The theft of an unencrypted flash drive has led to an agreement by Adult & Pediatric Dermatology, P.C., of Concord, Mass. (APDerm), to pay $150,000 to the Department of Health and Human Services’ Office for Civil Rights (OCR) to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules.
On Dec. 5, 2013, the Federal Reserve joined the list of regulatory agencies that have issued guidance on third party service provider relationships.
Throughout 2013, financial institutions continued to face serious threats from cybercriminals targeting the personal information of banking customers and their financial assets through the use of malicious software and denial of service attacks (DDoS).
France’s December 18, 2013 law on military spending contains two provisions that facilitate the collection of data by the French military and intelligence services.
2013 ended like it started – with OCR actively monitoring and enforcing health care provider HIPAA compliance. On December 26, 2013, OCR imposed a $150,000 penalty and a corrective action plan upon a Massachusetts dermatology physician practice arising out of a self-reported HIPAA breach. See www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/apderm-agreement.html.
Six months after Edward Snowden began leaking information about the National Security Agency’s secret data collection methods, two federal judges – one in Washington, D.C. and one in New York – have reached opposite conclusions about whether one NSA program unlawfully searches the phone records of millions of Americans.
The EFPIA and PhRMA Principles for Responsible Sharing of Clinical Trial Data in Europe Enter into Force On 1 January 2014
On 1 January 2014, the joint Principles for Responsible Clinical Trial Data Sharing (“the Principles”) endorsed by the European Federation of Pharmaceutical Industries and Associations (“EFPIA”) and Pharmaceutical Research and Manufacturers of America (“PhRMA”) entered into force. EFPIA and PhRMA endorsed these Principles on 24 July 2013. The Principles are available at EFPIA website.
The Federal Trade Commission (FTC) recently approved appropriately implemented “knowledge-based authentication” as a method for obtaining verifiable parental consent (VPC) under the Children’s Online Protection Act (COPPA).
The Center for Digital Democracy (“CDD”) recently filed requests for investigation with the Federal Trade Commission (“FTC”) claiming that Marvel Entertainment and Sanrio Digital failed to comply with the Children’s Online Privacy Protection Act’s (“COPPA”) notice and consent requirements.
The Federal Trade Commission (“FTC”) recently approved a new method of verifiable parental consent — knowledge-based authentication (“KBA”) — as consistent with the requirements of the Children’s Online Privacy Protection Act (“COPPA”).