TIPS

  • HHS Releases Voluntary Cybersecurity Practices, Supplementing Existing RequirementsJanuary 15, 2019

    At the close of 2018, the Department of Health and Human Services (HHS) published Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients. While not formally styled as guidance or interpretive material, when the primary regulator of patient and health data protection offers “suggestions,” those subject to HIPAA had better pay attention. Beyond highlighting common threats to the protection of patient data, the HICP encompasses two supplemental technical volumes centering on small organizations and medium and large organizations. Background Healthcare and life sciences organizations (particularly... more

  • Three Questions to Assess How Detailed Your Organization’s Website Policy Should BeJanuary 08, 2019

    If your organization has a website, it probably needs a publicly posted privacy notice explaining how personal data is (or is not) collected, used, protected, and shared. Privacy notices are expressly required under some laws, such as the EU’s General Data Protection Regulation (GDPR), the California Online Privacy Protection Act (CalOPPA), and the Australian Privacy Act. Even in countries where a privacy notice for an organization’s website is not expressly required, obligations to process personal data fairly, transparently, and lawfully often make developing a well-crafted... more

  • Healthcare Innovators and Investors, Take Note: The HIPAA Privacy RFI Can Benefit YouDecember 18, 2018

    This past Friday, the Office of Civil Rights within the U.S. Department of Health and Human Services published a formal Request for Information on Modifying HIPAA Rules to Improve Coordinated Care. The RFI’s publication starts a 60-day comment period ending on February 12, 2019. As many of us prepare for the J.P. Morgan Healthcare Conference in January, and then HIMSS in February, savvy healthcare innovators and investors will recognize this RFI as an opportunity to help frame the discussion about how to lower privacy barriers... more

  • Should You Go “All In” with the Cloud? (And How to Manage That Risk)December 11, 2018

    While references to “the cloud” and “cloud computing” are significantly more familiar than they were five years ago, it remains clear that many organizations implement cloud resources ineffectively – or at least do not understand the implications of the shift. Some all-too-common lines of thinking: We’ve moved our applications to our cloud provider – what does that have to do with our software development life cycle?; Our cloud-platform provider is responsible for securing our applications and data; or We’ve outsourced that – and all the... more

  • Early Lessons from the Marriott BreachDecember 04, 2018

    On November 30th, Marriott announced that a guest reservation database on the Starwood side of its business had been breached. Initial reports indicated that upwards of 500 million individuals were affected. The stolen data includes quite sensitive information, such as guest passport details and, likely, payment card information. Although it will probably take time before we fully understand the details of the incident – which appears to have continued unabated since 2014 – there are lessons that we can learn from the details already in... more

Email Confirmation

Thank you for your interest in Burns & Levinson LLP. Please be aware that unsolicited e-mails and information sent to Burns & Levinson though our web site will not be considered confidential, may not receive a response, and do not create an attorney-client relationship with Burns & Levinson. If you are not already a client of Burns & Levinson, do not include anything confidential or secret in this e-mail. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not authorized to do so.

By clicking "OK" you acknowledge that, unless you are a current client, Burns & Levinson does not have any obligation to maintain the confidentiality of any information you send us.