Clients Legal Needs in HIPAA Security Compliance

Size: px
Start display at page:

Download "Clients Legal Needs in HIPAA Security Compliance"

Transcription

1 Clients Legal Needs in HIPAA Security Compliance Robyn A. Meinhardt, JD, RN FOLEY & LARDNER LLP 2004 Preserving Attorney-Client Privilege and Work Product Protections 1

2 Relevance to Security Compliance Audits and Internal Investigations To encourage parties to seek legal advice freely and to communicate candidly with an attorney during consultations about specific matters without fear that confidential information will be disclosed. Elements Necessary for Protection Privilege protects confidential communications between a client and attorney for the purposes of securing legal advice. Communications must be with either an attorney acting in a legal capacity or with the attorney s subordinate or agent. 2

3 Elements, con t Communications must be made to secure legal advice. Matters discussed with employees relate only to the scope of their duties. Communications are ordered to be kept confidential by employees. Documents are marked as privileged and attorney work product (as appropriate) and segregated from regular business materials. Potential Limitation on Attorney- Client Privilege While the privilege protects communications between the attorney and a client, information contained in the communication to an attorney may not be privileged. 3

4 Legal Advice vs. Business Advice The primary purpose of the consultation must be to obtain legal advice. If using in-house counsel, must clearly show advice was given in a professional legal capacity. If documentation is used by both legal and nonlegal personnel, a court may conclude that the primary purpose was not to secure legal advice. The Attorney Work Product Privilege? Protects documents prepared in anticipation of litigation by a party or the party s representative. In anticipation of litigation is broadly interpreted, and can include potential government investigations. Protects the mental impressions, conclusions, or opinions of the attorney contained in any document. 4

5 Attorney Work Product Privilege, con t May protect documents and communications other than those between an attorney and a client. Only extends to documentation prepared in anticipation of or during litigation. Compliance Investigations / Audits under Attorney-Client Privilege Performing audits in participation with and under engagement of legal counsel is a viable method for identifying risks while protecting the confidentiality of that information. 5

6 Legal Counsel s Responsibilities Related to Procuring Agents Engage vendor through verbal communications, and confirm engagement with a formal engagement letter that defines the vendor s scope of work, reporting responsibilities to legal counsel, and method of payment. Approve the work plan/audit program developed for the investigation. Direct the vendor regarding communication protocols and report distribution. Legal Counsel s Responsibilities, con t Review vendor s audit work papers as deemed appropriate. Review and approve vendor s audit reports. Distribute or approve distribution of audit reports to appropriate parties. 6

7 Important Notes: There are no absolute guarantees that communications and documentation will be fully protected from disclosure. Legal counsel represents the client, not the client s employees. Therefore, the privilege only extends to the client, and not their employees. More Important Notes: If the client chooses to waive its privilege, information provided by employees may be disclosed. Employees must be informed of this prior to interview. 7

8 Additional sources of Security Obligations Comprehensive computer security requirements are currently mandated by statute or regulation in three industries: Financial services (G-L-B) Health care (HIPAA security regulations) Activities under jurisdiction of the Food and Drug Administration (21 C.F.R. Part 11) Legal Sources of Security Obligations FOLEY & LARDNER LLP

9 Sources of Security Obligations: FTC FTC: Pursuing enforcement actions against companies that promise privacy but fail to deliver due to infrastructure vulnerabilities (FTC asserts this is an unfair or deceptive trade practice ). FTC also enforces COPPA (Children s Online Privacy Protection Act Includes a requirement for reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children. Sarbanes-Oxley Act Publicly Traded Companies (for now) The Act requires the SEC to prescribe rules requiring annual reports to contain an internal control report. Imposes management responsibility for establishing, maintaining and assessing the effectiveness of an adequate internal control structure. CEO and CFO certifications of material information are to address the effectiveness of internal controls for ensuring information accuracy. 9

10 Sarbanes-Oxley Act The Act s internal controls mandate will: Require assessment of the company s information systems and associated business processes for security Make a secure information infrastructure necessary, in order to provide accurate financial reporting California s Database Protection Act Also known as SB 1386; Civil Code etc. seq. Applies to any person or business doing business in California. Requires notification to data subjects who are California residents, whenever their name plus either: Social Security Number; Driver s license or California ID card number; or Financial account, credit or debit card number and any related PIN has been accessed without authorization (unless that information was encrypted). 10

11 Fiduciary Duties of Corporate Directors Recent Corporate Law Developments regarding Fiduciary Obligations three examples of this growing field of law Pereira v. Cogan, 2003: Federal district court decision focused on breach of the fiduciary duties of the directors of a private company. Holding: Directors who purposefully remain ignorant of issues, without regard to their fiduciary obligations, will be held liable. Fiduciary Duties of Corporate Directors In re The Walt Disney Co. Derivative Litigation (May, 2003: Delaware Chancery Court decision regarding executive compensation). Shareholders allegation was that directors nonparticipation in selection and compensation of president resulted in $138 million loss. The court determined that if this allegation was true, the directors would not have acted in good faith, and so would not be protected by the business judgment rule i.e., would be personally liable. 11

12 Worldcom Bankruptcy WorldCom bankruptcy case: bankruptcy examiner s Thornburgh Report of 2003: Discusses lapses in fiduciary judgment with respect to financial affairs, strategic planning and oversight of senior management; and Comments on the unwillingness of WorldCom counsel (inside and outside) to advise the Board about its fiduciary obligations related to corporate decision-making. International Sources of Security Obligations Council of Europe s Draft Convention on Cybercrime (2001). Article 12: Corporate liability for lack of supervision or control of its agents. European Union s Data Privacy Directive: Controls processing of personal information Each EU country enacts implementing legislation. (ABA s International Guide to Combating Cybercrime: 12

13 Computer Fraud and Abuse Act 1. Computer Fraud and Abuse Act of 1986 (as amended) 18 U.S.C. Section 1030: criminalizes acts against protected computers - those used in government, financial services, or in interstate or foreign commerce. Crimes defined include intentionally accessing a computer without authorization or in excess of authorized access. Electronic Communications Privacy Act 2. Electronic Communications Privacy Act of 1986, 18 U.S.C. Sections : Addresses allowance of and limits on network monitoring Amended by the 2002 Homeland Security Act (Pub. L. No ): Included the Cyber Security Enhancement Act which expanded cybercrime definitions and penalties. 13

14 PATRIOT Act 3. US PATRIOT Act of 2001 (Pub. L. No ): Addressed communications tracing and interception; Protected disclosures to law enforcement; Expanded search warrants; Enhanced cybercrime/cyberterrorism penalties; And more. Trade Secret Offenses 5. Economic Espionage Act of 1996, 18 U.S.C. Sections : Describes a number of crimes that fall under the theft of trade secrets and economic espionage headings. May apply to conduct outside the U.S. Penalties include forfeiture of property. 14

15 Other Federal Criminal Statutes related to Computer Crime 18 U.S.C. Section 1029 (Fraud and Related Activity in Connection with Access Devices) 18 U.S.C. Section 1362 (Communication Lines, Stations or Systems) US Child Pornography Prevention Act of 1996 PROTECT Act 18 U.S.C

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce Heiman K&L Gates September 10, 2015 Bruce.Heiman@klgates.com (202) 661-3935 Why share information? Prevention

More information

CYBER SECURITY A L E G A L P E R S P E C T I V E

CYBER SECURITY A L E G A L P E R S P E C T I V E A L E G A L P E R S P E C T I V E T H O M A S G. S C H R O E T E R A S S O C I A T E G E N E R A L C O U N S E L P O R T O F H O U S T O N A U T H O R I T Y DISCLAIMER! This presentation: does not include

More information

Privacy Law Basics and Best Practices

Privacy Law Basics and Best Practices Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?

More information

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) May 15, 2009 LLP US Information Security Framework Historically industry-specific HIPAA Fair Credit Reporting

More information

Information Security Law: Control of Digital Assets.

Information Security Law: Control of Digital Assets. Brochure More information from http://www.researchandmarkets.com/reports/2128523/ Information Security Law: Control of Digital Assets. Description: For most organizations, an effective information security

More information

As Amended by Senate Committee SENATE BILL No. 408

As Amended by Senate Committee SENATE BILL No. 408 Session of As Amended by Senate Committee SENATE BILL No. 0 By Committee on Corrections and Juvenile Justice - 0 AN ACT concerning abuse, neglect and exploitation of persons; relating to reporting and

More information

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com

More information

Cybersecurity y Managing g the Risks

Cybersecurity y Managing g the Risks Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking

More information

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN

By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the

More information

Data Breach Reporting: Summary of Governing Bodies with Reporting Requirements in the United States

Data Breach Reporting: Summary of Governing Bodies with Reporting Requirements in the United States Data Breach Reporting: Summary of Governing Bodies with Reporting Requirements in the United States Introduction When it comes to Personally Identifiable Information (PII), privacy laws and regulations

More information

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations

More information

Alert. Client PROSKAUER ROSE

Alert. Client PROSKAUER ROSE PROSKAUER ROSE Client Alert SEC Adopts Rules to Require Attorneys to Report Violations "Up the Ladder" and Proposes to Require "Noisy Withdrawals" by Attorneys or Disclosure by Public Companies, if Responses

More information

REPORTING REQUIREMENTS

REPORTING REQUIREMENTS REPORTING REQUIREMENTS REPORTING REQUIREMENTS Consistent with state law, you must report known or suspected abuse, neglect, and/or exploitation of children and certain adults. Different rules apply to

More information

FEDERAL LAWS RELATING TO FRAUD, WASTE AND ABUSE

FEDERAL LAWS RELATING TO FRAUD, WASTE AND ABUSE FEDERAL LAWS RELATING TO FRAUD, WASTE AND ABUSE FEDERAL CIVIL FALSE CLAIMS ACT The federal civil False Claims Act, 31 U.S.C. 3729, et seq., ( FCA ) was originally enacted in 1863 to combat fraud perpetrated

More information

Privacy Legislation and Industry Security Standards

Privacy Legislation and Industry Security Standards Privacy Legislation and Issue No. 3 01010101 01010101 01010101 Information is generated about and collected from individuals at an unprecedented rate in the ordinary course of business. In most cases,

More information

Identity Theft Regulation. *Christine Stagnetto-Sarmiento, Oglala Lakota College, USA. *Corresponding Author, 490 Piya Wiconi Road-Kyle, South Dakota

Identity Theft Regulation. *Christine Stagnetto-Sarmiento, Oglala Lakota College, USA. *Corresponding Author, 490 Piya Wiconi Road-Kyle, South Dakota 1 Identity Theft Regulation *Christine Stagnetto-Sarmiento, Oglala Lakota College, USA *Corresponding Author, 490 Piya Wiconi Road-Kyle, South Dakota (605) 455-6110 csarmiento@olc.edu Introduction This

More information

FEDERAL IDENTITY THEFT TASK FORCE. On May 10, 2006, the President signed an Executive Order establishing an Identity Theft

FEDERAL IDENTITY THEFT TASK FORCE. On May 10, 2006, the President signed an Executive Order establishing an Identity Theft FEDERAL IDENTITY THEFT TASK FORCE Attorney General Alberto Gonzales Federal Trade Commission Chairman Deborah Platt Majoras On May 10, 2006, the President signed an Executive Order establishing an Identity

More information

Introduction to Data Privacy & ediscovery Intersection of Data Privacy & ediscovery

Introduction to Data Privacy & ediscovery Intersection of Data Privacy & ediscovery Today s Topics Introduction to Data Privacy & ediscovery General Overview Data Privacy in the United States Data Privacy in Foreign Countries Intersection of Data Privacy & ediscovery Preservation of Data

More information

ASSEMBLY BILL No. 597

ASSEMBLY BILL No. 597 california legislature 2015 16 regular session ASSEMBLY BILL No. 597 Introduced by Assembly Member Cooley February 24, 2015 An act to amend Sections 36 and 877 of, and to add Chapter 6 (commencing with

More information

Navigating the New MA Data Security Regulations

Navigating the New MA Data Security Regulations Navigating the New MA Data Security Regulations Robert A. Fisher, Esq. 2009 Foley Hoag LLP. All Rights Reserved. Presentation Title Data Security Law Chapter 93H Enacted after the TJX data breach became

More information

Data Privacy and Cybersecurity Task Force

Data Privacy and Cybersecurity Task Force Data Privacy and Cybersecurity Task Force key contact Josephine Cicchetti Shareholder T: 202.965.8162 F: 202.965.8104 email We provide clients across industries with comprehensive counsel on complex, evolving,

More information

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015 Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas

More information

Handling Disagreement with Superiors Decisions and Whistleblowing

Handling Disagreement with Superiors Decisions and Whistleblowing Handling Disagreement with Superiors Decisions and Whistleblowing The mandate of the Office of Inspector General (OIG) is to root out fraud, waste, and abuse, as well as promote the economy and efficiency

More information

Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014

Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A.

More information

ASSEMBLY BILL No. 597

ASSEMBLY BILL No. 597 AMENDED IN ASSEMBLY APRIL 14, 2015 california legislature 2015 16 regular session ASSEMBLY BILL No. 597 Introduced by Assembly Member Cooley February 24, 2015 An act to amend Sections 36 and 877 of, and

More information

The Legal Pitfalls of Failing to Develop Secure Cloud Services

The Legal Pitfalls of Failing to Develop Secure Cloud Services SESSION ID: CSV-R03 The Legal Pitfalls of Failing to Develop Secure Cloud Services Cristin Goodwin Senior Attorney, Trustworthy Computing & Regulatory Affairs Microsoft Corporation Edward McNicholas Global

More information

Client Advisory October 2009. Data Security Law MGL Chapter 93H and 201 CMR 17.00

Client Advisory October 2009. Data Security Law MGL Chapter 93H and 201 CMR 17.00 Client Advisory October 2009 Data Security Law MGL Chapter 93H and 201 CMR 17.00 For a discussion of these and other issues, please visit the update on our website at /law. To receive mailings via email,

More information

Michie's Legal Resources. This part shall be known and may be cited as the Tennessee Identity Theft Deterrence Act of 1999. [Acts 1999, ch. 201, 2.

Michie's Legal Resources. This part shall be known and may be cited as the Tennessee Identity Theft Deterrence Act of 1999. [Acts 1999, ch. 201, 2. http://www.michie.com/tennessee/lpext.dll/tncode/12ebe/13cdb/1402c/1402e?f=templates&... Page 1 of 1 47-18-2101. Short title. This part shall be known and may be cited as the Tennessee Identity Theft Deterrence

More information

HIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act

HIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act International Life Sciences Arbitration Health Industry Alert If you have questions or would like additional information on the material covered in this Alert, please contact the author: Brad M. Rostolsky

More information

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015

Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Katherine M. Layman Cozen O Connor 1900 Market Street Philadelphia, PA 19103 (215) 665-2746

More information

REFERENCE TITLE: accountancy board; certified public accountants HB 2218. Introduced by Representative Thorpe AN ACT

REFERENCE TITLE: accountancy board; certified public accountants HB 2218. Introduced by Representative Thorpe AN ACT REFERENCE TITLE: accountancy board; certified public accountants State of Arizona House of Representatives Fifty-second Legislature First Regular Session HB Introduced by Representative Thorpe AN ACT AMENDING

More information

SETTLEMENT AGREEMENT. This Settlement Agreement ( Agreement ) is entered into among the United

SETTLEMENT AGREEMENT. This Settlement Agreement ( Agreement ) is entered into among the United SETTLEMENT AGREEMENT This Settlement Agreement ( Agreement ) is entered into among the United States of America, acting through the United States Department of Justice and on behalf of the Department of

More information

Mastering Data Privacy, Social Media, & Cyber Law

Mastering Data Privacy, Social Media, & Cyber Law Mastering Data Privacy, Social Media, & Cyber Law October 22, 2014 Data Breach Notification and Cybersecurity Developments in 2014 Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy

More information

Signed into law on February 17, 2009, the Stimulus Package known

Signed into law on February 17, 2009, the Stimulus Package known Stimulus Package Expands HIPAA Privacy and Security and Adds Federal Data Breach Notification Law Marcy Wilder, Donna A. Boswell, and BarBara Bennett The authors discuss provisions of the Stimulus Package

More information

June 10, 2010. 2010 Legislative Amendments to the Indiana Code Relating to First Lien Mortgage Act (the Act )

June 10, 2010. 2010 Legislative Amendments to the Indiana Code Relating to First Lien Mortgage Act (the Act ) June 10, 2010 2010 Legislative Amendments to the Indiana Code Relating to First Lien Mortgage Act (the Act ) Effective July 1, 2010 (except as otherwise indicated) Questions, Answers, and Administrative

More information

HOUSE BILL No. 4917. July 18, 2013, Introduced by Rep. Heise and referred to the Committee on Judiciary.

HOUSE BILL No. 4917. July 18, 2013, Introduced by Rep. Heise and referred to the Committee on Judiciary. HOUSE BILL No. HOUSE BILL No. July, 0, Introduced by Rep. Heise and referred to the Committee on Judiciary. A bill to amend PA, entitled "Revised judicature act of," (MCL 00.0 to 00.) by adding chapter

More information

Exhibit A. Federal Statutes Impacting Data Security

Exhibit A. Federal Statutes Impacting Data Security Exhibit A Federal Statutes Impacting Data Security Michele A. Whitham Partner, Founding Co-Chair Security & Privacy Practice Group Foley Hoag LLP 155 Seaport Boulevard Boston, MA 02210 Federal Law Citation

More information

Subtitle B Increasing Regulatory Enforcement and Remedies

Subtitle B Increasing Regulatory Enforcement and Remedies H. R. 4173 466 activities and evaluates the effectiveness of the Ombudsman during the preceding year. The Investor Advocate shall include the reports required under this section in the reports required

More information

Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues

Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues Todd Bertoson Daniel Gibb Erin Sheppard Principal Senior Managing Associate Counsel todd.bertoson@dentons.com

More information

Labor and Employment 2015 Conference

Labor and Employment 2015 Conference Labor and Employment 2015 Conference Investigations and Whistleblowing: How to Proceed When an Investigation Reveals Criminal Conduct or Other Improprieties Abigail Crouse Associate General Counsel RJ

More information

UNITED STATES DISTRICT COURT DISTRICT OF CONNECTICUT

UNITED STATES DISTRICT COURT DISTRICT OF CONNECTICUT UNITED STATES DISTRICT COURT DISTRICT OF CONNECTICUT ATTORNEY GENERAL OF THE : STATE OF CONNECTICUT, and : STATE OF CONNECTICUT : Plaintiffs, : : v. : Civ. No. : HEALTH NET OF THE NORTHEAST, INC., : HEALTH

More information

HIPAA PRIVACY NOTICE PLEASE REVIEW IT CAREFULLY

HIPAA PRIVACY NOTICE PLEASE REVIEW IT CAREFULLY HIPAA PRIVACY NOTICE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN OBTAIN ACCESS TO THIS INFORMATION. INTRODUCTION PLEASE REVIEW IT CAREFULLY Moriarty

More information

2015 -- S 0134 SUBSTITUTE B ======== LC000486/SUB B/2 ======== S T A T E O F R H O D E I S L A N D

2015 -- S 0134 SUBSTITUTE B ======== LC000486/SUB B/2 ======== S T A T E O F R H O D E I S L A N D 0 -- S 01 SUBSTITUTE B LC000/SUB B/ S T A T E O F R H O D E I S L A N D IN GENERAL ASSEMBLY JANUARY SESSION, A.D. 0 A N A C T RELATING TO CRIMINAL OFFENSES - IDENTITY THEFT PROTECTION Introduced By: Senators

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

Commodity Futures Trading Commission Commodity Whistleblower Incentives and Protection

Commodity Futures Trading Commission Commodity Whistleblower Incentives and Protection Commodity Futures Trading Commission Commodity Whistleblower Incentives and Protection (7 U.S.C. 26) i 26. Commodity whistleblower incentives and protection (a) Definitions. In this section: (1) Covered

More information

Mastering Data Privacy, Protection, & Forensics Law

Mastering Data Privacy, Protection, & Forensics Law Mastering Data Privacy, Protection, & Forensics Law April 15, 2015 Data Breach Notification and Cybersecurity Developments in 2015 Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy

More information

Credit Reports and the Fair Credit Reporting Act. The Credit Bureaus

Credit Reports and the Fair Credit Reporting Act. The Credit Bureaus Credit Reports and the Consumer Law Eric E. Johnson eejlaw.com Konomark Most rights sharable. The Credit Bureaus 1 State law causes of action against credit bureaus Defamation Invasion of privacy State

More information

INDEPENDENT CONTRACTOR AGREEMENT

INDEPENDENT CONTRACTOR AGREEMENT INDEPENDENT CONTRACTOR AGREEMENT This Independent Contractor Agreement ( Agreement ) is entered between Nordstrom, Inc. ( Nordstrom ), with a business address at 1700 Seventh Avenue, Suite 1000, Seattle,

More information

New Privacy Laws Impacting the Health Care Work Place

New Privacy Laws Impacting the Health Care Work Place New Privacy Laws Impacting the Health Care Work Place Presented by Thomas E. Jeffry, Jr., Esq. Arent Fox LLP Washington, DC New York, NY Los Angeles, CA November 12 & 19, 2009 Overview 1. Overview of California

More information

Texas Environmental, Health and Safety Audit Privilege Act

Texas Environmental, Health and Safety Audit Privilege Act Texas Environmental, Health and Safety Audit Privilege Act SCOTT D. DEATHERAGE PARTNER G A R D ERE WYNNE SEWELL, DALLAS S D EATHERAGE@GARDERE.COM Legislation Texas Environmental, Health and Safety Audit

More information

Standards of. Conduct. Important Phone Number for Reporting Violations

Standards of. Conduct. Important Phone Number for Reporting Violations Standards of Conduct It is the policy of Security Health Plan that all its business be conducted honestly, ethically, and with integrity. Security Health Plan s relationships with members, hospitals, clinics,

More information

CYBERTERRORISM THE USE OF THE INTERNET FOR TERRORIST PURPOSES

CYBERTERRORISM THE USE OF THE INTERNET FOR TERRORIST PURPOSES COMMITTEE OF EXPERTS ON TERRORISM (CODEXTER) CYBERTERRORISM THE USE OF THE INTERNET FOR TERRORIST PURPOSES UNITED STATES OF AMERICA September 2007 Kapitel 1 www.coe.int/gmt The responses provided below

More information

Securities Whistleblower Incentives and Protection

Securities Whistleblower Incentives and Protection Securities Whistleblower Incentives and Protection 15 USC 78u-6 (As added by P.L. 111-203.) 15 USC 78u-6 78u-6. Securities whistleblower incentives and protection (a) Definitions. In this section the following

More information

Fair Credit Reporting Act Compliance Guide

Fair Credit Reporting Act Compliance Guide Fair Credit Reporting Act Compliance Guide FAIR CREDIT REPORTING ACT TABLE OF CONTENTS Page I. INTRODUCTION...1 A. Increased Applicant and Employee Rights...1 B. What is a "Consumer Report?"...1 C. What

More information

Tape Vaulting Audit And Encryption Usage Analysis

Tape Vaulting Audit And Encryption Usage Analysis Tape Vaulting Audit And Encryption Usage Analysis Prepared for Public Presentation (includes SB 1386, Gramm Leach Bliley, and Personal Data Protection and Security Act of 2005 Customer Information Protection

More information

GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 2007 S 1 SENATE BILL 1198

GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 2007 S 1 SENATE BILL 1198 GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 0 S SENATE BILL Short Title: Regulate Debt Settlement. Sponsors: Senators Clodfelter; and Berger of Rockingham. Referred to: Commerce, Small Business and Entrepreneurship.

More information

Data protection and outsourcing industry - A study. By Kumar Mihir

Data protection and outsourcing industry - A study. By Kumar Mihir Data protection and outsourcing industry - A study By Kumar Mihir Scientia Potenti Est- Knowledge is power. The said maxim is apt to describe the primary business model in the 21 st century when information

More information

Agreement for 2015 S Corporation Income Tax Preparation

Agreement for 2015 S Corporation Income Tax Preparation Agreement for 2015 S Corporation Income Tax Preparation Dear Client: We will prepare the federal, resident state and city S-corporation income tax returns for for the year ended December 31, 2015 and we

More information

Policy Implications: Privacy, Security and Liability Big Data in Telecom. June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX

Policy Implications: Privacy, Security and Liability Big Data in Telecom. June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX Policy Implications: Privacy, Security and Liability Big Data in Telecom June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX Who We Are Leading trade association in support of information and communications

More information

IN THE UNITED STATES DISTRICT COURT DISTRICT OF

IN THE UNITED STATES DISTRICT COURT DISTRICT OF IN THE UNITED STATES DISTRICT COURT DISTRICT OF UNITED STATES OF AMERICA ) Civil Action No. Ex rel. ) ) FILED IN CAMERA AND Plaintiff, ) UNDER SEAL ) vs. ) FALSE CLAIMS ACT ) MEDICAID FRAUD, ), and ) JURY

More information

Comment [1]: BDERIV. Comment [2]: EDERIV

Comment [1]: BDERIV. Comment [2]: EDERIV 56-1001. Short title. This act shall be known and may be cited as the "Oklahoma Medicaid Program Integrity Act". Added by Laws 1989, c. 220, 1, operative July 1, 1989. 56-1002. Definitions. As used in

More information

Designation of employee(s) in charge of the program; Identifying and assessing risks/threats and evaluating and improving

Designation of employee(s) in charge of the program; Identifying and assessing risks/threats and evaluating and improving PRIVACY & DATA SECURITY LAW JOURNAL MASSACHUSETTS On September 22, 2008, Massachusetts adopted regulations that will require businesses, wherever located, that own, license, store, or maintain information

More information

Policies and Procedures: WVUPC Policy Pursuant to the Requirements of the Deficit Reduction Act of 2005

Policies and Procedures: WVUPC Policy Pursuant to the Requirements of the Deficit Reduction Act of 2005 POLICY/PROCEDURE NO.: B-17 Effective date: Jan. 1, 2007 Date(s) of review/revision: Nov. 1, 2015 Policies and Procedures: WVUPC Policy Pursuant to the Requirements of the Deficit Reduction Act of 2005

More information

SCAN Health Plan Policy and Procedure Number: CRP-0067, False Claims Act & Deficit Reduction Act 2005

SCAN Health Plan Policy and Procedure Number: CRP-0067, False Claims Act & Deficit Reduction Act 2005 Health Plan Policy and Procedure Number: CRP-0067, False Claims Act & Deficit Reduction Act 2005 Approver Approval Stage Date Chris Zorn Approval Event (Authoring) 12/09/2013 Nancy Monk Approval Event

More information

Guylyn Cummins, Esq. Elizabeth Balfour, Esq.

Guylyn Cummins, Esq. Elizabeth Balfour, Esq. Privacy Law Perils in California, the Nation and Beyond: Securing Data, Responding to Theft of Data and Other Business Assets, Assessing Your Company s Privacy Policy, Evaluating Risks Presented by Your

More information

The Case For HIPAA Risk Assessment. Leader s Guide

The Case For HIPAA Risk Assessment. Leader s Guide 4547 The Case For HIPAA Risk Assessment Leader s Guide IMPORTANT INFORMATION FOR EDUCATION COORDINATORS & PROGRAM FACILITATORS PLEASE NOTE: In order for this program to meet Florida course requirements,

More information

DELAWARE GOVERNANCE PRINCIPLES Steptoe & Johnson LLP (Overview) David Roll Richards, Layton & Finger, P.A. Samuel A. Nolen

DELAWARE GOVERNANCE PRINCIPLES Steptoe & Johnson LLP (Overview) David Roll Richards, Layton & Finger, P.A. Samuel A. Nolen Last Updated: June 2013 DELAWARE GOVERNANCE PRINCIPLES Steptoe & Johnson LLP (Overview) David Roll Richards, Layton & Finger, P.A. Samuel A. Nolen Table of Contents 1. The Sarbanes-Oxley Good Governance

More information

ETHICAL LEGAL ADVOCACY: ISSUES FOR DOMESTIC VIOLENCE

ETHICAL LEGAL ADVOCACY: ISSUES FOR DOMESTIC VIOLENCE ETHICAL LEGAL ADVOCACY: ISSUES FOR DOMESTIC VIOLENCE ADVOCATES ATTORNEY- CLIENT PRIVILEGE Attorney- client privilege ABA Model Rule 1.6 Any information transmitted between a lawyer and a client in the

More information

troinet.com When It Comes to HIPAA Compliance, Ignorance of the Law Is No Excuse

troinet.com When It Comes to HIPAA Compliance, Ignorance of the Law Is No Excuse When It Comes to HIPAA Compliance, Ignorance of the Law Is No Excuse When It Comes to HIPAA Compliance, Ignorance of the Law Is No Excuse The Health Insurance Portability and Accountability Act of 1996

More information

Preparing For and Responding to Government Investigations. Presented by Jeffrey Coopersmith

Preparing For and Responding to Government Investigations. Presented by Jeffrey Coopersmith Preparing For and Responding to Government Investigations Presented by Jeffrey Coopersmith Substantive Areas of Government Inquiry Areas Where the Gov t Routinely Conducts Investigations: Securities Fraud

More information

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats

More information

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No. 94-94A-94B, AFL-CIO. Notice of Privacy Practices The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL

More information

Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws

Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws Order Code RS20830 Updated February 25, 2008 Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws Summary Charles Doyle Senior Specialist American Law Division The federal computer

More information

BUSINESS ASSOCIATE AGREEMENT ( BAA )

BUSINESS ASSOCIATE AGREEMENT ( BAA ) BUSINESS ASSOCIATE AGREEMENT ( BAA ) Pursuant to the terms and conditions specified in Exhibit B of the Agreement (as defined in Section 1.1 below) between EMC (as defined in the Agreement) and Subcontractor

More information

NewYork-Presbyterian Hospital Sites: All Centers Hospital Policy and Procedure Manual Number: D160 Page 1 of 9

NewYork-Presbyterian Hospital Sites: All Centers Hospital Policy and Procedure Manual Number: D160 Page 1 of 9 Page 1 of 9 TITLE: FEDERAL DEFICIT REDUCTION ACT OF 2005 FRAUD AND ABUSE PROVISIONS POLICY: NewYork- Presbyterian Hospital (NYP or the Hospital) is committed to preventing and detecting any fraud, waste,

More information

CHAMPAIGN COUNTY NURSING HOME SUMMARY OF ANTI-FRAUD AND ABUSE POLICIES

CHAMPAIGN COUNTY NURSING HOME SUMMARY OF ANTI-FRAUD AND ABUSE POLICIES 1. PURPOSE CHAMPAIGN COUNTY NURSING HOME SUMMARY OF ANTI-FRAUD AND ABUSE POLICIES Champaign County Nursing Home ( CCNH ) has established anti-fraud and abuse policies to prevent fraud, waste, and abuse

More information

CONSENT AND DISCLOSURE REGARDING PROCUREMENT OF CONSUMER CREDIT REPORT, CONSUMER REPORT AND/OR INVESTIGATIVE CONSUMER REPORT FOR EMPLOYMENT PURPOSES

CONSENT AND DISCLOSURE REGARDING PROCUREMENT OF CONSUMER CREDIT REPORT, CONSUMER REPORT AND/OR INVESTIGATIVE CONSUMER REPORT FOR EMPLOYMENT PURPOSES CONSENT AND DISCLOSURE REGARDING PROCUREMENT OF CONSUMER CREDIT REPORT, CONSUMER REPORT AND/OR INVESTIGATIVE CONSUMER REPORT FOR EMPLOYMENT PURPOSES I understand that [Employer] or one of its affiliates

More information

Note to Users: Page 1 of 5

Note to Users: Page 1 of 5 Note to Users: The subsequent pages contain a Sample Business Associate Agreement that may be used by healthcare facilities. Be advised that this is strictly a sample and any formal Business Associate

More information

2015 NMSBA SCHOOL LAW CONFERENCE

2015 NMSBA SCHOOL LAW CONFERENCE 2015 NMSBA SCHOOL LAW CONFERENCE NETWORK SECURITY, DISTRICT POLICIES ON INTERNET USE, AND THE LAW Andrew M. Sanchez David A. Richter Cuddy & McCarthy, LLP 1 FEDERAL LAWS The Family Educational Rights and

More information

Data Privacy and Security: A Primer for Law Firms

Data Privacy and Security: A Primer for Law Firms Data Privacy and Security: A Primer for Law Firms All We Do Is Work. Workplace Law. In four time zones and 46 major locations coast to coast. www.jacksonlewis.com JACKSON LEWIS SERVING THE DIVERSE NEEDS

More information

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS Shipman & Goodwin LLP HIPAA Alert March 2009 STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS The economic stimulus package, officially named the American Recovery and Reinvestment Act of 2009

More information

2005 -- H 6191 SUBSTITUTE A AS AMENDED ======= LC02663/SUB A/2 ======= STATE OF RHODE ISLAND IN GENERAL ASSEMBLY JANUARY SESSION, A.D.

2005 -- H 6191 SUBSTITUTE A AS AMENDED ======= LC02663/SUB A/2 ======= STATE OF RHODE ISLAND IN GENERAL ASSEMBLY JANUARY SESSION, A.D. 00 -- H 11 SUBSTITUTE A AS AMENDED LC0/SUB A/ STATE OF RHODE ISLAND IN GENERAL ASSEMBLY JANUARY SESSION, A.D. 00 A N A C T RELATING TO IDENTITY THEFT PROTECTION Introduced By: Representatives Gemma, Sullivan,

More information

White Collar Criminal Defense, Internal Investigations & Corporate Compliance

White Collar Criminal Defense, Internal Investigations & Corporate Compliance Butzel Long :: Practice :: Practice Teams :: White Collar Criminal Defense, Internal Investigations & Corporate Compliance Team Contacts David F. DuMouchel Related Lawyers George B. Donnini Damien DuMouchel

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES THIS SAMPLE NOTICE IS AN EXAMPLE OF THE KIND OF DOCUMENT THAT IS REQUIRED BY HIPAA s PRIVACY RULE. THIS IS A DRAFT PREPARED BY AAMFT LEGAL CONSULTANT RICHARD LESLIE, J.D., FOR THE STATE OF CALIFORNIA AND

More information

Metropolitan Jewish Health System and its Participating Agencies and Programs [MJHS]

Metropolitan Jewish Health System and its Participating Agencies and Programs [MJHS] Metropolitan Jewish Health System and its Participating Agencies and Programs [MJHS] POLICY PURSUANT TO THE FEDERAL DEFICIT REDUCTION ACT OF 2005: Detection and Prevention of Fraud, Waste, and Abuse and

More information

Fair Debt Collection Practices Act 1

Fair Debt Collection Practices Act 1 Fair Debt Collection Practices Act 1 The Fair Debt Collection Practices Act (FDCPA)(15 U.S.C. 1692 et seq.), which became effective March 20, 1978, was designed to eliminate abusive, deceptive, and unfair

More information

Notice of Privacy Practices

Notice of Privacy Practices Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. This practice uses

More information

The need for companies to have a predetermined plan in place in the

The need for companies to have a predetermined plan in place in the Companies Must Prepare for Data Theft TIMOTHY J. CARROLL, BRUCE A. RADKE, AND MICHAEL J. WATERS The authors discuss steps that companies can take to mitigate the risks of, or damages caused by, a security

More information

UPDATED. OIG Guidelines for Evaluating State False Claims Acts

UPDATED. OIG Guidelines for Evaluating State False Claims Acts UPDATED OIG Guidelines for Evaluating State False Claims Acts Note: These guidelines are effective March 15, 2013, and replace the guidelines effective on August 21, 2006, found at 71 FR 48552. UPDATED

More information

Wheaton College Audit Committee Red Flag Identity Theft Prevention Program Meeting of February 20, 2009

Wheaton College Audit Committee Red Flag Identity Theft Prevention Program Meeting of February 20, 2009 Wheaton College Audit Committee Red Flag Identity Theft Prevention Program Meeting of February 20, 2009 Late last year, the Federal Trade Commission (FTC) and Federal banking agencies issued a regulation

More information

Inca One Gold Corp. Insider Trading Policy

Inca One Gold Corp. Insider Trading Policy Inca One Gold Corp. Insider Trading Policy 1.0 Introduction The Board of Directors (the Board ) of Inca One Gold Corp. ( Inca One ) 1 has determined that Inca One should formalize its policy on securities

More information

SUBSTITUTE SENATE BILL 5059. State of Washington 64th Legislature 2015 Regular Session

SUBSTITUTE SENATE BILL 5059. State of Washington 64th Legislature 2015 Regular Session S-1.1 SUBSTITUTE SENATE BILL 0 State of Washington th Legislature 01 Regular Session By Senate Law & Justice (originally sponsored by Senators Frockt, Fain, Pedersen, and Chase; by request of Attorney

More information

Whistleblowers & Corporate Fraud Investigations

Whistleblowers & Corporate Fraud Investigations Whistleblowers & Corporate Fraud Investigations Tuesday, May 10, 2011 McGuireWoods LLP 201 N. Tryon Street, Suite 3000 Charlotte, North Carolina www.mcguirewoods.com Whistleblower Provisions of the Dodd-Frank

More information

fraud, waste, abuse, compliance, integrity, Integrity Help Line

fraud, waste, abuse, compliance, integrity, Integrity Help Line Policy / Procedure: KEY TERMS: fraud, waste, abuse, compliance, integrity, Integrity Help Line I. PURPOSE: To help our employees, agents and contractors understand the methods to prevent and detect fraud,

More information

Public Information Program

Public Information Program Public Information Program Public Records Policy Purpose This policy is adopted pursuant to the Government Records Access and Management Act Utah Code Ann. 63G-2-701 ( GRAMA ) and applies to District records

More information

EMR: Electronic Medical Records Security: International Law Review

EMR: Electronic Medical Records Security: International Law Review EMR: Electronic Medical Records Security: International Law Review HCCA 11 th Annual Compliance Institute, April 2007 Jill Nelson, RN, MBA, JD, CPC, CHC Cleveland Clinic, Director of Corporate Compliance

More information

UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF FLORIDA WEST PALM BEACH DIVISION COMPLAINT FOR DECLARATORY JUDGMENT I.

UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF FLORIDA WEST PALM BEACH DIVISION COMPLAINT FOR DECLARATORY JUDGMENT I. UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF FLORIDA WEST PALM BEACH DIVISION JANICE LEE, ) ) Case No. Plaintiff, ) ) vs. ) ) BETHESDA HOSPITAL, INC. ) ) Defendant. ) ) COMPLAINT FOR DECLARATORY JUDGMENT

More information

DISCLOSURES OF PHI & FLORIDA STATE LAW

DISCLOSURES OF PHI & FLORIDA STATE LAW DISCLOSURES OF PHI & FLORIDA STATE LAW The Privacy Rule provides an extensive list of permitted disclosures; however, if state laws provide greater privacy protections or privacy rights with respect to

More information

ADMINISTRATIVE POLICY SECTION: CORPORATE COMPLIANCE Revised Date: 2/26/15 TITLE: FALSE CLAIMS ACT & WHISTLEBLOWER PROVISIONS

ADMINISTRATIVE POLICY SECTION: CORPORATE COMPLIANCE Revised Date: 2/26/15 TITLE: FALSE CLAIMS ACT & WHISTLEBLOWER PROVISIONS Corporate Compliance Plan AD-819-0 Reporting of Compliance Concerns & Non-retaliation AD-807-0 Compliance Training Policy CFC ADMINISTRATIVE POLICY AD-819-1 SECTION: CORPORATE COMPLIANCE Revised Date:

More information

UNITED STATES DISTRICT COURT DISTRICT OF MINNESOTA Criminal No.:

UNITED STATES DISTRICT COURT DISTRICT OF MINNESOTA Criminal No.: UNITED STATES DISTRICT COURT DISTRICT OF MINNESOTA Criminal No.: UNITED STATES OF AMERICA, ) ) Plaintiff, ) DEFERRED PROSECUTION ) AGREEMENT v. ) ) BIXBY ENERGY SYSTEMS, INC., ) ) Defendant. ) The United

More information