On August 4, 2016, the Department of Health and Human Services, Office of Civil Rights (OCR) announced that Advocate Health Care Network, Illinois' largest hospital chain, agreed to pay $5.5 million to resolve multiple alleged violations of the Health Insurance Portability and Accountability Act (HIPAA). This settlement is the largest HIPAA-related settlement in OCR history, and comprises more than a quarter of the nearly $20 million that the government has collected in HIPAA-related enforcement actions in 2016 alone.
Plan Ahead, Stay On Top of Government and Tech Changes, and Be Ready to Call the FBI: Key Lessons from the PHI Protection Network Conference
Late last week, the health care data security community gathered in Philadelphia for the PHI Protection Network Conference. The diverse group of speakers included in-house data security officers, technology consultants, academics, attorneys, and a variety of influential federal government representatives. I was in the audience. A handful of key themes were reiterated in various ways throughout the two-day gathering.
Last week, on January 14, 2016, the Federal Trade Commission (FTC) convened PrivacyCon, a first-of-its kind conference bringing together policymakers, academics, and technology researchers to discuss the challenges surrounding online privacy as we navigate between a fixed-internet world, a mobile one, and the growing â€œinternet of things.â€ I was in the audience, and I came away with two major points and a lesson for white collar defense lawyers and their clients.
On Monday, November 2nd, the Federal Communications Commission (FCC) took more enforcement steps in its campaign against Wi-Fi blocking, "the practice of blocking unauthorized Wi-Fi hotspots that let consumers share mobile data access with other devices, like laptops and tablets" in hotels and convention spaces. This comes on the heels of a $750,000 settlement with Smart City Holdings over its Wi-Fi blocking at multiple convention centers, and a late-2014 settlement of $600,000 with Marriott over similar conduct.
In a February 8 article, Philadelphia Inquirer reporter Chris Mondics profiles Ronald H. Levine and Associate Abraham J. Rein as they prepared for oral arguments before the Supreme Court of the United States (SCOTUS) in November/December 2014.
Recently, the House of Representatives Committee on Energy and Commerce cataloged a series of potentially-serious data security failures at the Department of Health and Human Services (HHS). The Committee's report reveals, among other things, that HHS division systems have been hacked five times in the past three years, and traces the root of the problem to HHS's treatment of data security as subordinate to operational priorities.
The tax industry has an identity theft problem. According to the Government Accountability Office (GAO), the IRS estimates that in 2013 it paid out approximately $5.8 billion in tax refunds to filers later determined to be identity thieves.
Recent Developments in FTC vs. Wyndham Underscore Importance of Cybersecurity Vigilance in the Hospitality Industry
On Friday, March 27, the parties in FTC vs. Wyndham, a key data security case with the potential to deeply impact the hospitality industry's cybersecurity practices" filed special supplemental briefs that the Third Circuit Court of Appeals requested during oral arguments earlier in the month.
On Friday, January 30, 2015, Marriott International, Inc. (Marriott) the American Hotel & Lodging Association (AH&LA), and Ryman Hospitality Properties (Ryman) announced the withdrawal of their petition seeking clarity from the Federal Communications Commission (FCC) regarding businesses' ability to control Wi-Fi connectivity on their premises. It was probably the right decision strategically. However, certain key regulatory questions are unresolved, with no promise of a ready resolution forthcoming.