In 2021, the Health Information Technology for Economic and Clinical Health Act (HITECH) was amended to add “recognized cybersecurity practices” as a mitigating factor when determining fines, audits and remedies against covered entities and business associates for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Department of Health and Human
Password Protected
Latest from Password Protected - Page 4
Twitter Fined $150M for Violating FTC Order on Misrepresenting Privacy and Security Practices
On May 25, the Federal Trade Commission announced that it, along with the Department of Justice, fined Twitter $150 million for violating a 2011 agreement with the FTC in which Twitter promised to protect the integrity of nonpublic consumer information, including users’ phone numbers and email addresses.
Read on for details about the alleged violations…
SEC Expands Enforcement Unit Tasked With Protecting Crypto Markets
Reflecting its determination to monitor the crypto markets, the U.S. Securities and Exchange Commission announced today that it was renaming the Cyber Unit the “Crypto Assets and Cyber Unit” and nearly doubling its size, from 30 to 50 members. The additional permanent positions will include investigative staff attorneys, trial lawyers and fraud analysts, who will…
TCPA Defendants Defeat Class Certification, Novel Autodialer Arguments; Lose Supreme Court Bid
Federal courts in recent Telephone Consumer Protection Act cases served up two victories and one disappointment for the defense. Siding with the defense, the 7th U.S. Circuit Court of Appeals ruled that defendants do not carry the burden of proof at class certification, and the 8th Circuit joined other courts in maintaining a narrow autodialer…
New Utah Privacy Law Largely Overlaps with Existing State Statutes
The Utah Consumer Privacy Act (“UCPA”) passed by the Utah legislature was signed into law by Governor Spencer Cox on March 24, 2022 and becomes effective December 31, 2023. While companies conducting business in Utah will need to familiarize themselves with the law in order to become complaint if they are covered by the statute,…
Senators Propose Commission on Health Data Use and Privacy Protection to Study Modernizing HIPAA
On Feb. 9, U.S. Senators Bill Cassidy and Tammy Baldwin introduced a bill that would create a Commission on Health Data Use and Privacy Protection to study the potential modernization of HIPAA. Introduction of the bill follows a recent trend of increased attention to data privacy at the federal level, both for covered entities and…
FINRA Releases 2022 Report on Examination and Risk Monitoring Program
In February, the Financial Industry Regulatory Authority released the 2022 Report on FINRA’s Examinations and Risk Monitoring Program, providing guidance to the broker-dealer industry.
Read on for a discussion of key topics addressed in this year’s report.
SEC Proposes New, Formal Cybersecurity Disclosure Rules
On March 9, the U.S. Securities and Exchange Commission proposed new rules that would fundamentally change how public companies treat the reporting and management of cybersecurity incidents and risk.
Read on for details about these proposed rules, which build significantly upon prior guidance by creating express, mandatory disclosure obligations.
DOJ Announces First False Claims Settlement Since Launch of Civil Cyber-Fraud Initiative
On March 8, the U.S. Department of Justice announced a $930,000 settlement with Comprehensive Health Services, LLC for alleged violations of the False Claims Act. As DOJ’s first resolution of a False Claims Act enforcement action involving cyber fraud since launching its Civil Cyber-Fraud Initiative in October 2021, this settlement signals the DOJ’s eagerness to…
SEC Onslaught of Proposed Rules Turns Focus to Investment Advisers
The Securities and Exchange Commission continues to propose rules at a rapid pace. Three of the most recent proposed rules would significantly impact investment advisers by:
…