Facebook
Twitter
LinkedIn
RSS
Archive for February, 2010
Tuesday, February 2nd, 2010
The deadline has been a moving target but come March 1, Massachusetts’ new data protection law is finally slated to take effect. 201 CMR 17.00, along with Nevada’s 603A, which took effect in January, represent a new class of state regulations that require organizations to deploy specific controls to protect personal identifying information from unauthorized access. Massachusetts and Nevada have established a new standard for personal data protection and appear to have set the stage for more prescriptive laws at the federal level.
Tuesday, February 2nd, 2010
A recent data breach at the Iowa Racing and Gaming Commission could affect the security of people who hold occupational gaming licenses.
The commission reported that on Jan. 26, the state firewall functionality was circumvented due to network routing changes and a licensing database was breached. The release states that information potentially released would include the information contained on occupational license applications, including social security numbers and date of birth.
Monday, February 1st, 2010
The insurer becomes the first plan sued under a new law allowing attorneys general to enforce HIPAA privacy laws.
Connecticut Attorney General Richard Blumenthal has filed a lawsuit against California-based Health Net, alleging the company violated federal laws protecting medical records when a portable data drive disappeared.
According to Blumenthal’s office, the Jan. 13 lawsuit is the first action by an attorney general acting under the Health Information Technology for Economic and Clinical Health, or HITECH Act (part of the 2009 federal stimulus package) to enforce privacy laws under the Health Insurance Portability and Accountability Act.
The lawsuit says the drive contained 27.7 million pages of scanned documents containing information about 446,000 enrollees and their physicians. The data was not encrypted, the lawsuit said, as required by HIPAA and by Health Net’s own corporate policy.