We are thrilled to announce the official launch of the InformationLawGroup! The InformationLawGroup is a group of attorneys that love the law and technology. We concentrate on legal issues concerning privacy, data security, information technology, e-commerce and intellectual property. We are a full service firm addressing a broad spectrum of matters, including transactions, compliance, breach notice and incident response and litigation. We come together today after many years in large law firm and in-house roles. We are seasoned attorneys, including former "BigLaw" lawyers, smaller practitioners with clearly defined expertise and reputation in the field, and former in-house lawyers with specific information law experience and talent. These factors result in greatly increased efficiency and better results at a significantly lower price for the firm's clients. So who are we? Read more after the jump.
On February 17, 2009, Congress signed into law the Health Information Technology for Economic and Clinical Health or "HITECH" Act ("HITECH" or the "Act") as part of the American Recovery and Reinvestment Act. The HITECH Act requires entities covered by the Health Insurance Portability and Accountability Act ("HIPAA") to provide notification to affected individuals and to the Secretary of Health and Human Services ("HHS") following the discovery of a breach of unsecured protected health information. HITECH also requires business associates of HIPAA-covered entities to notify the covered entity in the event of the breach. The Act required HHS to issue interim final regulations with respect to the new breach notification requirements. On August 24, 2009, the HHS interim final regulations were published in the Federal Register.
In other posts, I talked about the trend toward more prescriptive encryption requirements in laws and regulations governing certain categories of personal data and other protected information. Here's an overview of the standards and related products available for safe (and legally defensible) handling of protected data.
Massachusetts' Office of Consumer Affairs & Business Regulation (OCABR) recently released a revised version of its "Standards for the Protection of Personal Information of Residents of the Commonwealth" (the "Regulation"). This August 2009 version modifies the February 2009 version of the Regulation. The press release for the new revision is here, and the FAQs released by OCABR appear updated to address some of the changes in the regulations.For ease of reference, ISC has taken the time to create a REDLINED VERSION showing the revisions in the new Regulation. The redlines indicate changes between the February 2009 version and the August 2009 version of the Regulation. Also included below is a summary of some of the more significant changes.