Health information privacy and security. Norton Rose Fulbright US LLP October 6, 2015
|
|
- Ethel Phillips
- 8 years ago
- Views:
Transcription
1 Health information privacy and security Norton Rose Fulbright US LLP October 6, 2015
2 Speaker Mark Faccenda Mark Faccenda is a Partner in the Washington, D.C. office. As part of Norton Rose Fulbright's health care transactional group, Mark has represented health care industry clients on regulatory and transactional matters. Representative clients include pharmaceutical manufacturers, academic medical centers, health systems, physician groups, physician/hospital joint ventures, long-term care facilities and durable medical equipment suppliers. Prior to joining, Mark worked for the Pennsylvania House of Representatives Legislative Office for Research Liaison where he conducted economic and health care regulatory research in support of prospective legislation. As part of his work for the Legislative Office for Research Liaison, Mark authored and contributed content to the University of Pittsburgh Institute of Politics' quarterly Institute of Politics Report and its annual policy briefing, the Institute of Politics Status Report. Mark also worked for payer and provider sides of an integrated health system where he drafted corporate policies and provided legal research focusing on HIPAA, ERISA, EMTALA, same-sex benefit coverage and the Peer Review Protection Act. 2
3 Speaker Kimberly Gold Kimberly Gold is a Senior Associate in Norton Rose Fulbright's New York Office. Her practice focuses on healthcare transactions, regulatory compliance, and privacy and security matters. Kimberly has extensive experience in the areas of privacy, information security, cybersecurity and information management. She regularly advises clients on matters involving privacy and security of patient information under HIPAA and state laws. She also represents clients in the health information technology area and has counseled pharmaceutical and mobile app companies on privacy and FDA regulatory issues. Kimberly is currently working on-site with the Global Privacy Office of a global pharmaceutical company on various legal matters, including negotiating vendor agreements, providing advice on marketing and clinical trial initiatives, and developing privacy notices, consent documents, and internal policies. Kimberly's transactional experience includes mergers and acquisitions, joint ventures, and affiliations of hospitals, group practices and other provider entities. She also represents not-for-profit and tax-exempt organizations on a broad range of matters, and regularly advises clients on issues relating to accreditation by the Accreditation Council for Graduate Medical Education (ACGME) and the Liaison Committee on Medical Education (LCME). 3
4 Speaker Boris Segalis Boris Segalis is a US co-chair of Norton Rose Fulbright's Data Protection, Privacy and Cybersecurity practice group. He edits the practice's data protection blog, DataProtectionReport.com. Boris counsels clients regarding a broad range of privacy, information security, cybersecurity and information management issues. The practice addresses all aspects of information management lifecycle, including its collection, use, storage, disclosure and destruction, as well as the protection of the information and the infrastructure supporting the data. Boris advises clients on information law issues that arise in the context of databased products and services, big data programs, smart grid operations, marketing and advertising, corporate transactions (including M&A and bankruptcy), state and federal investigations and regulatory actions, cross-border data transfer, vendor management, cloud computing, technology transactions, incident and breach response and pre-response planning. Boris represents clients in a variety of industries, ranging from start-ups to Fortune 100 companies. His clients include companies in the consumer products and services areas, online retailers and media companies, pharmaceutical companies, utilities, travel-related businesses, B2B technology providers, payment processing businesses, and non-profit organizations. 4
5 Continuing education information We have applied for one hour of California and Texas CLE and New York non-transitional CLE credit. Newly admitted New York attorneys may not receive non-transitional CLE credit. For attendees outside of these states, we will supply a certificate of attendance which may be used to apply for CLE credit in the applicable bar or other accrediting agencies. Norton Rose Fulbright will supply a certificate of attendance to all participants who: Participate in the web seminar by phone and via the web Complete our online evaluation that we will send to you by within a day after the event has taken place 5
6 Administrative information Today s program will be conducted in a listen-only mode. To ask an online question at any time throughout the program, click on the question mark icon located on the toolbar in the bottom right side of your screen. Time permitting, we will answer your question during the session. Everything we say today is opinion. We are not dispensing legal advice, and listening does not establish an attorney-client relationship. This discussion is off the record. You may not quote the speakers without our express written permission. If the press is listening, you may contact us, and we may be able to speak on the record. 6
7 Internet of Things: connected medical devices and new compliance risks
8 Safe Harbor Invalidated Dataprotectionreport.com ECJ invalidates the Safe Harbor What s next? Derogations Model clauses Local requirements Commission action Safe Harbor renegoation DPA coordination 8
9 Safe Harbor - Derogations Allow the transfer of personal data from Europe to the US. The most commonly used are set out below: If the individual has given his unambiguous consent to the transfer; If the transfer is necessary for the performance of a contract between the individual and the business (which is the data controller ); If the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual between the business (again, the data controller ) and a third party; If the transfer is necessary or legally required on important public interest grounds, or for the establishment, exercise or defense of legal claims; or If the transfer is necessary in order to protect the vital interests of the data subject. 9
10 Internet of Things (IoT) What is it? Direct connection of individual to network, exchanging data with the manufacturer, operator and/or other connected devices Smart watches already track heart rate, skin temperature, perspiration, and number of steps. Sports clothing and shoes with data collection and reporting capabilities are available in the marketplace today. Fitbit Insulin pump Prosthetic Pacemaker A pill 10
11 Internet of Things (IoT) Benefits Population health Proactive fulfillment Diagnostic care Lower cost Insights & research Prevention Unknowns Big Data possibilities/correlations 11
12 Internet of Things (IoT) Risks New, unknown space Nascent, inexperienced regulators Cybersecurity vulnerabilities Privacy concerns Commercial exploitation of data (v. PHI) Employee privacy Government access 12
13 Internet of Things (IoT) Enforcement FTC FDA State AGs Global -- DPAs Other regulators to jump in Public shaming Fairness & Transparency 13
14 Internet of Things (IoT) Guidance - FTC Build security into devices at the outset, rather than as an afterthought in the design process; Train employees about the importance of security, and ensure that security is managed at an appropriate level in the organization; Ensure that when outside service providers are hired, that those providers are capable of maintaining reasonable security, and provide reasonable oversight of the providers; When a security risk is identified, consider a defense-in-depth strategy whereby multiple layers of security may be used to defend against a particular risk; Consider measures to keep unauthorized users from accessing a consumer s device, data, or personal information stored on the network; Monitor connected devices throughout their expected life cycle, and where feasible, provide security patches to cover known risks. 14
15 Management of vendors that access healthcare data
16 Vendor Management Programs Beyond the BAA Comprehensive program, not just a contract Risk based, scalable, consistent Multi-disciplinary Ties into broader risk assessment, privacy and security programs Goal: vendors as an extension of the organization with consistent risk profile and as much control/responsibility as possible 16
17 Vendor retention life cycle RFP Phase (competition over terms) Security, privacy and compliance due diligence Contract drafting Contract negotiation Contract enforcement Contract review and renegotiation 17
18 Key issues to address Security requirements Privacy and data ownership Processing location Subcontractor relationships System and data availability Data retention Incident response Liability / risk of loss 18
19 Key deliverables Vendor assessment questionnaire (VAQ) Security assessment questionnaire (SAQ) Data security and privacy terms/schedule Process documents Triggers Process flow chart FAQs Annotated terms schedule Negotiation points and fallback positions Training materials 19
20 Key contract terms Definitions Preventative Contract Terms Controls in place to prevent data breach Reasonable security Specific controls Audit and Enforcement Terms Assessment/scanning rights Non-compliance reporting Incident Response Contract Terms Notice and reporting Forensic investigation Risk of Loss Contract Terms 20
21 Data security incident preparedness and response
22 Data security incident preparedness and response Prevention v. response Assume a breach will occur Mistakes in the response cause the problems Reputation and direct business impacts at issue Increased risk of litigation and regulatory scrutiny Goal: reasonable incident response readiness 22
23 Incident response plan pre-cursors Data inventory and mapping Data types Data location (systems and offline) Data necessary to support forensic investigation Data risk assessment and classification Risk classification appropriate response Incident detection capabilities Technical detection capabilities Administrative Personnel and training Escalation protocols 23
24 Incident response planning key considerations Written incident response procedures and protocols Based on data risk classifications Scenario-based planning may be appropriate Key stakeholders Internal incident response team External incident response team Vendors Cyber insurers 24
25 Incident response planning key considerations Communication channels Internal: detection and escalation External: public relations External: patients, employees or affected individuals External: clients (for whom you hold sensitive data) External: regulators Others: law enforcement, boards, unions, etc. Investigative capabilities Determining the Ws (what, where, who, when) Locating, collecting and preserving evidence Internal investigative / forensic capabilities External investigative / forensic capabilities 25
26 Incident response planning key considerations Vendor management and incident response Containment, mitigation and recovery capabilities Cyber insurance availability and coordination Legal compliance and regulatory response Litigation readiness Testing, training and drilling 26
27 Handling data breaches - key considerations Immediate response needed Fast-moving and notification deadlines Difficult to understand tech and forensic issues Many vendors/services to coordinate Need to consider the fallout in the middle of the breach 27
28 Handling data breaches - activities Discovery Attorney-client privilege Incident response team formation / communications Investigation Remediation Legal Analysis Triggering of Breach Laws Legal Analysis Compliance with Breach Laws Customer and public relationship management Litigation risk and readiness Claim/regulatory action defense 28
29 Continuing education information If you are requesting CLE credit for this presentation, please complete the evaluation that you will receive from Norton Rose Fulbright. If you are listening to a recording of this web seminar, most state bar organizations will only allow you to claim self-study CLE. Please refer to your state s CLE rules. If you have any questions regarding CLE approval of this course, please contact your bar administrator. Please direct any questions regarding the administration of this presentation to Cristina De Los Santos at cristina.delossantos@nortonrosefulbright.com. 29
30
31 Disclaimer Norton Rose Fulbright US LLP, Norton Rose Fulbright LLP, Norton Rose Fulbright Australia, Norton Rose Fulbright Canada LLP and Norton Rose Fulbright South Africa Inc are separate legal entities and all of them are members of Norton Rose Fulbright Verein, a Swiss verein. Norton Rose Fulbright Verein helps coordinate the activities of the members but does not itself provide legal services to clients. References to Norton Rose Fulbright, the law firm and legal practice are to one or more of the Norton Rose Fulbright members or to one of their respective affiliates (together Norton Rose Fulbright entity/entities ). No individual who is a member, partner, shareholder, director, employee or consultant of, in or to any Norton Rose Fulbright entity (whether or not such individual is described as a partner ) accepts or assumes responsibility, or has any liability, to any person in respect of this communication. Any reference to a partner or director is to a member, employee or consultant with equivalent standing and qualifications of the relevant Norton Rose Fulbright entity. The purpose of this communication is to provide general information of a legal nature. It does not contain a full analysis of the law nor does it constitute an opinion of any Norton Rose Fulbright entity on the points of law discussed. You must take specific legal advice on any particular matter which concerns you. If you require any advice or further information, please speak to your usual contact at Norton Rose Fulbright. 31
M&A in 2015: Successor Liability Under the FCPA. Norton Rose Fulbright US LLP Thursday, February 26, 2015
M&A in 2015: Successor Liability Under the FCPA Norton Rose Fulbright US LLP Thursday, February 26, 2015 Speaker Marsha Z. Gerber Partner Norton Rose Fulbright US LLP Marsha Gerber is a partner in the
More informationBig Data: Navigating the Recent and Pending Releases of CMS Data Sets
Big Data: Navigating the Recent and Pending Releases of CMS Data Sets Bernard J. Ford, Navigant Consulting, Inc. Benjamin Koplin, Fulbright & Jaworski LLP (Norton Rose Fulbright) Lesley Reynolds, Fulbright
More informationWhere Is My Ripcord?
Where Is My Ripcord? What Counsel and Compliance Officers Need to Do When They Find Out the Company s Data Has Been Shoved into the Cloud Tuesday, March 1, 2011 Web Seminar Speakers Bob Owen (Moderator)
More informationInternational ediscovery. When Cyber Workspaces Collide with U.S. Litigation. May 1, 2012
International ediscovery When Cyber Workspaces Collide with U.S. Litigation May 1, 2012 Continuing Education Information We have applied for one hour of California, Minnesota, Texas and Virginia CLE and
More informationInter Partes Review: Claim amendments at the Patent Trial and Appeal Board. October 8, 2015
Inter Partes Review: Claim amendments at the Patent Trial and Appeal Board October 8, 2015 Today s presenters Mike Stimson Norton Rose Fulbright San Antonio, Texas Brandy Nolan Norton Rose Fulbright Dallas,
More informationSPIN-OFFS An Overview
SPIN-OFFS An Overview John R. Allender, Head of Tax, US Kevin Trautner, Partner, M&A/Securities Fulbright & Jaworski LLP December 12, 2013 79289972.4 Speaker John R. Allender Head of Tax, United States
More informationThe Legal Pitfalls of Failing to Develop Secure Cloud Services
SESSION ID: CSV-R03 The Legal Pitfalls of Failing to Develop Secure Cloud Services Cristin Goodwin Senior Attorney, Trustworthy Computing & Regulatory Affairs Microsoft Corporation Edward McNicholas Global
More informationM&A in 2013: Litigation Issues Affecting Mergers & Acquisitions
Peter Stokes and Mark Oakes Fulbright & Jaworski L.L.P. 98 San Jacinto Blvd., Ste 1100 Austin, Texas 78701 512.474.5201 M&A in 2013: Litigation Issues Affecting Mergers & Acquisitions Speakers Peter A.
More informationVendor Management Challenge Doing More with Less
Vendor Management Challenge Doing More with Less Megan Hertzler Assistant General Counsel Director of Data Privacy Xcel Energy Boris Segalis Partner InfoLawGroup LLP Session ID: GRC-402 Insert presenter
More informationPanel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices
Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Over the course of this one hour presentation, panelists will cover the following subject areas, providing answers
More informationCybersecurity: The Legal, Legislative and Regulatory Outlook
Cybersecurity: The Legal, Legislative and Regulatory Outlook Jamie Barnett Rear Admiral USN (Retired) Co-Chair, Telecommunications Partner in Cybersecurity Practice Cybersecurity Impact and Costs Direct
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More information3 rd Party Vendor Risk Management
3 rd Party Vendor Risk Management Session 402 Tuesday, June 9, 2015 (11 to 12pm) Session Objectives The need for enhanced reporting on vendor risk management Current outsourcing environment Key risks faced
More informationAcquisition Techniques: Choosing Between One Step vs. Two Step Mergers
Acquisition Techniques: Choosing Between One Step vs. Two Step Mergers Marilyn Mooney, Dan Wellington and Anita Tarar Partners Fulbright & Jaworski LLP November 14, 2013 Speaker Marilyn Mooney Partner
More informationNORTON ROSE FULBRIGHT FORUM TM Web Seminar. A Monthly
NORTON ROSE FULBRIGHT FORUM TM Web Seminar A Monthly Ethics and the lawyer's professional responsibilities in securities and other business transactions September 10, 2013 First Tuesday of Every Month
More informationPRIVACY MANAGEMENT ACTIVITIES
PRIVACY MANAGEMENT ACTIVITIES Designed for the privacy office to take privacy management to the next level, Nymity Templates offers a wide range of downloadable resources. Publication Date: June 2014 1.
More informationKEY CONSIDERATIONS OF CMS 2014 PROPOSED MEDICARE SHARED SAVINGS RULE
KEY CONSIDERATIONS OF CMS 2014 PROPOSED MEDICARE SHARED SAVINGS RULE Bernie Duco, Of Counsel, Norton Rose Fulbright Christopher Kanagawa, Senior Counsel, Norton Rose Fulbright January 13, 2015 47728506v5
More informationInsureTech 2015: Addressing cybersecurity and fraud in the ME insurance industry
InsureTech 2015: Addressing cybersecurity and fraud in the ME insurance industry Dino Wilkinson Partner Norton Rose Fulbright (Middle East) LLP 3 February 2015 The growing challenge of cyber risks From
More informationBeazley presentation master
The Art of Breach Management Beazley presentation master February 2008 A Brief Review of Data Breaches What is a Data Breach? Actual release or disclosure of information to an unauthorized individual/entity
More informationAdding Cloud Solutions to Customer Contracts Robert J. Scott
Adding Cloud Solutions to Customer Contracts Robert J. Scott MSP vs. Cloud Who owns the hardware? Where does the data reside? Dedicated vs. Multi tenant? Who contracts with 3 rd parties? How are services
More informationRogers Insurance Client Presentation
Rogers Insurance Client Presentation Network Security and Privacy Breach Insurance Presented by Matthew Davies Director Professional, Media & Cyber Liability Chubb Insurance Company of Canada mdavies@chubb.com
More informationCyber Insurance in an Evolving Liability Landscape: Informed, Strategic Expectations Monday, February 29, 2016 2:00pm 3:00pm
Cyber Insurance in an Evolving Liability Landscape: Informed, Strategic Expectations Monday, February 29, 2016 2:00pm 3:00pm Kimberly B. Holmes, Esq., RPLU VP, Product Development, Chief Underwriting Office
More informationwww.shipmangoodwin.com Shipman & Goodwin LLP 2015. All rights reserved. @SGHealthLaw HARTFORD STAMFORD GREENWICH WASHINGTON, DC
HIPAA Compliance and Non-Business Associate Vendors: Strategies and Best Practices July 14, 2015 William J. Roberts, Esq. Shipman & Goodwin LLP 2015. All rights reserved. HARTFORD STAMFORD GREENWICH WASHINGTON,
More informationBloomberg BNA Professional Learning Legal Course Catalog OnDemand Programs
Bloomberg BNA Professional Learning Legal Course Catalog OnDemand Programs *This is a sample course catalog. BBNA is in the process of moving all of our recorded content on to our new platform. Not all
More informationThe Importance of Privacy & Data Security in a Changing World
Cyber, PrivaCy & Data SeCurity 360 www.mpplaw.com about our PraCtiCe Data is the lifeblood of our global economy. Collected, stored and transmitted, digital data not only imparts great opportunities, but
More informationHow To Help Your Business With Data Security And Privacy
DATA SECURITY AND PRIVACY WORKING TOGETHER, OUR TEAM PROVIDES INSIGHTFUL COUNSEL AND A DEPTH OF SPECIALIZED EXPERIENCE. Overview: S ince well before companies entered the age of Big Data, Benesch attorneys
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationIntroduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide
Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationA Privacy and Data Security Checklist for All
July 2015 Many companies know they have to follow privacy and data security rules. Companies in the health care industry know about Health Insurance Portability and Accountability Act (HIPAA). Financial
More informationData Security Best Practices for In-House Counsel
Donna L. Wilson, Linda D. Kornfeld and Rebecca Perry Association of Corporate Counsel San Diego August 6, 2015 1 DONNA L. WILSON Tel: (310) 312-4144 Email: DLWilson@manatt.com Donna L. Wilson is co-chair
More informationVENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium
1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management
More informationHCCA Compliance Institute 2013 Privacy & Security
HCCA Compliance Institute 2013 Privacy & Security 704 Conducting a Privacy Risk Assessment A Practical Guide to the Performance, Evaluation and Response April 23, 2013 Presented By Eric Dieterich Session
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationData Breaches and Trade Secrets: What to Do When Your Client Gets Hacked
Data Breaches and Trade Secrets: What to Do When Your Client Gets Hacked R. Mark Halligan, FisherBroyles, LLP Andreas Kaltsounis, Stroz Friedberg Amy L. Carlson, Stoel Rives LLP Moderated by David A. Bateman,
More informationCloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More informationHow to Assess Legal Risk Management Practices
How to Assess s Strategy Areas for Assessment: A number of strategic areas that you may wish to start with are included in the matrix below. We invite comments on additional areas to include. Law Department
More informationBrief. The BakerHostetler Data Security Incident Response Report 2015
Brief The BakerHostetler Data Security Incident Response Report 2015 The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 the year of the
More informationBusiness Associates, HITECH & the Omnibus HIPAA Final Rule
Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS
More informationHHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI
January 23, 2013 HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI Executive Summary HHS has issued final regulations that address recent legislative
More informationSecond Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL
Second Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL Using Insurance Coverage to Mitigate Cybersecurity Risks To Warranty and Service Contract Businesses Barry Buchman, Partner
More informationCyber Insurance: How to Investigate the Right Coverage for Your Company
6-11-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationTHE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS
THE BEST PRACTICES FOR DATA SECURITY AND PRIVACY IN VENDOR/ CLIENT RELATIONSHIPS Data Law Group, P.C. Kari Kelly Deborah Shinbein YOU CAN T OUTSOURCE COMPLIANCE! Various statutes and regulations govern
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationFINRA Publishes its 2015 Report on Cybersecurity Practices
Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP
More informationCopyright 2014 Nymity Inc. All Rights Reserved.
This sample Benchmarks Report represents a real-world example of Your Privacy Management Status Report based on a mature privacy program in a non-north American organization within the public sector. Copyright
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationPreventing And Dealing With Cyber Attacks And Data Breaches. Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014
Preventing And Dealing With Cyber Attacks And Data Breaches Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014 Charles A. Blanchard Arnold & Porter LLP Formerly General Counsel, U.S. Air Force
More informationwhat your business needs to do about the new HIPAA rules
what your business needs to do about the new HIPAA rules Whether you are an employer that provides health insurance for your employees, a business in the growing health care industry, or a hospital or
More informationInsulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015
Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact February 10, 2015 Overview 1 The Legal Risks And Issues/The Role Of Legal Counsel: The Breach Coach The Slippery
More informationBusiness Associate Management Methodology
Methodology auxilioinc.com 844.874.0684 Table of Contents Methodology Overview 3 Use Case 1: Upstream of s I manage business associates 4 System 5 Use Case 2: Eco System of s I manage business associates
More informationIdentifying and Managing Third Party Data Security Risk
Identifying and Managing Third Party Data Security Risk Legal Counsel to the Financial Services Industry Digital Commerce & Payments Series Webinar April 29, 2015 1 Introduction & Overview Today s discussion:
More informationAuditing your institution's cybersecurity incident/breach response plan. Baker Tilly Virchow Krause, LLP
Auditing your institution's cybersecurity incident/breach response plan Objectives > Provide an overview of incident/breach response plans and their intended benefits > Describe regulatory/legal requirements
More informationHIPAA/HITECH Privacy and Security for Long Term Care. Association of Jewish Aging Services 1
HIPAA/HITECH Privacy and Security for Long Term Care 1 John DiMaggio Chief Executive Officer, Blue Orange Compliance Cliff Mull Partner, Benesch, Healthcare Practice Group About the Presenters John DiMaggio,
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Investment in cyber insurance Lockton Companies
More informationMedical Device Industry. industry developments and stay ahead. of the challenges. Health care law has been the. cornerstone of our law firm for nearly
ebglaw.com introduction The medical device industry has seen significant growth in recent years. This has led to an increase in government regulations and enforcement efforts. attorneys help our clients
More informationHealthcare Payment Processing: Managing Data Security and Privacy Risks
Moderator: Linda A. Malek Chair, Healthcare Moses & Singer LLP Healthcare Payment Processing: Managing Data Security and Privacy Risks Thursday, September 13, 2012 Panelists: Beth L. Rubin Senior Counsel
More informationPrepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014
Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A.
More informationCybersecurity and Privacy 2015: Presentation to Institute of International Bankers
Cybersecurity and Privacy 2015: Presentation to Institute of International Bankers Sue Ross Senior Counsel Norton Rose Fulbright US LLP October 27, 2015 Speaker Sue Ross Senior Counsel Norton Rose Fulbright
More informationSEC Cybersecurity Findings May Establish De Facto Standard
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com SEC Cybersecurity Findings May Establish De Facto
More information12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013
Regulatory Updates Eric M. Wright, CPA, CITP Schneider Downs & Co., Inc. December 5, 2013 Eric M. Wright, CPA, CITP Eric has been involved with Information Technology with Schneider Downs since 1983. He
More informationIT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014
IT Vendor Due Diligence Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 Carolinas HealthCare System (CHS) Second largest not-for-profit healthcare system
More informationAnatomy of a Cloud Computing Data Breach
Anatomy of a Cloud Computing Data Breach Sheryl Falk Mike Olive ACC Houston Chapter ITPEC Practice Group September 18, 2014 1 Agenda Ø Cloud 101 Welcome to Cloud Computing Ø Cloud Agreement Considerations
More informationCybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015
Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas
More informationHow To Buy Cyber Insurance
10-26-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationData Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked
Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Linda Vincent, R.N., P.I., CITRMS Vincent & Associates Founder The Identity Advocate San Pedro, California The opinions expressed
More informationConsumer Financial Services. Industry-leading counsel in regulatory compliance, product development, and litigation. Attorney Advertising
Consumer Financial Services Industry-leading counsel in regulatory compliance, product development, and litigation Attorney Advertising Recognized for national excellence by Chambers. Vast regulatory experience.
More informationConducting due diligence and managing cybersecurity in medical technology investments
Conducting due diligence and managing cybersecurity in medical technology investments 2015 McDermott Will & Emery LLP. McDermott operates its practice through separate legal entities in each of the countries
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP
More informationVendor Management Challenges and Solutions for HIPAA Compliance. Jim Sandford Vice President, Coalfire
Vendor Management Challenges and Solutions for HIPAA Compliance Jim Sandford Vice President, Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control
More informationMEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
More informationOur Commitment to Information Security
Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationCYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison
CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison Gary Solway* Bennett Jones LLP The August release of the purported names and other details of over 35 million customers
More informationImplementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind
Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and
More informationHealth Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know
Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection
More informationData Privacy & Security: Essential Questions Every Business Must Ask
Data Privacy & Security: Essential Questions Every Business Must Ask Presented by: Riddell Williams P.S. Riddell Williams P.S. May 6, 2015 #4841-4703-9779 Innocent? 2 Overview 3 basic questions every business
More informationCloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns. Privacy and Information Management Practice / Washington, DC
Cloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns Privacy and Information Management Practice / Washington, DC Disclaimer THIS PRESENTATION IS TO ASSIST IN A GENERAL
More informationALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage
ALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage VENABLE LLP Attorneys at Law Washington, DC/New York/San Francisco/Los Angeles/Baltimore/Virginia/Delaware November
More informationHow To Make Bring Your Own Device A Plus, Not A Risk
FINANCIAL INSTITUTIONS ENERGY INFRASTRUCTURE, MINING AND COMMODITIES TRANSPORT TECHNOLOGY AND INNOVATION PHARMACEUTICALS AND LIFE SCIENCES BYOD: Bring your own device How to make BYOD a PLUS, not a RISK
More informationRecent Data Security Developments for Government Contractors
Recent Data Security Developments for Government Contractors November 4, 2015 Attorney Advertising Speakers Jonathan Cedarbaum Partner WilmerHale Barry Hurewitz Partner WilmerHale Ben Powell Partner WilmerHale
More informationEvolving Issues for Healthcare IT Contracting
Evolving Issues for Healthcare IT Contracting By: Alan L. Friel This client advisory is based in part on an article appearing in FierceHealthIT. The emergence of mega-suite vendors, more use of the cloud,
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationCloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World
Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World July 30, 2015 Sutherland Webinar Michael Steinig 202.383.0804 Michael.Steinig@sutherland.com
More informationPrivacy Governance and Compliance Framework Accountability
Privacy Governance and Framework Accountability Agenda Global Data Protection and Privacy (DPP) Organization Structure Privacy The 3 Lines of Defense (LOD) Model: Overview Privacy The 3 Lines of Defense
More informationNew Devices Mean New Risks: The Potential for Liability When Software is a Component of Medical Devices. September 25, 2013
New Devices Mean New Risks: The Potential for Liability When Software is a Component of Medical Devices September 25, 2013 The Hartford Insuring Innovation Joe Coray Dan Silverman Providing insurance solutions
More informationDodging Breaches from Dodgy Vendors: Tackling Vendor Risk Management in Healthcare
Dodging Breaches from Dodgy Vendors: Tackling Vendor Risk Management in Healthcare Strengthening Cybersecurity Defenders #ISC2Congress Healthcare and Security "Information Security is simply a personal
More informationDATA BREACH RESPONSE READINESS Is Your Organization Prepared?
March 30, 2015 DATA BREACH RESPONSE READINESS Is Your Organization Prepared? Peter Sloan Pete Enko Jeff Jensen Deborah Juhnke The data security imperatives of Prevention, Detection, and Response do not
More informationMAKING THE RIGHT CHOICE
MAKING THE RIGHT CHOICE How to select a data breach response remediation provider in either a pre-breach or post-breach situation by Shawn Melito, NPC, Inc. Integrated Print & Digital Solutions In cooperation
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationCybersecurity and Insurance Companies
Cybersecurity and Insurance Companies ACLI Forum 500 CEO Leadership Retreat Timothy J. Nagle Vice President & Chief Privacy Counsel Prudential Financial 1 May 13, 2015 What is cybersecurity? Protecting
More informationHEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES
HEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES OCTOBER 2014 3300 North Fairfax Drive, Suite 308 Arlington, Virginia 22201 USA +1.571.481.9300 www.lunarline.com OUR CLIENTS INCLUDE Contents Healthcare
More informationCyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014
Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A. Puplava
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BAA ) is effective ( Effective Date ) by and between ( Covered Entity ) and Egnyte, Inc. ( Egnyte or Business Associate ). RECITALS
More informationStandard: Information Security Incident Management
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
More information