Plan sponsors of retirement plans handle a lot personal participant data, but many are unaware of their fiduciary duties in the context of cybersecurity. If a retirement plan suffers a cyberattack, plan assets could be diverted and misused. Under the Employee Retirement Income Security Act (ERISA), the plan sponsor could be held liable for a fiduciary breach for failure to satisfy a duty of loyalty and to act prudently.
Continue reading “Cybersecurity Responsibilities of a Plan Sponsor”
The Centers for Medicare and Medicaid Services (CMS) recently released their Final Rule for the Promoting Interoperability Program formerly known as the Medicare and Medicaid Electronic Health Record Incentive Programs.
CMS had previously published a Proposed Rule and a request for feedback from the public related to improving interoperability and the sharing of electronic medical records between providers, and between providers and patients, which we covered in a May blog post. CMS has stated that the purpose of the Final Rule is to “advance the agency’s priority of creating a patient-centered health care system by achieving greater price transparency, interoperability, and significant burden reduction so that hospitals can operate with better flexibility and patients have what they need to be active healthcare consumers.”
Continue reading “CMS Releases Final Rule for Promoting Interoperability Program”
India has released the much-anticipated first draft of the Personal Data Protection Bill, 2018, the country’s first comprehensive data protection regulation. The proposed bill is currently under review by India’s Ministry of Electronics and Information Technology and will likely be introduced in Parliament this year.
Continue reading “India Releases Draft Personal Data Protection Regulation”
Technology that determines an individual’s identity or location has been the subject of significant media attention in the first half of 2018: Amazon made news with the sale of its facial recognition technology to law enforcement, the U.S. Supreme Court ruled that the government generally must obtain a warrant to access certain types of geolocation information, California arrested the Golden State Killer using the DNA information of a relative, and Facebook came under fire for the way in which Cambridge Analytica accessed the data of tens of millions of users. Garnering less attention, but of no less importance, are the legislative efforts underway in the federal government and in many states to regulate these emerging technologies and limit the ways in which this information can be collected.
The Federal Trade Commission has opened up public comments for their upcoming Hearings on Competition and Consumer Protection in the 21st Century.
The hearings will take place during the fall and winter 2018 and will examine “whether broad-based changes in the economy, evolving business practices, new technologies, or international developments might require adjustments to competition and consumer protection enforcement law, enforcement priorities, and policy,” according to the FTC website. FTC Chairman Joe Simons said in a statement that the hearings are modeled after former Chairman Bob Pitofsky’s 1995 Global Competition and Innovation Hearings, which at the time “re-energized one of the FTC’s most valuable functions – to gather leaders in business, economics, law, and related disciplines to discuss tough, emerging problems and prepare public reports on the facts, issues, governing law, and the need, as appropriate, for change.”
An error made by a transcription service provider during a software upgrade on Orlando Orthopaedic Center (OOC)’s server in December 2017 has resulted in the exposure of more than 19,000 patients’ protected health information (PHI). PHI stored on OOC’s server from December 2017 until February 2018 – when the breach was finally discovered – was freely exposed over the internet without any authentication. Upon full investigation, patients’ names, social security numbers, dates of birth, insurance information, employer details, and treatment types were deemed accessible.
Continue reading “Business Associate Exposes Protected Health Information of 19,000 Patients”
