Search

Search form

Joseph J. LazzarottiBlog Posts

See all

  • Federal Law Introduced to Require Credit Monitoring Following Data Breach

    On August 5, 2010, U.S. Senators Mark Pryor (D-AR) and John D. (Jay) Rockefeller IV (D-WV)  introduced legislation to require businesses and nonprofit organizations that store consumers’ personal information to put in place strong security features to safeguard sensitive data, alert consumers when this data has been breached, and provide affected individuals with the tools … Continue reading Federal Law Introduced to Require Credit Monitoring Following Data Breach
    August 11, 2010
  • EEOC and 7-Eleven of Hawaii Settle Over Disclosure of Former Employee’s Medical Information

     Does your HR staff know the limits on what they could tell prospective employers about former employees? In this case, the US Equal Employment Opportunity Commission (EEOC) alleged that 7-Eleven of Hawaii failed to keep a former employee’s medical information confidential by disclosing the information to a prospective employer, in violation of the ADA, which caused the … Continue reading EEOC and 7-Eleven of Hawaii Settle Over Disclosure of Former Employee’s Medical Information
    August 6, 2010
  • Rite Aid Agrees to $1 Million Payment to HHS Concerning Potential HIPAA Privacy Violations

    Rite Aid Corporation and its affiliates have agreed to pay $1 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, the U.S. Department of Health and Human Services (HHS) announced today. At the same time, Rite Aid signed a consent order with the Federal Trade Commission (FTC) … Continue reading Rite Aid Agrees to $1 Million Payment to HHS Concerning Potential HIPAA Privacy Violations
    July 27, 2010
  • To host or not to host?

    Guest Post from Pat Yu* of Accero. We are happy to make Mr. Yu’s insights available to our readers as they are important considerations for companies considering alternative data and systems management strategies. Enjoy this post:  To host or not to host . . . That’s ultimately the critical question when it comes to major … Continue reading To host or not to host?
    July 23, 2010
  • HHS Announces Final EHR Regulations Charting Path to Billions in Incentives for Providers and Hospitals to Adopt EHR Systems

    U.S. Department of Health and Human Services Secretary Kathleen Sebelius has announced final rules for eligible health care professionals and hospitals to qualify for a portion of the $27 billion or so in Medicare and Medicaid incentive payments for implementation and meaningful use of certified electronic health records (EHR). Many are concerned these incentives will … Continue reading HHS Announces Final EHR Regulations Charting Path to Billions in Incentives for Providers and Hospitals to Adopt EHR Systems
    July 13, 2010
  • Proposed HITECH Regulations: Will Subcontractors of Business Associates Be Subject to the HIPAA Privacy and Security Rule?

    Further to our discussions of the proposed regulations to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), we summarize here a proposed changed to the definition of “business associate.” A significant part of the “HIPAA community” (covered entities, business associates and their agents and subcontractors) already … Continue reading Proposed HITECH Regulations: Will Subcontractors of Business Associates Be Subject to the HIPAA Privacy and Security Rule?
    July 13, 2010
  • Shredding and Data Destruction Companies – A HIPAA-Covered Entity’s Best Friend

    We recently reported here that the Department of Health and Human Services (HHS) is issuing proposed regulations to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”). These proposed regulations contain a number of important points to think about for HIPAA covered entities (and business associates), even … Continue reading Shredding and Data Destruction Companies – A HIPAA-Covered Entity’s Best Friend
    July 12, 2010
  • HHS to Issue Proposed Regulations Concerning HITECH

    The Department of Health and Human Services announced this morning that it will be issuing a notice of proposed rulemaking to begin implementing the recent statutory amendments under the Health Information Technology for Economic and Clinical Health Act (“the HITECH Act”). According to HHS, the proposed regulations (pdf), set to be published July 14, 2010, are designed to strengthen the … Continue reading HHS to Issue Proposed Regulations Concerning HITECH
    July 8, 2010
  • Alberta Becomes First Canadian Province to Enact Data Breach Notification Law

    Effective May 1, 2010, Alberta amended its Personal Information Protection Act (PIPA) to require breach reporting and notification requirements. U.S. businesses with a presence in Alberta should take note of the new law as it is a bit different than most of the state data breach notification laws in the United States.  PIPA governs the collection, use … Continue reading Alberta Becomes First Canadian Province to Enact Data Breach Notification Law
    June 28, 2010
  • Does Your “Cyber” or “Data Breach” Insurance Cover What You Think It Does?

    As companies struggle with the risks and exposures related to data breaches, insurance can be an important part of an overall risk management strategy – so long as it is the right insurance. Insurance carriers are offering products that purport to address this type of risk. Such insurance can be particularly important to businesses for … Continue reading Does Your “Cyber” or “Data Breach” Insurance Cover What You Think It Does?
    June 22, 2010

Pages