Data Security and Breach Notification Act

HIPAA has teeth.  On June 1, 2018, an Administrative Law Judge (ALJ) ruled that the University of Texas MD Anderson Cancer Center violated HIPAA.  In doing so, the ALJ granted the Office of Civil Rights (OCR) summary judgment, requiring the hospital to fork up the $4,348,000 in civil monetary penalties imposed by OCR.  Continue Reading ALJ Judge Upholds OCR’s $4,348,000 Data Breach Penalty on Texas Hospital

At the end of last week, three U.S. Democratic Senators, including Connecticut’s Richard Blumenthal, proposed the 44-page Data Security and Breach Notification Act (“Proposed Act”).  The Proposed Act would preempt the laws of the 48 states that currently have data breach notification laws and the Federal Trade Commission (“FTC”) would have enforcement authority.  State Attorneys General would be permitted to pursue violations of the Proposed Act as civil actions in federal court if the FTC has not already initiated an action. The Proposed Act also provides for sizable civil penalties up to $5 million and criminal penalties including imprisonment for up to 5 years for willful failure to notify those impacted.   Continue Reading National Data Breach Notification Law Proposed