CMS recently sent a proposed request for information (RFI) to the Federal Office of Management and Budget (OMB) for review.  The RFI would seek feedback on whether provisions of HIPAA present barriers or otherwise discourage coordination of care among providers, payors and patients.  The RFI also seeks feedback on whether HIPAA “impede[s] the transformation to

We’re all guilty of it.  We keep things that we don’t need, like that pair of stone-washed jeans from 1992 that you hope will come back into style or your beanie baby collection that you blindly believe might be worth something someday.  While our inability to purge old stuff from our closets may cost us closet space, the repercussions for an organization that hoards data are far more significant.  From a cybersecurity perspective, the more personal information a company maintains, the more information it has to lose.  Consequently, the more information a company loses, the higher the financial and reputational costs.
Continue Reading Less is more: The Role of Data Retention Policies in Cybsesecurtity Preparedness

On July 5, 2018, the EU Parliament passed a non-binding resolution encouraging the European Commission to suspend the EU-US Privacy Shield Program unless the US is fully compliant by September 1, 2018.  The EU Parliament believes that the current Privacy Shield program does not provide an adequate level of protection required by European law.  This comes roughly two years after the European Commission deemed the EU-US Privacy Shield Framework adequate to enable data transfers under EU law.  But a lot has changed in two years. 
Continue Reading EU Commission Recommends Suspension of Privacy Shield; Recent FTC Efforts May Be Too Little Too Late

Today, in a 5-4 decision, the US Supreme Court ruled that the government’s acquisition of information regarding an individual’s location based on a cell phone record amounts to a Fourth Amendment search and generally requires a warrant.  In Carpenter v. United States, the government obtained nearly 13,000 location points on Carpenter’s movements over a

Yesterday the United States Court of Appeals for the Seventh Circuit weighed in on the consumer class action standing issue.  The court found that Barnes & Noble customers have standing to pursue a class action concerning the hacking of the retailer’s PIN pads.  In doing so, the Seventh Circuit reversed a district court ruling dismissing the complaint for failure to adequately plead damages.  The Court of Appeals determined that the time value of money which had been removed from plaintiffs’ accounts (even though it was ultimately returned), the costs of credit monitoring, and the time invested to create new accounts all were sufficient to provide standing.
Continue Reading The Seventh Circuit Weighs In On Standing

Facebook is the subject of a recent media blitz due to the allegations that 50 million people had their information improperly disclosed to Cambridge Analytica, a data research firm that may have played a role in the 2016 election.

The premise of the allegations is that Cambridge Analytica sent out a personality test to roughly 270,000 of Facebook’s users, stating that it would use the test for academic purposes.  However, allegedly, Cambridge Analytica collected the personal information not only of those who replied to the survey, but also of all of those individuals’ Facebook “friends.”  By doing so, the 270,000 users extrapolated to 50 million users.
Continue Reading Facebook In Hot Water With Latest Privacy Missteps