What We’re Reading - August 6, 2021
Friday, August 6, 2021
Health and Human Services Office for Civil Rights HIPAA
Print Mail Download i

There is a glut of information out there regarding privacy and cybersecurity these days.  Our new feature “What We’re Reading” provides a curated list of articles, blogs, newsletters, and books that you may find interesting and helpful.

  • For healthcare providers and other HIPAA-covered entities:  News stories and Health and Human Services Office for Civil Rights (OCR) investigations abound of hackers infiltrating information systems, workforce members impermissibly accessing patients’ health information, and electronic PHI (ePHI) being left on unsecured servers.   The Summer 2021 OCR Newsletter is required reading discussing the importance (indeed, the HIPAA Security Rule requirements….) of Information Access Management and Access Control. 

  • We often discuss data retention/destruction programs with clients, and in this age of Big Data, the answer to the initial question --   how long do you retain data when you no longer actively use it? – is many times “forever.”   Recital 39 of the GDPR and the upcoming California Privacy Rights Act (CPRA) both impose limits on data retention.  In fact, by January 2023, the CPRA will affirmatively prohibit businesses from hanging on to personal information for “each disclosed purpose for which the personal information was collected for longer than is reasonably necessary for that disclosed purpose.”     Another perspective on data “hoarding”  may ring true with business stakeholders – Paul Gillin writes in Computerworld that the consequences go beyond “compliance.”

  • Ransomware – (1) NIST has published draft guidance for organizations concerning ransomware attacks.   The Ransomware Profile can help any organization seeking to implement a risk management framework that deals with ransomware threats….and every organization should be working on that.  (2) The Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security has launched StopRansomware.gov, an interagency resource that providers information regarding ransomware protection, detection, and response guidance in a single website.  It includes ransomware alerts, reports, and resources from CISA, the FBI, and other federal partners in a whole-of-government approach.

©1994-2024 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

Current Legal Analysis

More from Mintz

DOJ Releases COVID-19 Fraud Enforcement Task Force Report Touting Its Successes and Urging Lawmakers to Enact New Legislation
by: Jane Haviland , Abdie Santiago
SEC’s Enforcement Authority Over Crypto Asset Transactions Upheld (Again) in Case Against Coinbase
by: Cory S. Flashner , Steve Ganis
Canada’s 2024 Federal Budget: The Time Is Now ... to Lock in Lower Tax Rates
by: Katy Pitch
American Privacy Rights Act – Another Shot at a Comprehensive Federal Privacy Law
by: Cynthia J. Larose , Christopher J. Buontempo
Tony Bennett May Have Left His Heart in San Francisco but the City's Appeal of Its NPDES Permit is on its Way to the United States Supreme Court.
by: Jeffrey R. Porter
Navigating Health Tech: Regulations for AI/ML in Medical Devices and Software [Video]
by: Benjamin M. Zegarelli , Pat G. Ouellette
Supreme Court Narrows the Reach of Omission Liability Claims Under Section 10(b) of the Exchange Act
by: Douglas P. Baumstein , Jason C. Vigna
Office of the Level Playing Field
by: Jennifer B. Rubin
The Sun is About to Set on Temporary CCPA/CPRA Exemptions: Employers Get Ready
by: Cynthia J. Larose
New Jersey Adopts a Comprehensive Data Privacy Law
by: Cynthia J. Larose , Jon Taylor

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins