September 2009
S M T W T F S
« Aug   Oct »
 12345
6789101112
13141516171819
20212223242526
27282930  

Legal Disclaimer

Your use of this Blog does not create an attorney-client relationship. Your e-mail or comments do not create an attorney-client relationship. We have no duty to keep confidential the information that is submitted to this blog. This blog is not a substitute for, nor does it constitute legal advice. Only an attorney who knows the details of your particular situation and is properly licensed in the applicable state (or states) is able to appropriately and properly address any legal issues you may have.

Blog Categories

Updated -- Summary of 50 State Security Breach Notification Laws

By Robert Hudock, on September 15th, 2009 Print This Post Print This Post

Attached is an updated summary of the major provisions of each state law that have enacted security breach statutes. In the event of a security breach, you should consult legal counsel to ascertain the appropriate method of notification and other requirements. To date — forty-five states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information. States with no security breach laws include: Alabama, Kentucky, Mississippi, New Mexico, and South Dakota. Arkansas, California, Minnesota, and Texas now include health information within the scope of their respective security breach statutes by including health information within the definition of personal information. Eight states take an acquisition based approach when defining whether notice should be given, while the remaining states take a more pragmatic risk assessment of the likelihood of harm as controlling whether notice should be sent to consumers. [...]

September 15th, 2009 | Tags: , , , , , | Category: Privacy Law, State Privacy and Computer Security Laws, State Security Breach Laws | 4 comments Print This Post Print This Post

Excellent Article from American Health Lawyers Association’s Healthcare Liability & Litigation Health Briefs, on 9/9/09. by Kristen McDonald. (Republished with permission from the author.)

By Kristen McDonald, on September 15th, 2009 Print This Post Print This Post

What happens if the offices of a covered entity are broken into and unsecured protected health information (PHI) of more than 500 individuals is stolen? With the enactment of the Health Information Technology for Economic and Clinical Health (HITECH) Act,1 the ramifications to the covered entity and potential liability stemming from such a breach2 are significant to say the least. Not only is the covered entity required to notify the affected individuals of the breach of unsecured PHI,3 but also the covered entity must notify the media and the Department of Health and Human Services Secretary (HHS Secretary) of potentially damaging information concerning the breach. The HITECH Act’s requirement to report details of a significant breach not only to the affected individuals but also to the media and the Secretary may negatively impact the covered entity’s goodwill in the community and cause a loss of business. Of particular concern to the covered entity’s litigation counsel, though, is the potential liability that the covered entity may face due to the [...]

September 15th, 2009 | Tags: , , , , , , , , | Category: Computer Security Law -- Federal, Damages, HIPAA Privacy, HIPAA Security, HITECH Act, Health and Humans Services (HHS), Identity Theft, Individually identifiable health information, Office of Civil Rights, unsecured protected health information | One comment Print This Post Print This Post
Improve the web with Nofollow Reciprocity.