skip to main content

Search Results

Record $5.5 Million HIPAA Data Security Settlement: Lessons Learned

On August 4, 2016, the Department of Health and Human Services, Office of Civil Rights (OCR) announced that Advocate Health Care Network, Illinois' largest hospital chain, agreed to pay $5.5 million to resolve multiple alleged violations of the Health Insurance Portability and Accountability Act (HIPAA). This settlement is the largest HIPAA-related settlement in OCR history, and comprises more than a quarter of the nearly $20 million that the government has collected in HIPAA-related enforcement actions in 2016 alone.

Read full article >

Plan Ahead, Stay On Top of Government and Tech Changes, and Be Ready to Call the FBI: Key Lessons from the PHI Protection Network Conference

Late last week, the health care data security community gathered in Philadelphia for the PHI Protection Network Conference. The diverse group of speakers included in-house data security officers, technology consultants, academics, attorneys, and a variety of influential federal government representatives. I was in the audience. A handful of key themes were reiterated in various ways throughout the two-day gathering.

Read full article >

Two Points and a Lesson from PrivacyCon, FTC's Digital-Privacy Conference

Last week, on January 14, 2016, the Federal Trade Commission (FTC) convened PrivacyCon, a first-of-its kind conference bringing together policymakers, academics, and technology researchers to discuss the challenges surrounding online privacy as we navigate between a fixed-internet world, a mobile one, and the growing “internet of things.” I was in the audience, and I came away with two major points and a lesson for white collar defense lawyers and their clients.

Read full article >

FCC Takes on Hospitality Wi-Fi Management Again: More Sanctions, Unresolved Concerns

On Monday, November 2nd, the Federal Communications Commission (FCC) took more enforcement steps in its campaign against Wi-Fi blocking, "the practice of blocking unauthorized Wi-Fi hotspots that let consumers share mobile data access with other devices, like laptops and tablets" in hotels and convention spaces. This comes on the heels of a $750,000 settlement with Smart City Holdings over its Wi-Fi blocking at multiple convention centers, and a late-2014 settlement of $600,000 with Marriott over similar conduct.

Read full article >

HHS's Data Security Problem: Lessons for the Private Sector

Recently, the House of Representatives Committee on Energy and Commerce cataloged a series of potentially-serious data security failures at the Department of Health and Human Services (HHS). The Committee's report reveals, among other things, that HHS division systems have been hacked five times in the past three years, and traces the root of the problem to HHS's treatment of data security as subordinate to operational priorities.

Read full article >

Managing Wi-Fi Networks on Business Premises: Aggressive Enforcement and Unanswered Questions

On Friday, January 30, 2015, Marriott International, Inc. (Marriott) the American Hotel & Lodging Association (AH&LA), and Ryman Hospitality Properties (Ryman) announced the withdrawal of their petition seeking clarity from the Federal Communications Commission (FCC) regarding businesses' ability to control Wi-Fi connectivity on their premises. It was probably the right decision strategically. However, certain key regulatory questions are unresolved, with no promise of a ready resolution forthcoming.

Read full article >