Data Security « Learning Center
Banner

Posts tagged Data Security

President Signs Identity Theft Enforcement and Restitution Act

Sep 26th

Posted by Steve in Healthcare Law

No comments

Earlier today, the President signed the Identity Theft Enforcement and Restitution Act, which strengthens federal law regulating the inappropriate access and use of certain data.

As explained by the House of Representatives (and quoted below), Identity Theft Enforcement and Restitution Act amends the federal criminal code to:

  • Authorize criminal restitution orders in identity theft cases to compensate victims for the time spent to remediate the intended or actual harm incurred;
  • Allow prosecution of computer fraud offenses for conduct not involving an interstate or foreign communication;
  • Eliminate the requirement that damage to a victim’s computer aggregate at least $5,000 before a prosecution can be brought for unauthorized access to a computer;
  • Make it a felony, during any one-year period, to damage 10 or more protected computers used by or for the federal government or a financial institution;
  • Expand the definition of “cyber-extortion” to include a demand for money in relation to damage to a protected computer, where such damage was caused to facilitate the extortion;
  • Prohibit conspiracies to commit computer fraud;
  • Expand interstate and foreign jurisdiction for prosecution of computer fraud offenses; and
  • Impose criminal and civil forfeitures of property used to commit computer fraud offenses.

Disclaimer: The information contained within the MTBC® Learning Center is provided for general educational and informational purposes only and should not be construed as legal advice. The author of the Learning Center does not represent the Web site user or the individual submitting a particular question. Please seek the advice of legal counsel to address any specific questions you may have regarding your particular facts or circumstances

, , ,

HHS to Host Medical Identity Theft Town Hall

Sep 23rd

Posted by Steve in Healthcare Law

No comments

As readers of this blog may recall, earlier this year, the U.S. Department of Health and hhs hostHuman Services, Office of the National Coordinator for Health Information Technology, asked the consulting group of Booz Allen Hamilton to perform an assessment and evaluation of United States’ medical identity theft problem.

As part of this assessment and evaluation, HHS is hosting a Medical Identity Theft Town Hall. HHS explains that “the Town Hall’s focus will consider how medical identity theft should be addressed in a health information technology (health IT) environment. Health care stakeholders from the public and private sectors will share their knowledge and experience and gain insights into trends and future developments.”

The details of the Town Hall are as follows:

  • Date/Time: October 15th, 2008, 8:30 AM-4:30 PM
  • Location: Federal Trade Commission Conference Center601 New Jersey Avenue, NW Washington, D.C.

For more information about the Town Hall, visit Healthcare IT website. To RSVP for the Town Hall or to participate via the webcast, you may send an email to the following email address: MedIDTheftTownHall@hhs.gov

Disclaimer: The information contained within the MTBC® Learning Center is provided for general educational and informational purposes only and should not be construed as legal advice. The author of the Learning Center does not represent the Web site user or the individual submitting a particular question. Please seek the advice of legal counsel to address any specific questions you may have regarding your particular facts or circumstances

, , , ,

Oklahoma DHS Acknowledges Inappropriate Disclosure of Files

Sep 18th

Posted by Steve in Healthcare Law

No comments

While Oklahoma may be a world away from New Jersey, the headline I read during my recent visit to Oklahoma reminded me that agencies and practices in every state struggle with safeguarding confidential patient health information.

As reported by the Oklahoman, a used furniture store in Oklahoma City recently sold a surplus file cabinet to a customer named Kathy Montoya. To Montoya’s surprise, the file cabinet inadvertently contained files holding confidential information including health records, social security numbers, payroll information and the like.

While this episode did not involve a health practice, it reminds us of the fact that inadequate processes and controls can yield disastrous results. As a healthcare provider, these disastrous consequences may include governmental action or civil liability arising from HIPAA breaches, data breach disclosure laws, various privacy regulations and state common law.

If DHS’ breach had involved the compromise of electronic data, it would have triggered Oklahoma’s data breach notification law, which requires that notice be provided to all affected individuals regarding the breach. Most states have a version of this data breach notification law and we have compiled the details of these laws in our legal corner.

Disclaimer: The information contained within the MTBC® Learning Center is provided for general educational and informational purposes only and should not be construed as legal advice. The author of the Learning Center does not represent the Web site user or the individual submitting a particular question. Please seek the advice of legal counsel to address any specific questions you may have regarding your particular facts or circumstances

, ,
« Older Entries