Monthly Archives: January 2014

Looking at the Past to Predict the Future of HIPAA/HITECH Enforcement

2013 was a busy year for the Department of Health and Human Services. In January 2013, HHS issued its Final Omnibus Rule, substantially modifying both the Privacy, Security, and Enforcement Rules related to the Health Insurance Portability and Accountability Act (HIPAA) and the Breach Notification Rule under the Health Information Technology for Economic and Clinical Health Act (the HITECH Act). The Final Omnibus Rule gives HHS’s Office of Civil Rights even greater authority to police covered entities and to enforce HIPAA/HITECH Act privacy regulations. As expected, OCR was active in its enforcement of the Final Omnibus Rule in 2013. In …


Big Box Data Breaches

2013 was a difficult year for several large U.S. “Big Box” retailers which experienced major data breaches at the hands of cybercriminals. These well-publicized breaches included those among the largest in history. These now infamous “Black Friday Hacks” caused these companies to suffer significant economic losses, including remediation, defending class action lawsuits and fighting off the FTC and States Attorneys General. In addition, there is the unquantifiable damage to the companies’ brands and reputations. The type of cybercrime experienced by these retailers has been a reality for nearly a decade. For example, in 2005 cybercriminals stole 90 million records from …