Posts

Showing posts with the label Data Mapping

OCR Announces HIPAA Enforcement Action Against Self-Funded Group Health Plan

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently  announced  a HIPAA enforcement action against an employer-sponsored group health plan. The action resulted in a payment to HHS of $245,000 and a two-year corrective action plan. While HIPAA enforcement is common in the healthcare sector, actions directly against employer-sponsored group health plans are not as common. This case,  coupled with DOL guidance for ERISA fiduciaries concerning cybersecurity , underscores a growing regulatory focus not only on traditional healthcare entities, but also on the plans and ecosystems maintained by employers under ERISA. The Incident: Ransomware, Unauthorized Access, and Plan Data According to the breach notification sent to affected individuals, the plan sponsor experienced a security incident back in 2021 involving encryption of systems and unauthorized access to sensitive data . The data included names and Social Security numbers, along ...

We Get Privacy for Work: The Increasing Importance of Data Mapping

Transcript INTRO To effectively and immediately respond to cybersecurity data breaches – and remain compliant with the constant bevy of new data privacy laws – you need to know what data your organization is collecting and from whom.   On this episode of We get Privacy for work, we discuss data mapping, the most efficient way to keep track of the information your organization is collecting and storing .   Today's hosts are Damon Silver and Joe Lazzarotti, co-leaders of the firm’s Privacy, Data and Cybersecurity Group and principals, respectively, in the firm's New York City and Tampa offices.   Damon and Joe, the question on everyone’s mind today is: What is data mapping, how do I implement it and how does that impact my organization?     Damon Silver Principal, New York City  Welcome to the We get privacy podcast. I'm Damon Silver, and I'm joined by my co-host, Joe Lazzarotti. Joe and I co-lead the Privacy Data and Cybersecurity Group at Jackson Lewis. In ...