectiveness
More informationHIPAA/ HITECH HEALTH INSURANCE PORTABILITY ACCOUNTABILITY ACT. and. Health Information Technology for Economic and Clinical Health Act.
HIPAA/ HITECH HEALTH INSURANCE PORTABILITY and ACCOUNTABILITY ACT Health Information Technology for Economic and Clinical Health Act Revised 4/4/14 1 Your Accountability Quality Care Compliance Reputation
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationBest Practices for a Healthcare Data Breach: What You Don t Know Will Cost You
Best Practices for a Healthcare Data Breach: What You Don t Know Will Cost You By: Emilio Cividanes, Venable LLP Partner and Co-Chair Regulatory Practice Group Paul Luehr, Stroz Friedberg Managing Director
More information8/3/2015. Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice
Integrating Behavioral Health and HIV Into Electronic Health Records Communities of Practice Monday, August 3, 2015 1 How to ask a question during the webinar If you dialed in to this webinar on your phone
More informationNerds and Geeks Re-United: Towards a Practical Approach to Health Privacy Breaches. Gerard M. Stegmaier gstegmaier@wsgr.
Nerds and Geeks Re-United: Towards a Practical Approach to Health Privacy Breaches Gerard M. Stegmaier gstegmaier@wsgr.com @1sand0slawyer Data Breach Trends 2011 Average Loss to Organization = $5.5 million
More informationThe HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.
The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery
More informationMastering Data Privacy, Protection, & Forensics Law
Mastering Data Privacy, Protection, & Forensics Law April 15, 2015 Data Breach Notification and Cybersecurity Developments in 2015 Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy
More informationMedical Information Breaches: Are Your Records Safe?
Medical Information Breaches: Are Your Records Safe? Learning Objectives At the conclusion of this presentation the learner will be able to: Recognize the growing risk of data breaches Assess the potential
More informationHOW TO REALLY IMPLEMENT HIPAA. Presented by: Melissa Skaggs Provider Resources Group
HOW TO REALLY IMPLEMENT HIPAA Presented by: Melissa Skaggs Provider Resources Group WHAT IS HIPAA The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104 191, 110 Stat. 1936,
More informationJanuary 2007. An Overview of U.S. Security Breach Statutes
January 2007 An Overview of U.S. Security Breach Statutes An Overview of U.S. Security Breach Statutes Jeffrey M. Rawitz and Ryan E. Brown 1 This Jones Day White Paper summarizes what is generally entailed
More informationAuditing your institution's cybersecurity incident/breach response plan. Baker Tilly Virchow Krause, LLP
Auditing your institution's cybersecurity incident/breach response plan Objectives > Provide an overview of incident/breach response plans and their intended benefits > Describe regulatory/legal requirements
More informationANATOMY of a DATA BREACH DISASTER. Avoiding a Cyber Catastrophe. June, 2011. Sponsored by:
ANATOMY of a DATA BREACH DISASTER Avoiding a Cyber Catastrophe June, 2011 Sponsored by: ANATOMY of a DATA BREACH DISASTER Avoiding a Cyber Catastrophe An Advisen Special Report Sponsored by Chartis Security
More informationCyber Liability & Data Breach Insurance Claims
Cyber Liability & Data Breach Insurance Claims A Study of Actual Payouts for Covered Data Breaches Mark Greisiger President NetDiligence June 2011 Last year, privacy breaches ran about 1-2 per week. This
More informationCYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131
CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations
More informationFIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
More informationDATA SECURITY HACKS, HIPAA AND HUMAN RISKS
DATA SECURITY HACKS, HIPAA AND HUMAN RISKS MSCPA HEALTH CARE SERVICES SEMINAR Ken Miller, CPA, CIA, CRMA, CHC, CISA Senior Manager, Healthcare HORNE LLP September 25, 2015 AGENDA 2015 The Year of the Healthcare
More informationCyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029
Cyber Liability Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029 Today s Agenda What is Cyber Liability? What are the exposures? Reality of a
More informationUpdates on HITECH and State Breach Notification and Security Requirements Robin Campbell
Who s Afraid Of A Big Bad Breach?: Updates on HITECH and State Breach Notification and Security Requirements Robin Campbell Overview Identifying the laws that protect personal information and protected
More informationEnforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance
Enforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance Iliana Peters, JD, LLM, HHS Office for Civil Rights Kevin
More information$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP
David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!
More informationMastering Data Privacy, Social Media, & Cyber Law
Mastering Data Privacy, Social Media, & Cyber Law October 22, 2014 Data Breach Notification and Cybersecurity Developments in 2014 Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy
More informationPersonal Information Protection Act Information Sheet 11
Notification of a Security Breach Personal Information Protection Act Information Sheet 11 Introduction Personal information is used by organizations for a variety of purposes: retail and grocery stores
More informationPrivacy Law Basics and Best Practices
Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?
More informationSpecial Report The HITECH Act
Special Report The HITECH Act Privacy and Data Breach Notification Provision An Overview of the HITECH Act On February 17, 2009, President Obama signed into law the $787 billion stimulus package known
More informationPage 1. NAOP HIPAA and Privacy Risks 3/11/2014. Privacy means being able to have control over how your information is collected, used, or shared;
Page 1 National Organization of Alternative Programs 2014 NOAP Educational Conference HIPAA and Privacy Risks Ira J Rothman, CPHIMS, CIPP/US/IT/E/G Senior Vice President - Privacy Official March 26, 2014
More informationHIPAA Breach Notification Policy
HIPAA Breach Notification Policy Purpose: To ensure compliance with applicable laws and regulations governing the privacy and security of protected health information, and to ensure that appropriate notice
More informationDATA BREACH CHARTS (Current as of December 31, 2015)
DATA BREACH CHARTS (Current as of December 31, 2015) The charts below provide summary information about data breach notification statutes across the country. California adopted the first data breach notification
More informationData Breach Response Planning: Laying the Right Foundation
Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA
More information