Just days after the IRS released its recent alert concerning W-2 phishing scams (which can be found here), the College of Southern Idaho (“CSI”) reported that it too has become a victim.
New Suit by Delta Reminds Everyone About the Importance of Data Security Protection in the Context of Third-Party Service Provider Relationships
On January 9, 2017, the U.S. Department of Health and Human Services (“HHS”) announced its first enforcement action under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) involving delayed data breach reporting. HHS settled alleged violations of the HIPAA breach notification rule committed by Presence Health, one of the largest health care networks in Illinois. The settlement agreement called for Presence Health to pay $475,000 and to adopt a corrective action plan. This settlement underscores the importance of understanding your organization’s HIPAA policies and procedures, and raises several practical considerations going forward.
First introduced in 2015 and signed into law in June 2016, an amendment to the Massachusetts Public Records Law (M.G.L. c.66) now makes the state’s Office of Consumer Affairs and Business Regulation (OCABR) online Data Breach Notification Archive available to the public.
On November 14, 2016, U.S. Citizenship and Immigration Services (“USCIS”) released a revised version of Form I-9. The Form I-9 is a tool that employers must use to verify the identity and employment authorization for individuals hired in the United States.