Insurance Coverage Law Report

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Insurance Coverage Law Report"

Transcription

1 September 2013 Insurance Coverage Law Report From the Editor Our Industry News, and Why It Matters By Steven A. Meyerowitz Feature Articles Data Breaches and the General Liability Policy in a Cyber-World By Seema A. Misra and Lauren V. DiLeonardo Hurricane Season is Here Is Your Insurance Program Ready for the Next Storm? By James P. Bobotek Case Law Developments Homeowner s Insurance Excess Health Insurance Commercial General Liability Life Insurance Worker s Compensation Legislative/Regulatory Developments Alternative Risk and Captives In the States Reinsurance Focus On: Directors & Officers Commercial Property Subrogation Trial Practice Professional Liability Insurance Umbrella Worker s Compensation Terrorism Risk Insurance Farm When Health and Auto Insurance Collide: Michigan Supreme Court Limits Insured s Right to Double Recovery Industry News People News Thought Leaders New Products Awards & Honors Calendar The Insurance Coverage Law Information Center

2 Data Breaches and the General Liability Policy in a Cyber-World By Seema A. Misra and Lauren V. DiLeonardo The authors explain the foundations for a claim under a commercial general liability insurance policy for data breach and provide a sampling of the types of laws and regulations addressing data breaches. Headlines announcing cyber-attacks that have resulted in data breaches are commonplace. No organization, whether large or small, is immune to the risk that its confidential information will be damaged, inadvertently disclosed or even stolen. Companies that have suffered a data breach confront the costs associated with both remedying the breach and defending the litigation that often arises from such a breach. Moreover, public concern over cyber-attacks has resulted in increasing regulation at both the federal and state level. Seema A. Misra Although cyber liability insurance is increasingly available, many companies have not purchased such policies, and data breaches are likely to result in a claim under their commercial general liability ( CGL ) policies. This article explains the foundations for a claim under a CGL policy for data breach and also provides a sampling of the types of laws and regulations addressing data breaches. The Foundation for COVERAGE OF CYBER attacks UNDER commercial GENERAL LIABILITY POLICIES A data breach can result in a myriad of lawsuits, with claims ranging from breach of privacy, defamation, and injury to property. When an insured seeks defense or indemnity for such claims under a CGL policy, the threshold issue is whether a cyber-attack has resulted in either personal and advertising injury or property damage as required by the standard CGL policy. Personal and advertising injuries CGL policies provide coverage for damages relating to personal and advertising injury, a term which is generally defined as an injury arising out of a list of enumerated offenses. Defense and/or indemnity is often sought for data breach claims on the basis that the breach has resulted in injury arising out of the offense of an oral or written publication, in any manner, of material that violates a person s right of privacy. 1 The issue that then arises is whether there has been a publication and, if so, the connection to a violation of a right of privacy. In Netscape Communications Corp. v. Federal Insurance Co, 2 Netscape and its parent company, AOL, sought coverage for multiple lawsuits commenced by users of Netscape s SmartDownload software, who alleged that their right to privacy had been violated because the software had provided Netscape with information about users internet activities, which Netscape and AOL used for targeted advertising. 3 In the coverage action, the insurer, argued that the underlying claims did not involve an oral or written publication of material that violates a person s right of privacy because AOL and Netscape were related entities who had shared consumer information only with each other. 4 The District Court for the Northern District of California held that a personal injury offense had been alleged because Netscape had made known the consumers private information to employees of AOL and Netscape and also because files were circulated among employees of the insureds, and any person meant any person, regardless of whether that person was a related entity. Significantly, although an insured may be able to satisfy the threshold issue of a publication, an exclusion may nonetheless preclude coverage. A standard provision in many CGL policies, including Netscape s policy, is an exclusion for online activities. 5 Seema A. Misra is a litigation partner with Stroock & Stroock & Lavan LLP who represents clients in a wide variety of business disputes, before state and federal courts, as well as arbitral tribunals. Lauren V. DiLeonardo is an associate at the firm. The authors can be reached at stroock.com and respectively. INSURANCE COVERAGE LAW REPORT. September

3 The issue of publication will soon be addressed again in the well-publicized case of Zurich American Insurance Co., et al. v. Sony Corp. of America, et al., pending in New York state court. In April 2011, computer hackers gained access to the personal identification and financial information of thousands of customers using the Sony Online Entertainment Network and the Sony PlayStation Network, forcing those networks to go offline for a period of time while the breach was corrected. 6 Sony s customers filed dozens of putative class actions, alleging that Sony had violated privacy rights and negligently failed to protect their personal information. 7 After Sony requested defense and indemnification, the insurers sought a declaration that they had neither a duty to defend nor indemnify Sony. Although the insurers alleged that Sony had established neither property damage nor personal and advertising injury, 8 Sony s recent motion for partial summary judgment focuses on whether there had been a personal and advertising injury. 9 In that motion, Sony argues that the class actions allege that consumers lost sensitive personal and financial information, and that their information was published because it was placed in the hands of cyber criminals who could use the information to commit credit fraud, which could result in an obligation to pay damages. 10 Zurich has yet to file a response. However, possible arguments that may be raised include whether customer information obtained by a hacker can be said to have been published and whether customers who put their information online have a right to privacy. Property Damage Attacks on electronically stored data also often result in claims that the data breach resulted in the damage to hardware and software. CGL policies provide coverage if there has been property damage, which is often defined as either physical injury to tangible property or the loss of use of tangible property that is not physically injured. 11 The question of whether losses stemming from damage to a computer network, electronic data and/or software are covered often turns on whether the damage is held to be physical and tangible. For example, in America Online, Inc. v. St. Paul Mercury Ins. Co., 12 America Online ( AOL ) was faced with numerous class actions alleging that its AOL 5.0 software caused damage to, and loss of use of, customers computers, computer data, software and systems. 13 AOL s claim under its CGL policy was denied, with the insurer arguing that it had no duty to defend because the underlying lawsuits did not allege either physical damage to tangible property or loss of use of tangible property. 14 In the subsequent coverage action, the District Court for the District of Virginia held that computer data, software and systems are not tangible property and the underlying claims went to the brains of the computer, not its physical make-up. 15 However, the court also held that there had been alleged loss of use of tangible property because computers themselves constitute tangible property. 16 The Fourth Circuit affirmed both these holdings, finding (i) damage to computer software is not to tangible property because tangible means capable of being touched 17 and (ii) the loss of use of computers constituted loss of use of tangible property Significantly, some courts have come out the other way, finding that damage to software or data was covered by a CGL policy because it was physical, tangible property. 19 In short, each policy must be examined individually, and exclusions may come into play even if the definition of property damage is satisfied. For example, many CGL policies written in the last decade contain an exclusion for damages arising out of the loss of use of use or damage to electronic data. INCREASING REGULATION OF THE CYBER WORLD Although there may have been a time when certain data breaches went unreported, due to both federal and state regulations, companies are increasingly obligated to report data breaches. The following is an analysis of some of these statutes and regulations, which are indicative of the wide range of entities that are impacted by such laws. The Health Insurance Portability and Accountability Act of 1996 The privacy and security of patient health care information is protected by the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ), which regulates health care providers, health insurers and contractors and subcontractors that receive patient information. 20 HIPAA authorizes the Department of Health and Human Services ( HHS ) to promulgate privacy standards for patients health care data. To that end, HSS promulgated (i) the HIPAA Privacy Rule, 21 which protects the privacy of individually identifiable health information (ii) the HIPAA Security Rule, 22 which sets national standards for the security of electronic protected health information ; and (iii) the HIPAA Breach Notification Interim Final Rule, 23 which requires entities to provide notification following a breach of unsecured protected health information. As recently as January 2013, HHS modified the HIPAA Privacy Rule 4. September INSURANCE COVERAGE LAW REPORT

4 and HIPAA Security Rule to strengthen the privacy and security protection for individuals health information and modified the Breach Notification Interim Final Rule. 24 As amended, the HIPAA Rules together require not only covered entities but also their business associates to notify patients of the impermissible use or disclosure of their protected health information unless it is demonstrated that there is a low probability that the protected health information has been compromised. 25 In evaluating whether notification is required, covered entities and business associates should consider the following factors: (1) [t]he nature and extent of the protected health information involved (2) the unauthorized person who used the protected health information or to whom the disclosure was made; (3) whether the protected health information was actually acquired or viewed and (4) the extent to which the risk to the protected health information has been mitigated. 26 If notification is required under the rules, patients must be notified without unreasonable delay but in no case later than 60 calendar days from the discovery of the breach The notification must include a brief description of what happened, the types of patient data that was lost, steps that patients should take to protect their identity, a description of what the covered entity involved is doing to investigate the breach and protect against further harm, and contact information patients can use to learn more. 28 Applicable civil penalties are based on the organization s degree of negligence, with a maximum penalty of $1.5 million. 29 The Gramm-Leach-Bliley Act / FTC Rules Section 504 of the Gramm Leach Bliley Act (the GLB Act ) required the Federal Trade Commission ( FTC ) and other federal regulatory agencies to issue regulations implementing notice requirements and restrictions on a financial institution s ability to disclose nonpublic personal information about consumers to nonaffiliated third parties. 30 In accordance with the GLB Act, the FTC promulgated the Safeguard Rule and the Privacy Rule. The Privacy Rule requires financial institutions to give their customers a clear and conspicuous written notice describing how they collect, disclose and protect nonpublic personal information about customers. Unless certain exceptions apply, financial institutions must also give consumers notice of their right to optout in the event that those institutions share customers nonpublic personal information with non-affiliated third parties. 31 Under the Safeguard Rule, financial institutions must implement measures to keep customer information secure. 32 Specifically, institutions must develop a written information security plan that identifies and evaluates risks to customer information and design[s] and implement[s] a safeguards program, and regularly monitor[s] and test[s] it. 33 FISMA The Federal Information Security Management Act of 2002 ( FISMA ) protects the security of information maintained by U.S. federal government agencies (in the executive or legislative branches), or by contractors or other organizations acting on their behalf. Under FISMA, the National Institute of Standards and Technology ( NIST ) creates security standards and guidelines that each agency must implement. 34 In addition, FISMA establishes a central federal information security incident center to, among other things, provide timely technical assistance to operators of agency information systems, compile and analyze information about incidents that threaten information security and consult with the NIST. 35 Under FISMA, agencies are required to develop procedures for detecting, reporting and responding to security incidents Agencies must have a plan to minimize the damage when a breach occurs, 37 and to notify the federal information security incident center after an incident occurs. 38 Agencies must also develop a plan to notify law enforcement agencies, the Office of the Inspector General and other agencies that the President directs to oversee security breaches. 39 The Cybersecurity Act of 2012 and Executive Order 13,636 Although the Cybersecurity Act of 2012 ( Cybersecurity Act ) was not passed, the bill reflects the increasing public interest in establishing a nationwide cybersecurity framework. The Cybersecurity Act would have created a comprehensive security framework for entities considered to provide critical infrastructure, such as power plants and financial institutions. 40 The Cybersecurity Act also would have established the National Cybersecurity Council, which would perform risk assessments, including determining which private entities were considered critical to infrastructure, and developing a voluntary cybersecurity program for owners of such critical infrastructure. 41 To encourage participation from private owners, participating entities would have been entitled to benefits such as liability INSURANCE COVERAGE LAW REPORT. September

5 protection from any punitive damages arising from an incident related to a cybersecurity risk where the owner is in substantial compliance with the cybersecurity practices at the time of the incident. 42 In conjunction with industry groups, the Council also would have developed cybersecurity best practices. 43 In February 2013, President Obama issued Executive Order 13,636 on Improving Critical Infrastructure Cybersecurity. 44 Like the Cybersecurity Act, Executive Order 13,636 endeavors to create a publicprivate program to encourage adoption of improved cybersecurity practices. 45 The Executive Order mandates creation of incentives for owners of critical industry and other interested entities to join a Voluntary Critical Infrastructure Cybersecurity Program. 46 These incentives are not specified in the executive order, however, so it is unclear whether the new liability protection incentives will be similar to those provided for in the Cybersecurity Act. State Regulations At the state level, all but four states have passed data breach notification laws, which require private, and, in some instances, public entities 47 to report the theft or unintentional disclosure of private information, such as social security numbers and credit card numbers. 48 Although there are variations among these laws, most states require notice of a data breach to be issued promptly, either electronically or in writing, to those whose information has been compromised by the breach, and provide alternatives if the breach affects more than 500,000 people or notice would cost more than $250, Most states also require that notice be given to either the state Attorney General or credit reporting agencies if the breach involves a certain number of data records. 50 It is also common for state data breach laws to impose daily fines on any entity that fails to provide the requisite notice. 51 Significantly, state laws vary with respect to whether they create a private right of action for victims of a data breach. 52 Conclusion In an electronic age, no company is immune from cyber risk. Companies considering whether to purchase cyber liability insurance should consider that there may not be coverage under their CGL policies for the losses imposed by a data breach. In assessing the risk of a cyber attack, both insurers and insureds should consider the obligations imposed by the wide variety of federal and state regulations applicable in the event of a data breach. 1. Section V(14)(e), Commercial General Liability Coverage Form, ISO Properties, Inc. 2. Netscape Communications Corp. v. Federal Ins. Co., 2007 WL (N.D. Ca. Oct. 10, 2007), aff d in part, rev d in part, 343 Fed.Appx. 271 (9th Cir. 2009). 3. Id. at *1. 4. Id. at *5. 5. Id. at *6. The district court found that the insurer had no duty to defend because the policy had an exclusion for online activities. The Ninth Circuit affirmed the holding that the underlying claimants had alleged a personal injury offense. However, the Ninth Circuit reversed the district court based on its finding that the online activity exclusion did not preclude coverage because AOL did not use the SmartDownload software to provide internet access to third parties. 6. Complaint for Declaratory Judgment 24-26, Zurich Am. Ins. Co., et al. v. Sony Corp. of America, et al., No /2011 (Sup Ct N.Y. County July 20, 2011). 7. Sony s Memorandum of Law in Support of Motion for Partial Summary Judgment Declaring that Zurich and Mitsui Have Duty to Defend, dated May 10, 2013, ( Sony s SJ Brief ), at Id., Sony s SJ Brief at Sony s SJ Brief at Cite. 12. America Online, Inc. v. St. Paul Mercury Ins. Co., 207 F. Supp. 2d 459 (E.D. Va. 2002) aff d, 347 F.3d 89 (4th Cir. 2003). 13. Id. at Id. at Id. at Id. at 470. Although the definition of property damage was satisfied, the court found there was no coverage based on the impaired property exclusion, which excluded coverage where there is injury to a third party resulting from the incorporation of the insured s faulty product. 17. America Online, Inc. v. St. Paul Mercury Ins. Co., 347 F.3d 89, (4th Cir. 2003). 18. Id. at 98. Like the district court, the Fourth Circuit found that the impaired property exclusion barred coverage for claimants loss of use of the computers because the exclusion precluded coverage for loss of use claims made by plaintiffs whose property was not physically damaged by the insured s defective product. 19. Landmark American Ins. Co. v. Gulf Coast Analytical Labs, Inc., 2012 U.S. Dist. LEXIS (M.D. La. March 30, 2012) (finding that loss of electronic data constituted physical loss or damage because tangibility is not a defining quality of physicality ); American Guaranty & Liability Ins. Co. v. Ingram Micro, Inc., 2000 WL at *2 (D. Ariz. Apr. 18, 2000) (finding that physical damage is not restricted to the physical destruction or harm of computer circuitry but includes loss of access, loss of use, and loss of functionality. ). 20. See Press Release, U.S. Department of Health & Human Services, New Rule Protects Patient Privacy, Secures Health Information (January 17, 2013), available at September INSURANCE COVERAGE LAW REPORT

6 21. The HIPAA Privacy Rule is located at 45 CFR Part 160 and Subparts (A) and (E) of Part The HIPAA Security Rule is located at 45 CFR Part 160 and Subparts (A) and (C) of Part The HIPAA Breach Notification Interim Final Rule is located at 74 Fed. Reg It was issued in August 2009 with a request for public comment and implemented provisions of the Health Information Technology for Economic and Clinical Health Act (the HITECH Act ), which was passed as part of the American Recovery and Reinvestment Act of Id. 24. Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules, 78 Fed. Reg (Jan. 15, 2013). 25. Id. at Id C.F.R (b) C.F.R (c) Fed. Reg ; 45 C.F.R C.F.R. Part 313. The GLB Act defines financial institutions to be all institutions covered by Rule 4(k) of the Bank Holding Company Act, including anyone significantly engaged in lending or exchanging money or securities, loan brokers and servicers, debt collectors and others. See How To Comply with the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act, Federal Trade Commission, available at business.ftc.gov/documents/bus67-how-comply-privacyconsumer-financial-information-rule-gramm-leach-blileyact. 31. Id. 32. Id. 33. Id. 34. FISMA FAQs, National Institute of Standards and Technology, faqs.html U.S.C. 3546(a)(1) (2) U.S.C. 3541(b)(7) U.S.C. 3541(b)(7)(A) U.S.C. 3541(b)(7)(B) U.S.C. 3541(b)(7)(C). 40. Summary, The Revised Cybersecurity Act Of 2012 S. 3414, Senate.gov, summary-of-revised-cybersecurity-act-of-2012-s Id. 42. Id. at Id. 44. Exec. Order 13,636, available at fdsys/pkg/fr /pdf/ pdf. 45. Exec. Order 13,636 at Sec Exec. Order 13,636 at Sec. 8(d). 47. For example, New York General Business Law 899-aa applies to businesses, and New York State Technology Law 208 regulates state entities. 48. Only Alabama, Kentucky, New Mexico and South Dakota lack data breach notification laws. State Security Breach Notification Laws, The Nat l Conf. of State Legislatures (Aug. 20, 2012), issues-research/telecom/security-breach-notificationlaws.aspx. 49. See e.g., N.Y. Gen Bus. Law 899-aa 2 and 5; Cal. Civ. Code (a), (d) and (j)(1) (3); Tex. Bus. & Com. Code (h), (e) and (f); Fl. Stat. Tit. XLVI, Ch. 817, 5681(6). It should be noted that Texas s data breach notification law only requires notification of (i) victims who are Texas residents and (ii) victims who are residents of states that do not have their own data breach notification laws. Tex. Bus. & Com. Code (b-1). 50. N.Y. Gen Bus. Law 899-aa 8; Cal. Civ. Code (e); Tex. Bus. & Com. Code (h); Fl. Stat. Tit. XLVI, Ch. 817, 5681(12). 51. N.Y. Gen Bus. Law 899-aa 6; Tex. Bus. & Com. Code (a); Fl. Stat. Tit. XLVI, Ch. 817, 5681(1)(b)(1), (10)(b). 52. In New York and Texas, data breach laws do not create a private right of action, but the state Attorney General may bring suit on behalf of victims of a data breach. N.Y. Gen Bus. Law 899-aa 6(a); Tex. Bus. & Com. Code (a). In Florida, the law does not create a private right of action, but the Department of Legal Affairs is authorized to assess and collect fines. Fl. Stat. Tit. XLVI, Ch. 817, 5681(11). California law creates a private right of action for victims. Cal. Civ. Code (b). INSURANCE COVERAGE LAW REPORT. September

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

Business Associate Agreement

Business Associate Agreement This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (this Agreement ), effective as of May 1, 2014 (the Effective Date ), by and between ( Covered Entity ) and Orchard Software Corporation,

More information

Cyber Insurance and Your Data Ted Claypoole, Partner, Womble Carlyle and Jack Freund, PhD, InfoSec Mgr, TIAA-CREF

Cyber Insurance and Your Data Ted Claypoole, Partner, Womble Carlyle and Jack Freund, PhD, InfoSec Mgr, TIAA-CREF Cyber Insurance and Your Data Ted Claypoole, Partner, Womble Carlyle and Jack Freund, PhD, InfoSec Mgr, TIAA-CREF October 9, 2013 1 Cyber Insurance Why? United States Department of Commerce: Cyber Insurance

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT The parties to this ( Agreement ) are, a _New York_ corporation ( Business Associate ) and ( Client ) you, as a user of our on-line health record system (the "System"). BY

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,

More information

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S):

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S): UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S): THIS AGREEMENT is made by and between UNIVERSITY PHYSICIANS OF BROOKLYN, INC., located at 450 Clarkson Ave., Brooklyn,

More information

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This Agreement, dated as of, 2015 ("Agreement"), by and between, on its own behalf and on behalf of all entities controlling, under common control with or controlled

More information

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308)

Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT 1. The terms and conditions of this document entitled Business Associate Agreement ( Business Associate Agreement ), shall be attached to and incorporated by reference in the

More information

HIPAA PRIVACY AND SECURITY RULES BUSINESS ASSOCIATE AGREEMENT BETWEEN. Stewart C. Miller & Co., Inc. (Business Associate) AND

HIPAA PRIVACY AND SECURITY RULES BUSINESS ASSOCIATE AGREEMENT BETWEEN. Stewart C. Miller & Co., Inc. (Business Associate) AND HIPAA PRIVACY AND SECURITY RULES BUSINESS ASSOCIATE AGREEMENT BETWEEN Stewart C. Miller & Co., Inc. (Business Associate) AND City of West Lafayette Flexible Spending Plan (Covered Entity) TABLE OF CONTENTS

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University

More information

Second Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL

Second Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL Second Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL Using Insurance Coverage to Mitigate Cybersecurity Risks To Warranty and Service Contract Businesses Barry Buchman, Partner

More information

Business Associate Agreement Involving the Access to Protected Health Information

Business Associate Agreement Involving the Access to Protected Health Information School/Unit: Rowan University School of Osteopathic Medicine Vendor: Business Associate Agreement Involving the Access to Protected Health Information This Business Associate Agreement ( BAA ) is entered

More information

Data Breach Response Basic Principles Under U.S. State and Federal Law. ABA Litigation Section Core Knowledge January 2015 1

Data Breach Response Basic Principles Under U.S. State and Federal Law. ABA Litigation Section Core Knowledge January 2015 1 Data Breach Response Basic Principles Under U.S. State and Federal Law ABA Litigation Section Core Knowledge January 2015 1 I. Introduction Data breaches have become an unfortunate reality for many of

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (Hereinafter "Agreement") dated as of, 2013, is made by and between (Hereinafter Covered Entity ) and (Hereinafter Business Associate ). ARTICLE

More information

M E M O R A N D U M. Definitions

M E M O R A N D U M. Definitions M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice

More information

VERSION DATED AUGUST 2013/TEXAS AND CALIFORNIA

VERSION DATED AUGUST 2013/TEXAS AND CALIFORNIA VERSION DATED AUGUST 2013/TEXAS AND CALIFORNIA This Business Associate Addendum ("Addendum") supplements and is made a part of the service contract(s) ("Contract") by and between St. Joseph Health System

More information

BUSINESS ASSOCIATE CONTRACTUAL ADDENDUM

BUSINESS ASSOCIATE CONTRACTUAL ADDENDUM BUSINESS ASSOCIATE CONTRACTUAL ADDENDUM This HIPAA Addendum ("Addendum") is entered into effective this first day of November 1, 2015, by and between "Business Associate" AND COUNTY OF OTTAWA Ottawa County

More information

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Business Associates 10230

IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Business Associates 10230 IDAHO STATE UNIVERSITY POLICIES AND PROCEDURES (ISUPP) HIPAA Privacy - Business Associates 10230 POLICY INFORMATION Major Functional Area (MFA): MFA X - Office of General Counsel & Compliance Policy Title:

More information

BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE ADDENDUM BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) is entered into this day of 2014. Perry Memorial Hospital ( Covered Entity ) and [ABC Company] ( Business Associate ) referred

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) between Inphonite, LLC ( Business Associate and you, as our Customer ( Covered Entity ) (each individually, a Party, and collectively,

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (this Agreement ) is made effective as of the day of 2014 (the Effective Date ), by and between Sarasota County Public Hospital District,

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

SaaS. Business Associate Agreement

SaaS. Business Associate Agreement SaaS Business Associate Agreement This Business Associate Agreement ( BA Agreement ) becomes effective pursuant to the terms of Section 5 of the End User Service Agreement ( EUSA ) between Customer ( Covered

More information

Data Breach Notification Burden Grows With First State Insurance Commissioner Mandate

Data Breach Notification Burden Grows With First State Insurance Commissioner Mandate Privacy, Data Security & Information Use September 16, 2010 Data Breach Notification Burden Grows With First State Insurance Commissioner Mandate by John L. Nicholson and Meighan E. O'Reardon Effective

More information

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is entered between ("Covered Entity" or "CE") and, ("Business Associate" or "BA"), collectively the Parties, who agree as follows:

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT This is a draft business associate agreement based on the template provided by HHS. It is not intended to be used as is and you should only use the agreement after you

More information

BUSINESS ASSOCIATE AND DATA USE AGREEMENT NAME OF COVERED ENTITY: COVERED ENTITY FEIN/TAX ID: COVERED ENTITY ADDRESS:

BUSINESS ASSOCIATE AND DATA USE AGREEMENT NAME OF COVERED ENTITY: COVERED ENTITY FEIN/TAX ID: COVERED ENTITY ADDRESS: BUSINESS ASSOCIATE AND DATA USE AGREEMENT NAME OF COVERED ENTITY: COVERED ENTITY FEIN/TAX ID: COVERED ENTITY ADDRESS:, City State Zip This Business Associate and Data Use Agreement ( Agreement ) is effective

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP

More information

UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF FLORIDA WEST PALM BEACH DIVISION COMPLAINT FOR DECLARATORY JUDGMENT I.

UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF FLORIDA WEST PALM BEACH DIVISION COMPLAINT FOR DECLARATORY JUDGMENT I. UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF FLORIDA WEST PALM BEACH DIVISION JANICE LEE, ) ) Case No. Plaintiff, ) ) vs. ) ) BETHESDA HOSPITAL, INC. ) ) Defendant. ) ) COMPLAINT FOR DECLARATORY JUDGMENT

More information

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean.

BUSINESS ASSOCIATE AGREEMENT. Business Associate. Business Associate shall mean. BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement is made as of the day of, 2010, by and between Methodist Lebonheur Healthcare, on behalf of itself and all of its affiliates ( Covered Entity

More information

UNITED STATES DISTRICT COURT EASTERN DISTRICT OF MISSOURI EASTERN DIVISION

UNITED STATES DISTRICT COURT EASTERN DISTRICT OF MISSOURI EASTERN DIVISION UNITED STATES DISTRICT COURT EASTERN DISTRICT OF MISSOURI EASTERN DIVISION CINCINNATI INSURANCE COMPANY, Plaintiff, v. No. 4:01 CV 726 DDN VENETIAN TERRAZZO, INC., Defendant. DECLARATORY JUDGMENT Pursuant

More information

Tulane University. Tulane University Business Associates Agreement SCOPE OF POLICY STATEMENT OF POLICY IMPLEMENTATION OF POLICY

Tulane University. Tulane University Business Associates Agreement SCOPE OF POLICY STATEMENT OF POLICY IMPLEMENTATION OF POLICY Tulane University DEPARTMENT: General Counsel s POLICY DESCRIPTION: Business Associates Office -- HIPAA Agreement PAGE: 1 of 1 APPROVED: April 1, 2003 REVISED: November 29, 2004, December 1, 2008, October

More information

The Matrix Reloaded: Cybersecurity and Data Protection for Employers. Jodi D. Taylor

The Matrix Reloaded: Cybersecurity and Data Protection for Employers. Jodi D. Taylor The Matrix Reloaded: Cybersecurity and Data Protection for Employers Jodi D. Taylor Why Talk About This Now? Landscape is changing Enforcement by federal and state governments on the rise Legislation on

More information

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq. The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery

More information

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010 New HIPAA Breach Notification Rule: Know Your Responsibilities Loudoun Medical Group Spring 2010 Health Information Technology for Economic and Clinical Health Act (HITECH) As part of the Recovery Act,

More information

Cyber and CGL Insurance Coverage for Data Breach Claims

Cyber and CGL Insurance Coverage for Data Breach Claims Cyber and CGL Insurance Coverage for Data Breach Claims Paula Weseman Theisen, Partner Data breach overview Definition of data breach/types Data breach costs Data breach legal claims and damages Cyber-insurance

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (the AGREEMENT ) is entered into this (the "Effective Date"), between Delta Dental of Tennessee ( Covered Entity ) and ( Business Associate

More information

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection

More information

ADMINISTRATIVE REGULATION EFFECTIVE DATE: 1/1/2016

ADMINISTRATIVE REGULATION EFFECTIVE DATE: 1/1/2016 Page 1 of 9 CITY OF CHESAPEAKE, VIRGINIA NUMBER: 2.62 ADMINISTRATIVE REGULATION EFFECTIVE DATE: 1/1/2016 SUPERCEDES: N/A SUBJECT: HUMAN RESOURCES DEPARTMENT CITY OF CHESAPEAKE EMPLOYEE/RETIREE GROUP HEALTH

More information

Case 3:05-cv-01771-G Document 35 Filed 06/30/06 Page 1 of 6 PageID 288 UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF TEXAS DALLAS DIVISION

Case 3:05-cv-01771-G Document 35 Filed 06/30/06 Page 1 of 6 PageID 288 UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF TEXAS DALLAS DIVISION Case 3:05-cv-01771-G Document 35 Filed 06/30/06 Page 1 of 6 PageID 288 UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF TEXAS DALLAS DIVISION JOEL N. COHEN, VS. Plaintiff/Counter-Defendant, NCO FINANCIAL

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Agreement (the Agreement ) is made by and between Business Associate, [Name of Business Associate], and Covered Entity, The Connecticut Center for Health,

More information

FirstCarolinaCare Insurance Company Business Associate Agreement

FirstCarolinaCare Insurance Company Business Associate Agreement FirstCarolinaCare Insurance Company Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT ("Agreement"), is made and entered into as of, 20 (the "Effective Date") between FirstCarolinaCare Insurance

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Agreement is entered into as of ("Effective Date"), between ( Covered Entity ), and ( Business Associate ). RECITALS WHEREAS, Business Associate provides services on behalf

More information

BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT

BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT This BUSINESS ASSOCIATE AGREEMENT ( Agreement ) dated as of the signature below, (the Effective Date ), is entered into by and between the signing organization

More information

Terms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013

Terms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013 Terms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013 The City of Philadelphia is a Covered Entity as defined in the regulations

More information

INDEPENDENT CONTRACTOR AGREEMENT FOR HEALTH CARE PROVIDERS

INDEPENDENT CONTRACTOR AGREEMENT FOR HEALTH CARE PROVIDERS INDEPENDENT CONTRACTOR AGREEMENT FOR HEALTH CARE PROVIDERS This Independent Contractor Agreement ( Agreement ) is made this day of, 20, between Purdue University, its employees, officers, trustees, affiliates,

More information

Model Business Associate Agreement

Model Business Associate Agreement Model Business Associate Agreement Instructions: The Texas Health Services Authority (THSA) has developed a model BAA for use between providers (Covered Entities) and HIEs (Business Associates). The model

More information

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security

More information

UNITED STATES DISTRICT COURT DISTRICT OF CONNECTICUT

UNITED STATES DISTRICT COURT DISTRICT OF CONNECTICUT UNITED STATES DISTRICT COURT DISTRICT OF CONNECTICUT ATTORNEY GENERAL OF THE : STATE OF CONNECTICUT, and : STATE OF CONNECTICUT : Plaintiffs, : : v. : Civ. No. : HEALTH NET OF THE NORTHEAST, INC., : HEALTH

More information

Cyberinsurance: Insuring for Data Breach Risk

Cyberinsurance: Insuring for Data Breach Risk View the online version at http://us.practicallaw.com/2-588-8785 Cyberinsurance: Insuring for Data Breach Risk JUDY SELBY AND C. ZACHARY ROSENBERG, BAKER HOSTETLER LLP, WITH PRACTICAL LAW INTELLECTUAL

More information

Zip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July 2012. Tex Med. 2012;108(7):33-37.

Zip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July 2012. Tex Med. 2012;108(7):33-37. Zip It! Feds, State Strengthen Privacy Protection Practice Management Feature July 2012 Tex Med. 2012;108(7):33-37. By Crystal Conde Associate Editor When it comes to enforcing HIPAA data security and

More information

Whistleblower Claims: Are You Covered?

Whistleblower Claims: Are You Covered? Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Whistleblower Claims: Are You Covered? Law360, New

More information

FILED: NEW YORK COUNTY CLERK 07/20/2011 INDEX NO. 651982/2011 NYSCEF DOC. NO. 1 RECEIVED NYSCEF: 07/20/2011

FILED: NEW YORK COUNTY CLERK 07/20/2011 INDEX NO. 651982/2011 NYSCEF DOC. NO. 1 RECEIVED NYSCEF: 07/20/2011 FILED: NEW YORK COUNTY CLERK 07/20/2011 INDEX NO. 651982/2011 NYSCEF DOC. NO. 1 RECEIVED NYSCEF: 07/20/2011 SUPREME COURT OF THE STATE OF NEW YORK COUNTY OF NEW YORK ZURICH AMERICAN INSURANCE COMPANY and

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule

Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule Patricia D. King, Esq. Associate General Counsel Swedish Covenant Hospital Chicago, IL I. Business Associates under

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT IS TO BE USED ONLY AS A SAMPLE IN DEVELOPING YOUR OWN BUSINESS ASSOCIATE AGREEMENT. ANYONE USING THIS DOCUMENT AS GUIDANCE SHOULD DO SO ONLY IN CONSULT

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ), entered into and effective this day of,, is by and between ( Business Associate ) and Black, Gould & Associates, Inc.

More information

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM BETWEEN The Division of Health Care Financing and Policy Herein after referred to as the Covered Entity and (Enter Business

More information

Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable. Data Breaches Are All Too Common

Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable. Data Breaches Are All Too Common Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable Steven J. Fox (sjfox@postschell.com) Peter D. Hardy (phardy@postschell.com) Robert Brandfass (BrandfassR@wvuh.com) (Mr. Brandfass

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) by and between (hereinafter known as Covered Entity ) and Office Ally, LLC. (hereinafter known as Business Associate ), and

More information

The Institute of Professional Practice, Inc. Business Associate Agreement

The Institute of Professional Practice, Inc. Business Associate Agreement The Institute of Professional Practice, Inc. Business Associate Agreement This Business Associate Agreement ( Agreement ) effective on (the Effective Date ) is entered into by and between The Institute

More information

UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF INDIANA EVANSVILLE DIVISION ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) )

UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF INDIANA EVANSVILLE DIVISION ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) NATIONAL UNION FIRE INSURANCE COMPANY OF PITTSBURGH, PA. v. MEAD JOHNSON & COMPANY et al Doc. 324 UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF INDIANA EVANSVILLE DIVISION NATIONAL UNION FIRE INSURANCE

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) is entered into by and between (the Covered Entity ), and Iowa State Association of Counties (the Business Associate ). RECITALS

More information

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND

AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND AGREEMENT FOR ACCESS TO PROTECTED HEALTH INFORMATION BETWEEN WAKE FOREST UNIVERSITY BAPTIST MEDICAL CENTER AND THIS AGREEMENT for Access to Protected Health Information ( PHI ) ( Agreement ) is entered

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Agreement (this Agreement ) is entered into as of _September 23_, 2013, (the Effective Date ) by and between Denise T. Nguyen, DDS, PC ( Dental Practice

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BA Agreement ) is entered into by Medtep Inc., a Delaware corporation ( Business Associate ) and the covered entity ( Covered Entity

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT COLUMBIA AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is entered into as of ( Effective Date ) by and between The Trustees of Columbia University in the City of

More information

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable: PLEASE NOTE: THIS DOCUMENT IS SUBMITTED AS A SAMPLE, FOR INFORMATIONAL PURPOSES ONLY TO ABC ORGANIZATION. HIPAA SOLUTIONS LC IS NOT ENGAGED IN THE PRACTICE OF LAW IN ANY STATE, JURISDICTION, OR VENUE OF

More information

UNITED STATES DISTRICT COURT MIDDLE DISTRICT OF FLORIDA FORT MYERS DIVISION. Case No. 2:11-cv-162-FtM-36SPC ORDER

UNITED STATES DISTRICT COURT MIDDLE DISTRICT OF FLORIDA FORT MYERS DIVISION. Case No. 2:11-cv-162-FtM-36SPC ORDER GAVIN'S ACE HARDWARE, INC., UNITED STATES DISTRICT COURT MIDDLE DISTRICT OF FLORIDA FORT MYERS DIVISION Plaintiff, -vs- Case No. 2:11-cv-162-FtM-36SPC FEDERATED MUTUAL INSURANCE COMPANY, Defendant. ORDER

More information

HIPAA & HITECH Privacy and Security Concerns : Are You Covered?

HIPAA & HITECH Privacy and Security Concerns : Are You Covered? HIPAA & HITECH Privacy and Security Concerns : Are You Covered? Insurance Accounting and Systems Association Chicagoland Chapter Conference April 17, 2014 Colin Gainer & Tim Lessman SmithAmundsen, LLC

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Agreement (this "Agreement") is made as of, 201_ (the Effective Date ), and is entered into between ( Covered Entity ) and Delta Business System, Inc.

More information

BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM RECITALS

BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM RECITALS BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM This Business Associate Addendum ( Addendum ), effective, 20 ( Effective Date ), is entered into by and between University of Southern California, ( University

More information

OFFICE OF CONTRACT ADMINISTRATION 60400 PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA)

OFFICE OF CONTRACT ADMINISTRATION 60400 PURCHASING DIVISION. Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA) Appendix A HEALTHCARE INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPPA) BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) supplements and is made a part of the contract ( Contract

More information

Health Partners HIPAA Business Associate Agreement

Health Partners HIPAA Business Associate Agreement Health Partners HIPAA Business Associate Agreement This HIPAA Business Associate Agreement ( Agreement ) by and between Health Partners of Philadelphia, Inc., the Covered Entity (herein referred to as

More information

KRS Chapter 61. Personal Information Security and Breach Investigations

KRS Chapter 61. Personal Information Security and Breach Investigations KRS Chapter 61 Personal Information Security and Breach Investigations.931 Definitions for KRS 61.931 to 61.934. (Effective January 1, 2015).932 Personal information security and breach investigation procedures

More information

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS Shipman & Goodwin LLP HIPAA Alert March 2009 STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS The economic stimulus package, officially named the American Recovery and Reinvestment Act of 2009

More information

HIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act

HIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act International Life Sciences Arbitration Health Industry Alert If you have questions or would like additional information on the material covered in this Alert, please contact the author: Brad M. Rostolsky

More information

IN THE UNITED STATES COURT OF APPEALS FOR THE ELEVENTH CIRCUIT. No. 05-14678. D. C. Docket No. 04-02317-CV-2-IPJ. versus

IN THE UNITED STATES COURT OF APPEALS FOR THE ELEVENTH CIRCUIT. No. 05-14678. D. C. Docket No. 04-02317-CV-2-IPJ. versus [PUBLISH] DENNIS HARDY, HENRIETTA HARDY, IN THE UNITED STATES COURT OF APPEALS FOR THE ELEVENTH CIRCUIT No. 05-14678 D. C. Docket No. 04-02317-CV-2-IPJ FILED U.S. COURT OF APPEALS ELEVENTH CIRCUIT MAY

More information

CATHOLIC SOCIAL SERVICES BUSINESS ASSOCIATE AGREEMENT

CATHOLIC SOCIAL SERVICES BUSINESS ASSOCIATE AGREEMENT CATHOLIC SOCIAL SERVICES BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (Agreement) is made this day of, 20, between the Catholic Social Services ( CSS ), whose business address is 3710

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT 1. DEFINITIONS: 1.1 Undefined Terms: Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms defined by the Health Insurance Portability

More information

Please print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations &

Please print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations & Please print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations & Solutions. Office: 866-452-5017, Fax: 615-379-2541, evantreese@covermymeds.com

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ), is made effective as of the sign up date on the login information page of the CarePICS.com website, by and between CarePICS,

More information

Definitions. Catch-all definition:

Definitions. Catch-all definition: BUSINESS ASSOCIATE AGREEMENT THESE PROVISIONS MAY STAND ALONE AS A BUSINESS ASSOCIATE AGREEMENT, OR MAY BE INCORPORATED INTO A LARGER, MORE COMPREHENSIVE CONTRACT WITH THE BUSINESS ASSOCIATE TO COVER OTHER

More information

New Privacy Laws Impacting the Health Care Work Place

New Privacy Laws Impacting the Health Care Work Place New Privacy Laws Impacting the Health Care Work Place Presented by Thomas E. Jeffry, Jr., Esq. Arent Fox LLP Washington, DC New York, NY Los Angeles, CA November 12 & 19, 2009 Overview 1. Overview of California

More information

Case: 2:07-cv-00039-JCH Doc. #: 20 Filed: 10/03/07 Page: 1 of 6 PageID #: <pageid>

Case: 2:07-cv-00039-JCH Doc. #: 20 Filed: 10/03/07 Page: 1 of 6 PageID #: <pageid> Case: 2:07-cv-00039-JCH Doc. #: 20 Filed: 10/03/07 Page: 1 of 6 PageID #: UNITED STATES DISTRICT COURT EASTERN DISTRICT OF MISSOURI NORTHERN DIVISION MARY DOWELL, Plaintiff, vs. Case No. 2:07-CV-39

More information

Business Associate and Data Use Agreement

Business Associate and Data Use Agreement Business Associate and Data Use Agreement This Business Associate and Data Use Agreement (the Agreement ) is entered into by and between ( Covered Entity ) and HealtHIE Nevada ( Business Associate ). W

More information

BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc.

BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. THIS BUSINESS ASSOCIATE AGREEMENT (BAA) is entered into by and between First Choice Community Healthcare, with a principal place of

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT is made and entered into as of the day of, 2013 ( Effective Date ), by and between [Physician Practice] on behalf of itself and each of its

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the BAA ) is made and entered into as of the day of, 20, by and between Delta Dental of California (the Covered Entity ) and (the Business

More information

Insurance Coverage for Cyber Attacks

Insurance Coverage for Cyber Attacks May 2013 The text of this article first appeared in the May 2013 issue of The Insurance Coverage Law Bulletin, Vol. 12, No. 4 Insurance Coverage for Cyber Attacks Part One of a Two-Part Article By Roberta

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( Agreement ) is entered into as of the day of, 2013 by and between RUTGERS UNIVERSITY, a Hybrid Entity, on behalf and for the

More information

IN THE UNITED STATES DISTRICT COURT FOR THE SOUTHERN DISTRICT OF WEST VIRGINIA PARKERSBURG DIVISION. v. CIVIL ACTION NO. 6:02-0911

IN THE UNITED STATES DISTRICT COURT FOR THE SOUTHERN DISTRICT OF WEST VIRGINIA PARKERSBURG DIVISION. v. CIVIL ACTION NO. 6:02-0911 IN THE UNITED STATES DISTRICT COURT FOR THE SOUTHERN DISTRICT OF WEST VIRGINIA PARKERSBURG DIVISION BRIAN K. MARKS and JENNIFER D. MARKS, as individuals and on behalf of all others similarly situated,

More information

CYBER SECURITY A L E G A L P E R S P E C T I V E

CYBER SECURITY A L E G A L P E R S P E C T I V E A L E G A L P E R S P E C T I V E T H O M A S G. S C H R O E T E R A S S O C I A T E G E N E R A L C O U N S E L P O R T O F H O U S T O N A U T H O R I T Y DISCLAIMER! This presentation: does not include

More information

Why Buy Cyber and Privacy Liability When You Have a Perfectly Good Commercial General Liability Program?

Why Buy Cyber and Privacy Liability When You Have a Perfectly Good Commercial General Liability Program? Why Buy Cyber and Privacy Liability When You Have a Perfectly Good Commercial General Liability Program? July 2014 Lockton Companies Cyber and Privacy Liability insurance programs have grown in popularity

More information

Sample Business Associate Agreement (4. Other Bus. Assoc., Version 6-06-05)

Sample Business Associate Agreement (4. Other Bus. Assoc., Version 6-06-05) Sample Business Associate Agreement (4. Other Bus. Assoc., Version 6-06-05) This Business Associate Agreement (the Agreement ) is entered into as of, 20, (the Effective Date ) by and between, (the Covered

More information