Clients Legal Needs in HIPAA Security Compliance

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Clients Legal Needs in HIPAA Security Compliance"

Transcription

1 Clients Legal Needs in HIPAA Security Compliance Robyn A. Meinhardt, JD, RN FOLEY & LARDNER LLP 2004 Preserving Attorney-Client Privilege and Work Product Protections 1

2 Relevance to Security Compliance Audits and Internal Investigations To encourage parties to seek legal advice freely and to communicate candidly with an attorney during consultations about specific matters without fear that confidential information will be disclosed. Elements Necessary for Protection Privilege protects confidential communications between a client and attorney for the purposes of securing legal advice. Communications must be with either an attorney acting in a legal capacity or with the attorney s subordinate or agent. 2

3 Elements, con t Communications must be made to secure legal advice. Matters discussed with employees relate only to the scope of their duties. Communications are ordered to be kept confidential by employees. Documents are marked as privileged and attorney work product (as appropriate) and segregated from regular business materials. Potential Limitation on Attorney- Client Privilege While the privilege protects communications between the attorney and a client, information contained in the communication to an attorney may not be privileged. 3

4 Legal Advice vs. Business Advice The primary purpose of the consultation must be to obtain legal advice. If using in-house counsel, must clearly show advice was given in a professional legal capacity. If documentation is used by both legal and nonlegal personnel, a court may conclude that the primary purpose was not to secure legal advice. The Attorney Work Product Privilege? Protects documents prepared in anticipation of litigation by a party or the party s representative. In anticipation of litigation is broadly interpreted, and can include potential government investigations. Protects the mental impressions, conclusions, or opinions of the attorney contained in any document. 4

5 Attorney Work Product Privilege, con t May protect documents and communications other than those between an attorney and a client. Only extends to documentation prepared in anticipation of or during litigation. Compliance Investigations / Audits under Attorney-Client Privilege Performing audits in participation with and under engagement of legal counsel is a viable method for identifying risks while protecting the confidentiality of that information. 5

6 Legal Counsel s Responsibilities Related to Procuring Agents Engage vendor through verbal communications, and confirm engagement with a formal engagement letter that defines the vendor s scope of work, reporting responsibilities to legal counsel, and method of payment. Approve the work plan/audit program developed for the investigation. Direct the vendor regarding communication protocols and report distribution. Legal Counsel s Responsibilities, con t Review vendor s audit work papers as deemed appropriate. Review and approve vendor s audit reports. Distribute or approve distribution of audit reports to appropriate parties. 6

7 Important Notes: There are no absolute guarantees that communications and documentation will be fully protected from disclosure. Legal counsel represents the client, not the client s employees. Therefore, the privilege only extends to the client, and not their employees. More Important Notes: If the client chooses to waive its privilege, information provided by employees may be disclosed. Employees must be informed of this prior to interview. 7

8 Additional sources of Security Obligations Comprehensive computer security requirements are currently mandated by statute or regulation in three industries: Financial services (G-L-B) Health care (HIPAA security regulations) Activities under jurisdiction of the Food and Drug Administration (21 C.F.R. Part 11) Legal Sources of Security Obligations FOLEY & LARDNER LLP

9 Sources of Security Obligations: FTC FTC: Pursuing enforcement actions against companies that promise privacy but fail to deliver due to infrastructure vulnerabilities (FTC asserts this is an unfair or deceptive trade practice ). FTC also enforces COPPA (Children s Online Privacy Protection Act Includes a requirement for reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children. Sarbanes-Oxley Act Publicly Traded Companies (for now) The Act requires the SEC to prescribe rules requiring annual reports to contain an internal control report. Imposes management responsibility for establishing, maintaining and assessing the effectiveness of an adequate internal control structure. CEO and CFO certifications of material information are to address the effectiveness of internal controls for ensuring information accuracy. 9

10 Sarbanes-Oxley Act The Act s internal controls mandate will: Require assessment of the company s information systems and associated business processes for security Make a secure information infrastructure necessary, in order to provide accurate financial reporting California s Database Protection Act Also known as SB 1386; Civil Code etc. seq. Applies to any person or business doing business in California. Requires notification to data subjects who are California residents, whenever their name plus either: Social Security Number; Driver s license or California ID card number; or Financial account, credit or debit card number and any related PIN has been accessed without authorization (unless that information was encrypted). 10

11 Fiduciary Duties of Corporate Directors Recent Corporate Law Developments regarding Fiduciary Obligations three examples of this growing field of law Pereira v. Cogan, 2003: Federal district court decision focused on breach of the fiduciary duties of the directors of a private company. Holding: Directors who purposefully remain ignorant of issues, without regard to their fiduciary obligations, will be held liable. Fiduciary Duties of Corporate Directors In re The Walt Disney Co. Derivative Litigation (May, 2003: Delaware Chancery Court decision regarding executive compensation). Shareholders allegation was that directors nonparticipation in selection and compensation of president resulted in $138 million loss. The court determined that if this allegation was true, the directors would not have acted in good faith, and so would not be protected by the business judgment rule i.e., would be personally liable. 11

12 Worldcom Bankruptcy WorldCom bankruptcy case: bankruptcy examiner s Thornburgh Report of 2003: Discusses lapses in fiduciary judgment with respect to financial affairs, strategic planning and oversight of senior management; and Comments on the unwillingness of WorldCom counsel (inside and outside) to advise the Board about its fiduciary obligations related to corporate decision-making. International Sources of Security Obligations Council of Europe s Draft Convention on Cybercrime (2001). Article 12: Corporate liability for lack of supervision or control of its agents. European Union s Data Privacy Directive: Controls processing of personal information Each EU country enacts implementing legislation. (ABA s International Guide to Combating Cybercrime: 12

13 Computer Fraud and Abuse Act 1. Computer Fraud and Abuse Act of 1986 (as amended) 18 U.S.C. Section 1030: criminalizes acts against protected computers - those used in government, financial services, or in interstate or foreign commerce. Crimes defined include intentionally accessing a computer without authorization or in excess of authorized access. Electronic Communications Privacy Act 2. Electronic Communications Privacy Act of 1986, 18 U.S.C. Sections : Addresses allowance of and limits on network monitoring Amended by the 2002 Homeland Security Act (Pub. L. No ): Included the Cyber Security Enhancement Act which expanded cybercrime definitions and penalties. 13

14 PATRIOT Act 3. US PATRIOT Act of 2001 (Pub. L. No ): Addressed communications tracing and interception; Protected disclosures to law enforcement; Expanded search warrants; Enhanced cybercrime/cyberterrorism penalties; And more. Trade Secret Offenses 5. Economic Espionage Act of 1996, 18 U.S.C. Sections : Describes a number of crimes that fall under the theft of trade secrets and economic espionage headings. May apply to conduct outside the U.S. Penalties include forfeiture of property. 14

15 Other Federal Criminal Statutes related to Computer Crime 18 U.S.C. Section 1029 (Fraud and Related Activity in Connection with Access Devices) 18 U.S.C. Section 1362 (Communication Lines, Stations or Systems) US Child Pornography Prevention Act of 1996 PROTECT Act 18 U.S.C

CYBER SECURITY A L E G A L P E R S P E C T I V E

CYBER SECURITY A L E G A L P E R S P E C T I V E A L E G A L P E R S P E C T I V E T H O M A S G. S C H R O E T E R A S S O C I A T E G E N E R A L C O U N S E L P O R T O F H O U S T O N A U T H O R I T Y DISCLAIMER! This presentation: does not include

More information

Cybersecurity y Managing g the Risks

Cybersecurity y Managing g the Risks Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking

More information

Privacy Law Basics and Best Practices

Privacy Law Basics and Best Practices Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?

More information

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce Heiman K&L Gates September 10, 2015 Bruce.Heiman@klgates.com (202) 661-3935 Why share information? Prevention

More information

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the

More information

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com

More information

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations

More information

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) May 15, 2009 LLP US Information Security Framework Historically industry-specific HIPAA Fair Credit Reporting

More information

As Amended by Senate Committee SENATE BILL No. 408

As Amended by Senate Committee SENATE BILL No. 408 Session of As Amended by Senate Committee SENATE BILL No. 0 By Committee on Corrections and Juvenile Justice - 0 AN ACT concerning abuse, neglect and exploitation of persons; relating to reporting and

More information

Data Breach Reporting: Summary of Governing Bodies with Reporting Requirements in the United States

Data Breach Reporting: Summary of Governing Bodies with Reporting Requirements in the United States Data Breach Reporting: Summary of Governing Bodies with Reporting Requirements in the United States Introduction When it comes to Personally Identifiable Information (PII), privacy laws and regulations

More information

Privacy Legislation and Industry Security Standards

Privacy Legislation and Industry Security Standards Privacy Legislation and Issue No. 3 01010101 01010101 01010101 Information is generated about and collected from individuals at an unprecedented rate in the ordinary course of business. In most cases,

More information

Information Security Law: Control of Digital Assets.

Information Security Law: Control of Digital Assets. Brochure More information from http://www.researchandmarkets.com/reports/2128523/ Information Security Law: Control of Digital Assets. Description: For most organizations, an effective information security

More information

Alert. Client PROSKAUER ROSE

Alert. Client PROSKAUER ROSE PROSKAUER ROSE Client Alert SEC Adopts Rules to Require Attorneys to Report Violations "Up the Ladder" and Proposes to Require "Noisy Withdrawals" by Attorneys or Disclosure by Public Companies, if Responses

More information

FEDERAL LAWS RELATING TO FRAUD, WASTE AND ABUSE

FEDERAL LAWS RELATING TO FRAUD, WASTE AND ABUSE FEDERAL LAWS RELATING TO FRAUD, WASTE AND ABUSE FEDERAL CIVIL FALSE CLAIMS ACT The federal civil False Claims Act, 31 U.S.C. 3729, et seq., ( FCA ) was originally enacted in 1863 to combat fraud perpetrated

More information

REPORTING REQUIREMENTS

REPORTING REQUIREMENTS REPORTING REQUIREMENTS REPORTING REQUIREMENTS Consistent with state law, you must report known or suspected abuse, neglect, and/or exploitation of children and certain adults. Different rules apply to

More information

Navigating the New MA Data Security Regulations

Navigating the New MA Data Security Regulations Navigating the New MA Data Security Regulations Robert A. Fisher, Esq. 2009 Foley Hoag LLP. All Rights Reserved. Presentation Title Data Security Law Chapter 93H Enacted after the TJX data breach became

More information

Identity Theft Regulation. *Christine Stagnetto-Sarmiento, Oglala Lakota College, USA. *Corresponding Author, 490 Piya Wiconi Road-Kyle, South Dakota

Identity Theft Regulation. *Christine Stagnetto-Sarmiento, Oglala Lakota College, USA. *Corresponding Author, 490 Piya Wiconi Road-Kyle, South Dakota 1 Identity Theft Regulation *Christine Stagnetto-Sarmiento, Oglala Lakota College, USA *Corresponding Author, 490 Piya Wiconi Road-Kyle, South Dakota (605) 455-6110 csarmiento@olc.edu Introduction This

More information

Data Privacy and Cybersecurity Task Force

Data Privacy and Cybersecurity Task Force Data Privacy and Cybersecurity Task Force key contact Josephine Cicchetti Shareholder T: 202.965.8162 F: 202.965.8104 email We provide clients across industries with comprehensive counsel on complex, evolving,

More information

Compliance White Paper September 1, 2005 Steven Richardson Compliance and Computer Forensics

Compliance White Paper September 1, 2005 Steven Richardson  Compliance and Computer Forensics Compliance White Paper September 1, 2005 Steven Richardson srichardson@techpathways.com www.techpathways.com Compliance and Computer Forensics Information security compliance requires the precise enforcement

More information

Client Advisory October 2009. Data Security Law MGL Chapter 93H and 201 CMR 17.00

Client Advisory October 2009. Data Security Law MGL Chapter 93H and 201 CMR 17.00 Client Advisory October 2009 Data Security Law MGL Chapter 93H and 201 CMR 17.00 For a discussion of these and other issues, please visit the update on our website at /law. To receive mailings via email,

More information

Handling Disagreement with Superiors Decisions and Whistleblowing

Handling Disagreement with Superiors Decisions and Whistleblowing Handling Disagreement with Superiors Decisions and Whistleblowing The mandate of the Office of Inspector General (OIG) is to root out fraud, waste, and abuse, as well as promote the economy and efficiency

More information

The Legal Pitfalls of Failing to Develop Secure Cloud Services

The Legal Pitfalls of Failing to Develop Secure Cloud Services SESSION ID: CSV-R03 The Legal Pitfalls of Failing to Develop Secure Cloud Services Cristin Goodwin Senior Attorney, Trustworthy Computing & Regulatory Affairs Microsoft Corporation Edward McNicholas Global

More information

FEDERAL IDENTITY THEFT TASK FORCE. On May 10, 2006, the President signed an Executive Order establishing an Identity Theft

FEDERAL IDENTITY THEFT TASK FORCE. On May 10, 2006, the President signed an Executive Order establishing an Identity Theft FEDERAL IDENTITY THEFT TASK FORCE Attorney General Alberto Gonzales Federal Trade Commission Chairman Deborah Platt Majoras On May 10, 2006, the President signed an Executive Order establishing an Identity

More information

Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014

Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A.

More information

HIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act

HIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act International Life Sciences Arbitration Health Industry Alert If you have questions or would like additional information on the material covered in this Alert, please contact the author: Brad M. Rostolsky

More information

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015 Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas

More information

Introduction to Data Privacy & ediscovery Intersection of Data Privacy & ediscovery

Introduction to Data Privacy & ediscovery Intersection of Data Privacy & ediscovery Today s Topics Introduction to Data Privacy & ediscovery General Overview Data Privacy in the United States Data Privacy in Foreign Countries Intersection of Data Privacy & ediscovery Preservation of Data

More information

DELAWARE GOVERNANCE PRINCIPLES Steptoe & Johnson LLP (Overview) David Roll Richards, Layton & Finger, P.A. Samuel A. Nolen

DELAWARE GOVERNANCE PRINCIPLES Steptoe & Johnson LLP (Overview) David Roll Richards, Layton & Finger, P.A. Samuel A. Nolen Last Updated: June 2013 DELAWARE GOVERNANCE PRINCIPLES Steptoe & Johnson LLP (Overview) David Roll Richards, Layton & Finger, P.A. Samuel A. Nolen Table of Contents 1. The Sarbanes-Oxley Good Governance

More information

ASSEMBLY BILL No. 597

ASSEMBLY BILL No. 597 california legislature 2015 16 regular session ASSEMBLY BILL No. 597 Introduced by Assembly Member Cooley February 24, 2015 An act to amend Sections 36 and 877 of, and to add Chapter 6 (commencing with

More information

Policies and Procedures SECTION:

Policies and Procedures SECTION: PAGE 1 OF 5 I. PURPOSE The purpose of this Policy is to fulfill the requirements of Section 6032 of the Deficit Reduction Act of 2005 by providing to Creighton University employees and employees of contractors

More information

SCAN Health Plan Policy and Procedure Number: CRP-0067, False Claims Act & Deficit Reduction Act 2005

SCAN Health Plan Policy and Procedure Number: CRP-0067, False Claims Act & Deficit Reduction Act 2005 Health Plan Policy and Procedure Number: CRP-0067, False Claims Act & Deficit Reduction Act 2005 Approver Approval Stage Date Chris Zorn Approval Event (Authoring) 12/09/2013 Nancy Monk Approval Event

More information

UNITED STATES DISTRICT COURT DISTRICT OF CONNECTICUT

UNITED STATES DISTRICT COURT DISTRICT OF CONNECTICUT UNITED STATES DISTRICT COURT DISTRICT OF CONNECTICUT ATTORNEY GENERAL OF THE : STATE OF CONNECTICUT, and : STATE OF CONNECTICUT : Plaintiffs, : : v. : Civ. No. : HEALTH NET OF THE NORTHEAST, INC., : HEALTH

More information

HIPAA PRIVACY NOTICE PLEASE REVIEW IT CAREFULLY

HIPAA PRIVACY NOTICE PLEASE REVIEW IT CAREFULLY HIPAA PRIVACY NOTICE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN OBTAIN ACCESS TO THIS INFORMATION. INTRODUCTION PLEASE REVIEW IT CAREFULLY Moriarty

More information

Signed into law on February 17, 2009, the Stimulus Package known

Signed into law on February 17, 2009, the Stimulus Package known Stimulus Package Expands HIPAA Privacy and Security and Adds Federal Data Breach Notification Law Marcy Wilder, Donna A. Boswell, and BarBara Bennett The authors discuss provisions of the Stimulus Package

More information

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats

More information

REFERENCE TITLE: accountancy board; certified public accountants HB 2218. Introduced by Representative Thorpe AN ACT

REFERENCE TITLE: accountancy board; certified public accountants HB 2218. Introduced by Representative Thorpe AN ACT REFERENCE TITLE: accountancy board; certified public accountants State of Arizona House of Representatives Fifty-second Legislature First Regular Session HB Introduced by Representative Thorpe AN ACT AMENDING

More information

Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues

Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues Todd Bertoson Daniel Gibb Erin Sheppard Principal Senior Managing Associate Counsel todd.bertoson@dentons.com

More information

Subtitle B Increasing Regulatory Enforcement and Remedies

Subtitle B Increasing Regulatory Enforcement and Remedies H. R. 4173 466 activities and evaluates the effectiveness of the Ombudsman during the preceding year. The Investor Advocate shall include the reports required under this section in the reports required

More information

Credit Reports and the Fair Credit Reporting Act. The Credit Bureaus

Credit Reports and the Fair Credit Reporting Act. The Credit Bureaus Credit Reports and the Consumer Law Eric E. Johnson eejlaw.com Konomark Most rights sharable. The Credit Bureaus 1 State law causes of action against credit bureaus Defamation Invasion of privacy State

More information

Standards of. Conduct. Important Phone Number for Reporting Violations

Standards of. Conduct. Important Phone Number for Reporting Violations Standards of Conduct It is the policy of Security Health Plan that all its business be conducted honestly, ethically, and with integrity. Security Health Plan s relationships with members, hospitals, clinics,

More information

ASSEMBLY BILL No. 597

ASSEMBLY BILL No. 597 AMENDED IN ASSEMBLY APRIL 14, 2015 california legislature 2015 16 regular session ASSEMBLY BILL No. 597 Introduced by Assembly Member Cooley February 24, 2015 An act to amend Sections 36 and 877 of, and

More information

SETTLEMENT AGREEMENT. This Settlement Agreement ( Agreement ) is entered into among the United

SETTLEMENT AGREEMENT. This Settlement Agreement ( Agreement ) is entered into among the United SETTLEMENT AGREEMENT This Settlement Agreement ( Agreement ) is entered into among the United States of America, acting through the United States Department of Justice and on behalf of the Department of

More information

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS Shipman & Goodwin LLP HIPAA Alert March 2009 STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS The economic stimulus package, officially named the American Recovery and Reinvestment Act of 2009

More information

Wheaton College Audit Committee Red Flag Identity Theft Prevention Program Meeting of February 20, 2009

Wheaton College Audit Committee Red Flag Identity Theft Prevention Program Meeting of February 20, 2009 Wheaton College Audit Committee Red Flag Identity Theft Prevention Program Meeting of February 20, 2009 Late last year, the Federal Trade Commission (FTC) and Federal banking agencies issued a regulation

More information

ORVANA MINERALS CORP. CODE OF BUSINESS CONDUCT AND ETHICS ADOPTED BY THE BOARD OF DIRECTORS. October 2, 2013

ORVANA MINERALS CORP. CODE OF BUSINESS CONDUCT AND ETHICS ADOPTED BY THE BOARD OF DIRECTORS. October 2, 2013 ORVANA MINERALS CORP CODE OF BUSINESS CONDUCT AND ETHICS ADOPTED BY THE BOARD OF DIRECTORS October 2, 2013 -2- CODE OF BUSINESS CONDUCT AND ETHICS Orvana Minerals Corp is a publicly-traded Canadian company

More information

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Katherine M. Layman Cozen O Connor 1900 Market Street Philadelphia, PA 19103 (215) 665-2746

More information

CODE OF ETHICS AND BUSINESS CONDUCT

CODE OF ETHICS AND BUSINESS CONDUCT CODE OF ETHICS AND BUSINESS CONDUCT Date of Issue: 22 January 2015 Version number: 2 LUXFER HOLDINGS PLC Code of Ethics and Business Conduct Luxfer Holdings PLC is committed to conducting its business

More information

June 10, 2010. 2010 Legislative Amendments to the Indiana Code Relating to First Lien Mortgage Act (the Act )

June 10, 2010. 2010 Legislative Amendments to the Indiana Code Relating to First Lien Mortgage Act (the Act ) June 10, 2010 2010 Legislative Amendments to the Indiana Code Relating to First Lien Mortgage Act (the Act ) Effective July 1, 2010 (except as otherwise indicated) Questions, Answers, and Administrative

More information

Commodity Futures Trading Commission Commodity Whistleblower Incentives and Protection

Commodity Futures Trading Commission Commodity Whistleblower Incentives and Protection Commodity Futures Trading Commission Commodity Whistleblower Incentives and Protection (7 U.S.C. 26) i 26. Commodity whistleblower incentives and protection (a) Definitions. In this section: (1) Covered

More information

Adverse Action Guide for Employers

Adverse Action Guide for Employers The right employment screening partner This information presented here is not legal advice and is presented for general education purposes ONLY. BackTrack recommends that you consult with legal counsel

More information

Note to Users: Page 1 of 5

Note to Users: Page 1 of 5 Note to Users: The subsequent pages contain a Sample Business Associate Agreement that may be used by healthcare facilities. Be advised that this is strictly a sample and any formal Business Associate

More information

Mastering Data Privacy, Social Media, & Cyber Law

Mastering Data Privacy, Social Media, & Cyber Law Mastering Data Privacy, Social Media, & Cyber Law October 22, 2014 Data Breach Notification and Cybersecurity Developments in 2014 Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy

More information

Compliance with False Claims Act

Compliance with False Claims Act MH Policy and Procedure Document Number: MH-COMPLY-001 Document Owner: Corporate Compliance Officer Date Last Author: Corporate Compliance Officer General Description Purpose: To establish written guidelines

More information

GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 2007 S 1 SENATE BILL 1198

GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 2007 S 1 SENATE BILL 1198 GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 0 S SENATE BILL Short Title: Regulate Debt Settlement. Sponsors: Senators Clodfelter; and Berger of Rockingham. Referred to: Commerce, Small Business and Entrepreneurship.

More information

Data Security and Breach in Outsourcing Agreements

Data Security and Breach in Outsourcing Agreements Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel Digital, Technology, ecommerce & Privacy Practice Group November 19, 2015 Akiba Stern Partner,

More information

Michie's Legal Resources. This part shall be known and may be cited as the Tennessee Identity Theft Deterrence Act of 1999. [Acts 1999, ch. 201, 2.

Michie's Legal Resources. This part shall be known and may be cited as the Tennessee Identity Theft Deterrence Act of 1999. [Acts 1999, ch. 201, 2. http://www.michie.com/tennessee/lpext.dll/tncode/12ebe/13cdb/1402c/1402e?f=templates&... Page 1 of 1 47-18-2101. Short title. This part shall be known and may be cited as the Tennessee Identity Theft Deterrence

More information

Fair Credit Reporting Act Compliance Guide

Fair Credit Reporting Act Compliance Guide Fair Credit Reporting Act Compliance Guide FAIR CREDIT REPORTING ACT TABLE OF CONTENTS Page I. INTRODUCTION...1 A. Increased Applicant and Employee Rights...1 B. What is a "Consumer Report?"...1 C. What

More information

Securities Whistleblower Incentives and Protection

Securities Whistleblower Incentives and Protection Securities Whistleblower Incentives and Protection 15 USC 78u-6 (As added by P.L. 111-203.) 15 USC 78u-6 78u-6. Securities whistleblower incentives and protection (a) Definitions. In this section the following

More information

Standards of Professional Conduct for Lawyers Under the Sarbanes-Oxley Act

Standards of Professional Conduct for Lawyers Under the Sarbanes-Oxley Act Standards of Professional Conduct for Lawyers Under the Sarbanes-Oxley Act Topics to be Covered What Section 307 of the Sarbanes-Oxley Act of 2002 and the implementing SEC rules in Part 205 require. A

More information

BUSINESS ASSOCIATE AGREEMENT ( BAA )

BUSINESS ASSOCIATE AGREEMENT ( BAA ) BUSINESS ASSOCIATE AGREEMENT ( BAA ) Pursuant to the terms and conditions specified in Exhibit B of the Agreement (as defined in Section 1.1 below) between EMC (as defined in the Agreement) and Subcontractor

More information

The need for companies to have a predetermined plan in place in the

The need for companies to have a predetermined plan in place in the Companies Must Prepare for Data Theft TIMOTHY J. CARROLL, BRUCE A. RADKE, AND MICHAEL J. WATERS The authors discuss steps that companies can take to mitigate the risks of, or damages caused by, a security

More information

CHAMPAIGN COUNTY NURSING HOME SUMMARY OF ANTI-FRAUD AND ABUSE POLICIES

CHAMPAIGN COUNTY NURSING HOME SUMMARY OF ANTI-FRAUD AND ABUSE POLICIES 1. PURPOSE CHAMPAIGN COUNTY NURSING HOME SUMMARY OF ANTI-FRAUD AND ABUSE POLICIES Champaign County Nursing Home ( CCNH ) has established anti-fraud and abuse policies to prevent fraud, waste, and abuse

More information

Designation of employee(s) in charge of the program; Identifying and assessing risks/threats and evaluating and improving

Designation of employee(s) in charge of the program; Identifying and assessing risks/threats and evaluating and improving PRIVACY & DATA SECURITY LAW JOURNAL MASSACHUSETTS On September 22, 2008, Massachusetts adopted regulations that will require businesses, wherever located, that own, license, store, or maintain information

More information

Policies and Procedures: WVUPC Policy Pursuant to the Requirements of the Deficit Reduction Act of 2005

Policies and Procedures: WVUPC Policy Pursuant to the Requirements of the Deficit Reduction Act of 2005 POLICY/PROCEDURE NO.: B-17 Effective date: Jan. 1, 2007 Date(s) of review/revision: Nov. 1, 2015 Policies and Procedures: WVUPC Policy Pursuant to the Requirements of the Deficit Reduction Act of 2005

More information

UPDATED. OIG Guidelines for Evaluating State False Claims Acts

UPDATED. OIG Guidelines for Evaluating State False Claims Acts UPDATED OIG Guidelines for Evaluating State False Claims Acts Note: These guidelines are effective March 15, 2013, and replace the guidelines effective on August 21, 2006, found at 71 FR 48552. UPDATED

More information

Guylyn Cummins, Esq. Elizabeth Balfour, Esq.

Guylyn Cummins, Esq. Elizabeth Balfour, Esq. Privacy Law Perils in California, the Nation and Beyond: Securing Data, Responding to Theft of Data and Other Business Assets, Assessing Your Company s Privacy Policy, Evaluating Risks Presented by Your

More information

Metropolitan Jewish Health System and its Participating Agencies and Programs [MJHS]

Metropolitan Jewish Health System and its Participating Agencies and Programs [MJHS] Metropolitan Jewish Health System and its Participating Agencies and Programs [MJHS] POLICY PURSUANT TO THE FEDERAL DEFICIT REDUCTION ACT OF 2005: Detection and Prevention of Fraud, Waste, and Abuse and

More information

INDEPENDENT CONTRACTOR AGREEMENT

INDEPENDENT CONTRACTOR AGREEMENT INDEPENDENT CONTRACTOR AGREEMENT This Independent Contractor Agreement ( Agreement ) is entered between Nordstrom, Inc. ( Nordstrom ), with a business address at 1700 Seventh Avenue, Suite 1000, Seattle,

More information

Preparing For and Responding to Government Investigations. Presented by Jeffrey Coopersmith

Preparing For and Responding to Government Investigations. Presented by Jeffrey Coopersmith Preparing For and Responding to Government Investigations Presented by Jeffrey Coopersmith Substantive Areas of Government Inquiry Areas Where the Gov t Routinely Conducts Investigations: Securities Fraud

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This Notice of

More information

Data Privacy & Security in the Cloud: Legal Basics and New Developments

Data Privacy & Security in the Cloud: Legal Basics and New Developments Data Privacy & Security in the Cloud: Legal Basics and New Developments Lawrence R. Freedman Partner, Edwards Wildman Palmer LLP lfreedman@edwardswildman.com (202) 939-7923 1 The Basics Two basic data

More information

Cyber Security: Emerging Risks and Trends (and what you can do about it)

Cyber Security: Emerging Risks and Trends (and what you can do about it) Cyber Security: Emerging Risks and Trends (and what you can do about it) UVU Business and Economic Forum May 19, 2016 Presented by: Daniel D. Hill, Esq. Christopher Droubay, Esq. Risks and Trends Widely

More information

Cloud Service Agreements: Avoiding the Pitfalls of the Cloud as a Commodity. Amy Mushahwar, Esq.

Cloud Service Agreements: Avoiding the Pitfalls of the Cloud as a Commodity. Amy Mushahwar, Esq. Cloud Service Agreements: Avoiding the Pitfalls of the Cloud as a Commodity Amy Mushahwar, Esq. What s New? Not That Much. Some have their heads in the cloud we prefer to stay down in the weeds and know

More information

Fair Debt Collection Practices Act 1

Fair Debt Collection Practices Act 1 Fair Debt Collection Practices Act 1 The Fair Debt Collection Practices Act (FDCPA)(15 U.S.C. 1692 et seq.), which became effective March 20, 1978, was designed to eliminate abusive, deceptive, and unfair

More information

The Case For HIPAA Risk Assessment. Leader s Guide

The Case For HIPAA Risk Assessment. Leader s Guide 4547 The Case For HIPAA Risk Assessment Leader s Guide IMPORTANT INFORMATION FOR EDUCATION COORDINATORS & PROGRAM FACILITATORS PLEASE NOTE: In order for this program to meet Florida course requirements,

More information

Texas Environmental, Health and Safety Audit Privilege Act

Texas Environmental, Health and Safety Audit Privilege Act Texas Environmental, Health and Safety Audit Privilege Act SCOTT D. DEATHERAGE PARTNER G A R D ERE WYNNE SEWELL, DALLAS S D EATHERAGE@GARDERE.COM Legislation Texas Environmental, Health and Safety Audit

More information

650 Clark Way Palo Alto, CA 94304 650.326.5530

650 Clark Way Palo Alto, CA 94304 650.326.5530 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. (Adopted 4-14-03; revised December 2006) If

More information

Compliance Plan False Claims Act & Whistleblower Provisions Purpose/Policy/Procedures

Compliance Plan False Claims Act & Whistleblower Provisions Purpose/Policy/Procedures CATHOLIC CHARITIES OF THE ROMAN CATHOLIC DIOCESE OF SYRACUSE, NY and TOOMEY RESIDENTIAL AND COMMUNITY SERVICES Compliance Plan False Claims Act & Whistleblower Provisions Purpose/Policy/Procedures Purpose:

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

NewYork-Presbyterian Hospital Sites: All Centers Hospital Policy and Procedure Manual Number: D160 Page 1 of 9

NewYork-Presbyterian Hospital Sites: All Centers Hospital Policy and Procedure Manual Number: D160 Page 1 of 9 Page 1 of 9 TITLE: FEDERAL DEFICIT REDUCTION ACT OF 2005 FRAUD AND ABUSE PROVISIONS POLICY: NewYork- Presbyterian Hospital (NYP or the Hospital) is committed to preventing and detecting any fraud, waste,

More information

Mastering Data Privacy, Protection, & Forensics Law

Mastering Data Privacy, Protection, & Forensics Law Mastering Data Privacy, Protection, & Forensics Law April 15, 2015 Data Breach Notification and Cybersecurity Developments in 2015 Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy

More information

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005 Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad Toronto, Ontario June 14, 2005 Outsourcing Update: New Contractual Options and Risks Lisa K. Abe June 14, 2005

More information

Comment [1]: BDERIV. Comment [2]: EDERIV

Comment [1]: BDERIV. Comment [2]: EDERIV 56-1001. Short title. This act shall be known and may be cited as the "Oklahoma Medicaid Program Integrity Act". Added by Laws 1989, c. 220, 1, operative July 1, 1989. 56-1002. Definitions. As used in

More information

Inca One Gold Corp. Insider Trading Policy

Inca One Gold Corp. Insider Trading Policy Inca One Gold Corp. Insider Trading Policy 1.0 Introduction The Board of Directors (the Board ) of Inca One Gold Corp. ( Inca One ) 1 has determined that Inca One should formalize its policy on securities

More information

2015 -- S 0134 SUBSTITUTE B ======== LC000486/SUB B/2 ======== S T A T E O F R H O D E I S L A N D

2015 -- S 0134 SUBSTITUTE B ======== LC000486/SUB B/2 ======== S T A T E O F R H O D E I S L A N D 0 -- S 01 SUBSTITUTE B LC000/SUB B/ S T A T E O F R H O D E I S L A N D IN GENERAL ASSEMBLY JANUARY SESSION, A.D. 0 A N A C T RELATING TO CRIMINAL OFFENSES - IDENTITY THEFT PROTECTION Introduced By: Senators

More information

Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws

Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws Order Code RS20830 Updated February 25, 2008 Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws Summary Charles Doyle Senior Specialist American Law Division The federal computer

More information

Public Information Program

Public Information Program Public Information Program Public Records Policy Purpose This policy is adopted pursuant to the Government Records Access and Management Act Utah Code Ann. 63G-2-701 ( GRAMA ) and applies to District records

More information

Information Security Policy

Information Security Policy Information Security Policy Policy Title Responsible Executive Responsible Office Information Security Policy Vice President for Information Technology and CIO, Jay Dominick Office of Information Technology,

More information

CONSENT AND DISCLOSURE REGARDING PROCUREMENT OF CONSUMER CREDIT REPORT, CONSUMER REPORT AND/OR INVESTIGATIVE CONSUMER REPORT FOR EMPLOYMENT PURPOSES

CONSENT AND DISCLOSURE REGARDING PROCUREMENT OF CONSUMER CREDIT REPORT, CONSUMER REPORT AND/OR INVESTIGATIVE CONSUMER REPORT FOR EMPLOYMENT PURPOSES CONSENT AND DISCLOSURE REGARDING PROCUREMENT OF CONSUMER CREDIT REPORT, CONSUMER REPORT AND/OR INVESTIGATIVE CONSUMER REPORT FOR EMPLOYMENT PURPOSES I understand that [Employer] or one of its affiliates

More information

Top Five Privacy and Data Security Issues for Nonprofit Organizations

Top Five Privacy and Data Security Issues for Nonprofit Organizations Top Five Privacy and Data Security Issues for Nonprofit Organizations Julia K. Tama, Esq. Jeffrey S. Tenenbaum, Esq. Association of Corporate Counsel Nonprofit Organizations Committee Legal Quick Hit MAY

More information

Articles. Three Large States Revise Their Security Breach Notification Laws and Texas Applies Its Law to Residents of Some Other States to Boot

Articles. Three Large States Revise Their Security Breach Notification Laws and Texas Applies Its Law to Residents of Some Other States to Boot Three Large States Revise Their Security Breach Notification Laws and Texas Applies Its Law to Residents of Some Other States to Boot Jeff Dodd IP and Technology Developments - October 2011 October 25,

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices THIS NOTICE OF PRIVACY PRACTICES DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

More information

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL

More information

White Collar Criminal Defense, Internal Investigations & Corporate Compliance

White Collar Criminal Defense, Internal Investigations & Corporate Compliance Butzel Long :: Practice :: Practice Teams :: White Collar Criminal Defense, Internal Investigations & Corporate Compliance Team Contacts David F. DuMouchel Related Lawyers George B. Donnini Damien DuMouchel

More information

Data Privacy and Security: A Primer for Law Firms

Data Privacy and Security: A Primer for Law Firms Data Privacy and Security: A Primer for Law Firms All We Do Is Work. Workplace Law. In four time zones and 46 major locations coast to coast. www.jacksonlewis.com JACKSON LEWIS SERVING THE DIVERSE NEEDS

More information

VNSNY CORPORATE. DRA Policy

VNSNY CORPORATE. DRA Policy VNSNY CORPORATE DRA Policy TITLE: FEDERAL DEFICIT REDUCTION ACT OF 2005: POLICY REGARDING THE DETECTION & PREVENTION OF FRAUD, WASTE AND ABUSE AND APPLICABLE FEDERAL AND STATE LAWS APPLIES TO: VNSNY ENTITIES

More information

HIPAA Privacy Rule CLIN-203: Special Privacy Considerations

HIPAA Privacy Rule CLIN-203: Special Privacy Considerations POLICY HIPAA Privacy Rule CLIN-203: Special Privacy Considerations I. Policy A. Additional Privacy Protection for Particularly Sensitive Health Information USC 1 recognizes that federal and California

More information

CYBERTERRORISM THE USE OF THE INTERNET FOR TERRORIST PURPOSES

CYBERTERRORISM THE USE OF THE INTERNET FOR TERRORIST PURPOSES COMMITTEE OF EXPERTS ON TERRORISM (CODEXTER) CYBERTERRORISM THE USE OF THE INTERNET FOR TERRORIST PURPOSES UNITED STATES OF AMERICA September 2007 Kapitel 1 www.coe.int/gmt The responses provided below

More information

Policy Implications: Privacy, Security and Liability Big Data in Telecom. June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX

Policy Implications: Privacy, Security and Liability Big Data in Telecom. June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX Policy Implications: Privacy, Security and Liability Big Data in Telecom June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX Who We Are Leading trade association in support of information and communications

More information

Terms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013

Terms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013 Terms and Conditions Relating to Protected Health Information ( City PHI Terms ) Revised and Effective as of September 23, 2013 The City of Philadelphia is a Covered Entity as defined in the regulations

More information