Virtually all businesses today collect information relating to their employees, clients, customers, patients, or other parties. Because myriad international, federal, and state privacy laws and regulations cover not only rights of those parties but also matters of national security and crime
prevention, it is not unusual for one business to be subject to overlapping privacy laws and regulations. Thus, businesses face the challenge of complying with all relevant privacy laws and regulations and ensuring that safeguards are in place to prevent the improper use or disclosure of this information. Epstein Becker Green’s Privacy, Cybersecurity, and Data Asset Management Group helps clients understand and stay compliant with the privacy standards and industry
best practices that are applicable to the collection, use, and transfer of their confidential information. Since the key to privacy compliance is establishing a strong, effective, and well-documented privacy program, our services include: Ever-changing privacy laws and requirements, along with advances in technology, have been creating
new challenges and opportunities for employers. For instance, employers face restrictions on the type of information about employees and job applicants that they can collect and utilize in order to make shrewd business and employment decisions. These restrictions relate to such areas as background checks, employee monitoring, employee biometric information, and the transfer and maintenance of employee data and employee health-related information. Workplace privacy-related issues also arise under
the Americans with Disabilities Act, the FCRA, the GDPR, and the FACTA, among other laws. The Privacy, Cybersecurity, and Data Asset Management Group at Epstein Becker Green has the knowledge and experience necessary to effectively guide employers through the complexities of workplace privacy and cybersecurity. We help employers properly balance privacy considerations with workforce management concerns and employee data collection and protection. Our services in
this area include the following: At Epstein Becker Green, we provide daily counsel to clients throughout the health care industry to structure
business, clinical, and administrative operations in compliance with health data privacy laws and regulations, including HIPAA and its privacy, security, and breach notification rules; HITECH and its regulations; and federal and state privacy laws regarding mental health and substance use disorder data. We work with our clients to facilitate the development of health data privacy strategies that complement their business strategy. The members of our Privacy, Cybersecurity, and Data
Asset Management Group are prolific authors and sought-after lecturers on health information privacy and security topics, and also serve on the advisory boards of publications such as Thompson’s Employer’s Guide to HIPAA. Our ServicesBecause we want to ensure that clients comply with health privacy laws, our Privacy, Cybersecurity, and Data Asset Management Group’s services include:
Since no compliance program is foolproof, if a privacy violation occurs, we assist the client with remedial measures and incident responses, and we defend the client in any investigations and litigation concerning the violation. The TCPA and implementing regulations by the Federal Communications Commission (FCC) impose complex restrictions on business communications. The TCPA protects consumers from unsolicited auto-dialed and prerecorded phone calls, text messages, and faxed advertisements. Businesses need to understand the scope and magnitude of the TCPA. Even a company with a strong compliance program could find itself facing allegations that its call, text, or fax activities violated the TCPA. And just one TCPA violation could have serious legal, insurance, reputational, and financial consequences—recipients of such unsolicited communications are allowed to sue for damages of $500 (an amount that a court can treble) for each unlawful call, text, or fax. Not surprisingly, damages for TCPA violation can easily run into the millions of dollars. Our ServicesEpstein Becker Green’s Privacy, Cybersecurity, and Data Asset Management Group knows the nuances of the TCPA, and the severe consequences of noncompliance. We provide TCPA counseling to clients of all sizes and various industries—including, among others, health care, financial services, technology, hospitality, retail, communications, and transportation. Our services consist of the following:
In addition, we represent clients in TCPA class action lawsuits filed in federal and state courts. We know the complex defenses available under the TCPA and the FCC’s implementing regulations as well as the bases for defeating class certification. And because we’re sensitive to the limits on a client’s time and resources, we evaluate the prudence of seeking an early resolution of the case (through pretrial motions, an alternative dispute resolution method, or favorable settlement). When litigation is the better strategy, our litigators are distinctly qualified to provide the superior caliber of services upon which Epstein Becker Green has built its outstanding reputation. GLBA and Financial Services Industry Compliance StrategiesSince the passage of the GLBA in 1999, securing the privacy and cybersecurity of consumer financial data has become a high priority to the financial services industry. New York State has implemented Cybersecurity Requirements for Financial Services Companies. The National Association of Insurance Commissioners has adopted a model cybersecurity law, which has been adopted by certain states. The GLBA and its implementing regulations, and these state requirements, specifically require financial and other covered institutions in the United States to create an information security program to ensure the security and confidentiality of customer information, guard against any anticipated threats or hazards to the security or integrity of such information, and protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer. However, innovations in technology—such as new mobile payment platforms and novel means of analyzing consumer financial data—are creating complex challenges for financial services institutions seeking to comply with the GLBA and other relevant privacy and cybersecurity laws. Our ServicesEpstein Becker Green’s Privacy, Cybersecurity, and Data Asset Management Group guides financial services clients through this highly regulated and rapidly changing environment. In addition, services provided by members of the group include:
GLBA and the CloudGLBA’s Financial Privacy Rule requires financial institutions to provide an annual notice to customers explaining how the customers’ data is maintained and shared as well as the steps that are taken to protect it. Additionally, the GLBA Safeguards Rule requires institutions to implement an information security program. However, the introduction of “cloud computing” and the use of the services of an outside cloud provider can complicate matters greatly. Many financial institutions are wrestling with the loss of data control that comes with the business benefits of cloud adoption. At Epstein Becker Green, we advise clients on cloud computing and other attractive and inexpensive storage technologies. We help our clients evaluate the risks of storing information in the cloud and then identify legal solutions—such as creating policies and procedures to ensure compliance with the GLBA’s Financial Privacy and Safeguards Rules and managing cloud providers—so that our clients are able to take advantage of these cost-saving technologies. Privacy and Security Due DiligenceAny company—especially an entity in a highly regulated industry (such as financial services, health care, hospitality, retail, technology, and telecommunications)—seeking to sell, acquire, or merge with another company needs to carefully consider the privacy and cybersecurity concerns related to the sensitive business and personal data flowing through the target company. A thorough review of a target’s privacy and cybersecurity compliance programs is, therefore, a must before entering into any transaction. Compliance costs and litigation can significantly affect the value of a company, necessitating a careful assessment of any target’s potential liabilities or compliance costs that are likely to be passed on after the transaction. Our ServicesEpstein Becker Green’s Privacy, Cybersecurity, and Data Asset Management Group undertakes privacy and cybersecurity due diligence reviews and provides support capabilities to clients in the context of sales, acquisitions, mergers, and joint ventures. We help clients understand what data is being stored by the target and if it is protected; whether the target has put in place proper response and remediation processes and policies; and what, if any, disclosures are needed. Given our deep and longstanding experience in privacy and cybersecurity, we advise clients concerning potential liabilities and vulnerabilities in the target’s information security and data privacy practices. Specifically, our due diligence reviews typically include the following components:
In addition, Epstein Becker Green stays involved throughout the transactional process to ensure that sensitive data is transferred in accordance with all relevant laws, rules, and regulations. We identify, evaluate, and calculate risk to our client and then develop representations, warranties, indemnities, and other contractual provisions and protections, as well as negotiate licenses, service contracts, and supplier and other agreements, to safeguard confidential information and to shift or mitigate that risk. Focus AreasExperienceOur TeamMediaEventsInsights
Which of the following is not considered a HIPAA covered entity quizlet?Who would NOT be considered a covered entity under HIPAA? E (Rationale: Covered entities in relation to HIPAA include Health Care Providers, Health Plans, and Health Care Clearinghouses. The patient is not considered a covered entity although it is the patient's data that is protected.)
Which of the following is not a requirement of the HIPAA privacy standards?Question 2 - The requirements of HIPAA Privacy include all of the following EXCEPT: Answer: Putting firewalls on all internet connections.
What are the three covered entities that must comply with HIPAA quizlet?1. Covered Entities: Healthcare Providers, Health Plans, Healthcare Cleringhouses.
What is the key to HIPAA compliance quizlet?What is the Key to HIPAA Compliance: HIPAA Safeguards. HIPAA requires the confidentiality, integrity, and availability of PHI to be protected by implementing safeguards. The safeguards that must be implemented include administrative, physical, and technical safeguards.
|