Search

Search form

Joseph J. LazzarottiBlog Posts

See all

  • Senate Judiciary Committee Approves Data Security and Breach Notification Measures

    Yesterday, the U.S. Senate Judiciary Committee again approved two pieces of legislation that would require certain entities to safeguard personal information and notify individuals of breaches of that information. Over the last few years, similar legislation made it out of various Committees, but failed to go any further. Could this time be different? The Committee voted … Continue reading Senate Judiciary Committee Approves Data Security and Breach Notification Measures
    November 6, 2009
  • Employers Go Green: Electronic On-Boarding – Personal Information and Other Challenges

    In good and not-so-good economic times, the on-boarding process – recruiting, application, hiring and orientation – is critical for employers to attract and welcome new talent. In recent years, technology has enabled employers to perform all or a part of this process on-line, significantly increasing efficiency and reducing costs. Moving to a web-based on-boarding system, … Continue reading Employers Go Green: Electronic On-Boarding – Personal Information and Other Challenges
    November 5, 2009
  • HIPAA Enforcement Regulations Updated for Penalty Increases and Enhancements under the HITECH Act

    The Department of Health and Human Services (HHS) published interim final regulations on October 30, 2009, to update existing enforcement regulations under HIPAA for statutory revisions made by the Health Information Technology for Economic and Clinical Health (HITECH) Act. These regulations become effective November 30, 2009, and only address the provisions of the HITECH Act already … Continue reading HIPAA Enforcement Regulations Updated for Penalty Increases and Enhancements under the HITECH Act
    November 2, 2009
  • HIPAA Data Breaches in India Threaten Outsourcing Industry, Require Greater Vigilance at Home

    A British TV station investigation into India’s medical transcription industry, known as Business Process Outsourcing (BPO), uncovered unsettling news for British subjects, as well as American citizens. Medical records sent to India to be transcribed and computerized are being sold. The Economic Times report on the investigation out of New Delhi suspects a "hardening of stance on the … Continue reading HIPAA Data Breaches in India Threaten Outsourcing Industry, Require Greater Vigilance at Home
    October 31, 2009
  • Data Breach Due to Peer-to-Peer Software Reveals Numerous Congressional Ethics Inquiries

    The Washington Post is reporting another inadvertent disclosure of sensitive information involving "peer-to-peer" or "P2P" technology. This time, the disclosure exposed a House Ethics Committee document outlining ongoing ethics investigations for an uncomfortably large number of House members. The same technology raises serious issues for employers. According to the Washington Post, the now-terminated, junior committee staff member … Continue reading Data Breach Due to Peer-to-Peer Software Reveals Numerous Congressional Ethics Inquiries
    October 30, 2009
  • Pretexting and the Need for Employers to Investigate Their Investigators

    As reported by Ameet Sachdev, of the Chicago Tribune, a jury found an employer responsible for the actions of its investigators who obtained a former employee’s phone records through “pretexting.” Of the $1.8 million awarded to the former employee for breaches of her privacy, the jury awarded $1.75 million in punitive damages. Regardless of whether … Continue reading Pretexting and the Need for Employers to Investigate Their Investigators
    October 27, 2009
  • WISP: Do You Have a Plan for Your Company’s Sensitive Information?

    Data privacy and security laws in states such as Massachusetts, Maryland and Nevada require businesses to develop written policies and procedures that provide administrative, physical, and technological safeguards to protect personal information – or a "written information security program" or "WISP." These laws do not require protections for confidential company information and trade secrets, but … Continue reading WISP: Do You Have a Plan for Your Company’s Sensitive Information?
    October 24, 2009
  • Reporting a Breach of HIPAA Protected Health Information to HHS

    Little more than one month after the HIPAA breach notification regulations became effective (September 23, 2009), covered entities (health care providers, health plans) and their business associates are struggling with the effects of these new rules. Many are asking: What is a breach? Do we have to notify in all cases, what are the exceptions? … Continue reading Reporting a Breach of HIPAA Protected Health Information to HHS
    October 24, 2009

Pages