Deal Law Wire

OCTOBER 20, 2022

Privacy and cybersecurity practices of target companies are being increasingly scrutinized throughout the due diligence process in M&A transactions. Where the company does not have timely policies and related training in place, or conduct regular third party testing (e.g.

Compliance 52

Compliance Technology 52

ThomsonReuters

JULY 7, 2022

News Release: HHS Issues Guidance to Protect Patient Privacy in Wake of Supreme Court Decision on Roe (June 29, 2022); HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care (June 29, 2022); Protecting the Privacy and Security of Your Health Information When Using Your Personal Cell Phone or Tablet (June 29, 2022).

52

52

Audit Board

OCTOBER 26, 2023

However, cybersecurity insurance policies are not a foolproof method for transferring risk. Cyber threats change continuously, and cyber liability policies differ in coverage, leaving some organizations exposed to cybersecurity’s potential pitfalls and risks. What Are the Risks Associated With Cybersecurity Insurance Policies?

Compliance 52

Compliance 52

Law 360 M&A

SEPTEMBER 13, 2022

Elon Musk's Tesla and SpaceX email privacy policies prevent Delaware's chancellor from ordering the release of emails for Twitter to use in its attempt to force him to close on a $44 billion take-private deal, she ruled late Tuesday.

40

40

ThomsonReuters

OCTOBER 6, 2022

HHS’s Office for Civil Rights (OCR) has announced three more settlements, bringing the total to 41, under its initiative to enforce the HIPAA privacy rule’s provisions giving individuals the right to access their protected health information (PHI). Great Expressions. News Release. Contributing Editors: EBIA Staff.

Compliance 59

Compliance 59

ThomsonReuters

APRIL 21, 2022

OCR is responsible for administering and enforcing HIPAA’s privacy, security, and breach notification provisions. For more information, see HIPAA’s Portability, Privacy & Security manual at Sections XX (“Enforcement of Privacy, Security, and EDI Rules”) and XXIX.E (“Developing Your Security Program”).

Technology 98

Technology 98

ThomsonReuters

APRIL 17, 2024

Jump to: Perceptions of GenAI How are tax professionals using GenAI ? T raining and policies The future of work New Report: 2024 Generative AI in Professional Services Explore all the latest comprehensive insights into how GenAI is shaping professional services.

Technology 98

Technology Data Analysis Compliance 98

ThomsonReuters

NOVEMBER 19, 2020

HHS’s Office for Civil Rights (OCR) has announced two settlements resolving alleged violations of HIPAA’s privacy and security rules. A court previously declined to dismiss a plan participant’s invasion of privacy claim based on this incident (see our Checkpoint article ).) 1, 2020); HHS News Releases: City of New Haven (Oct.

52

52

ThomsonReuters

NOVEMBER 19, 2020

HHS’s Office for Civil Rights (OCR) has announced two settlements resolving alleged violations of HIPAA’s privacy and security rules. A court previously declined to dismiss a plan participant’s invasion of privacy claim based on this incident (see our Checkpoint article ).) 1, 2020); HHS News Releases: City of New Haven (Oct.

52

52

Audit Board

JANUARY 4, 2023

The United States is trying to catch up with the global data privacy laws passed in recent years. has struggled to pass its version called the American Data Privacy and Protection Act (ADPPA). Passing separate privacy laws is creating compliance issues for companies based or doing business in these states.

Compliance 52

Compliance B2B 52

ThomsonReuters

JULY 21, 2022

HHS’s Office for Civil Rights (OCR) has announced an $875,000 settlement with a university medical center to resolve potential violations of HIPAA’s privacy, security, and breach notification rules. HHS Resolution Agreement: Oklahoma State University—Center for Health Sciences (May 10, 2022); HHS News Release (July 14, 2022).

Compliance 52

Compliance 52

Audit Board

SEPTEMBER 5, 2023

However, only about a third of employed Americans (37%) say their company has a formal policy for using non-company-supplied AI-powered tools for work. This finding highlights risks associated with data security, privacy, and AI functioning as employees choose their AI tools without proper vetting by IT security professionals.

Technology 98

Technology 98

Appraisers Blog

NOVEMBER 20, 2023

Interesting factoid; The HR hiring policies drive much of that sort of gray area stipulation for language use. And then try out privacy badger, it’s super fun, and easy to use. In reply to PD. Looks like you’ve got a woke staff on your hands. Then get malwarebytes alongside S&D.

Technology 88

Technology 88

ThomsonReuters

NOVEMBER 11, 2021

The DOL suggests that privacy concerns can be alleviated if the retirement plan fiduciary asks the employer, other plan fiduciary, or beneficiary to have the missing individual contact the retirement plan. Additional Search Steps for Larger Account Balances.

Compliance 98

Compliance 98

ThomsonReuters

FEBRUARY 4, 2021

HHS’s Office for Civil Rights (OCR) has issued a report describing its 2016–17 audit program, which reviewed covered entities’ and business associates’ compliance with certain HIPAA privacy, security, and breach notification rules (see our Checkpoint article ). Few covered entities complied with individual access rights.

Compliance 52

Compliance 52

Reynolds Holding

MARCH 14, 2024

Owning Twitter allows access to data that is concealed from users by complex privacy policies that obscure data sharing practices. Twitter’s API, which governs how external software can access this data, imposes strict limitations on usage and sharing. To obtain the full scope of the content, Musk needed to own Twitter.

Marketability 119

Marketability 119

ThomsonReuters

JUNE 3, 2021

Then, the laboratory must revise its policies and procedures to comply with the privacy and security rules, and the revisions must be reviewed and approved by OCR. The policies and procedures must be updated at least annually (with updates subject to OCR review and approval).

Compliance 52

Compliance 52

ThomsonReuters

NOVEMBER 23, 2022

OCR has released its latest cybersecurity newsletter on the importance of having policies and procedures to detect and respond to security incidents. EBIA Comment: The newsletter notes that hacking is now the greatest threat to the privacy and security of PHI. 6 (“Standard: Security Incident Procedures”).

Compliance 52

Compliance 52

Reynolds Holding

DECEMBER 18, 2022

The EU’s General Data Protection Regulation 2016 (the “GDPR”) changed the global privacy landscape, and has been called the “gold standard” for data protection regulation. What constitutes valid consent is important under the State Privacy Laws because, in several circumstances, personal data can only be processed with a user’s consent.

Banking 45

Banking Compliance Start-ups Technology 45

ThomsonReuters

JUNE 1, 2023

QUESTION: Is our group health plan permitted to outsource the roles of HIPAA privacy official and security official? Most covered entities must designate a privacy official who is responsible for the development and implementation of the entity’s HIPAA privacy policies and procedures. Contributing Editors: EBIA Staff.

Compliance 19

Compliance 19

Harvard Corporate Governance

NOVEMBER 4, 2022

2022 ISS Global Benchmark Policy Survey. Tags: Delaware cases , Delaware law , Merger litigation , Mergers & acquisitions , Privacy , technology. Luftglass and Philip Richter, Fried, Frank, Harris, Shriver & Jacobson LLP, on Tuesday, November 1, 2022. on Wednesday, November 2, 2022. on Wednesday, November 2, 2022.

Banking 218

Banking Technology 218

ThomsonReuters

OCTOBER 14, 2021

The CAP requires the covered entity to review and revise its policies and procedures related to the right to access PHI, subject to HHS’s review and approval, with distribution of the approved policies and procedures to workforce members. First, HIPAA privacy protections continue to apply to PHI after an individual’s death.

Compliance 52

Compliance 52

Audit Board

JUNE 30, 2023

Personal Data Privacy The General Data Protection Regulation (GDPR), which went into effect in 2018, was a bellwether moment for privacy requirements. Securities and Exchange Commission (SEC) is continuing to release cybersecurity disclosure rules for public companies.

Compliance 52

Compliance 52

Audit Board

JUNE 30, 2023

Personal Data Privacy The General Data Protection Regulation (GDPR), which went into effect in 2018, was a bellwether moment for privacy requirements. Securities and Exchange Commission (SEC) is continuing to release cybersecurity disclosure rules for public companies.

Compliance 52

Compliance 52

ThomsonReuters

JANUARY 21, 2021

QUESTION: If a participant asks our self-insured health plan to send their claim file to a third party, such as their attorney, how do the HIPAA privacy rules apply to these requests? For more information, see EBIA’s HIPAA Portability, Privacy & Security manual at Section XXVII.B (“Right to Access PHI in Designated Record Set”).

Compliance 52

Compliance 52

ThomsonReuters

JANUARY 12, 2023

Thanks to advancements in technology — such as cloud-based solutions, teleconferencing, data-sharing platforms, and drones with cameras — remote audits are possible as long as the right tools and policies are in place. . How do you develop a remote audit policy? When developing a remote audit policy , factors to consider include: .

Technology 52

Technology 52

ThomsonReuters

JANUARY 28, 2021

million resolution agreement with a health insurer to settle potential violations of HIPAAColorful privacy and security rules that led to a breach of protected health information (PHI) affecting more than 9.3 The revised policies and procedures must be made available to the insurer’s workforce members. Available at [link].

Compliance 52

Compliance Banking 52

Cooley M&A

JULY 19, 2019

While some may view this as the ICO simply continuing to flex its muscle (in light of news of a £183M (approximately $123M) British Airways fine a day earlier), the Marriott fine and others likely to follow could have significant implications on future M&A transactions involving cybersecurity and data privacy matters.

Compliance 52

Compliance B2B Start-ups Marketability 52

Cooley M&A

DECEMBER 3, 2019

From 2008 to 2018, the total R&W policies bound per year in North America rose from 40 deals, providing $541 million of coverage to 1500+ R&W insurance transactions, providing aggregate coverage of $38.6 R&W insurance is typically procured by the buyer, with the buyer being the insured party under the policy. Advantages.

Marketability 40

Marketability Compliance Enterprise Value Technology 40

ThomsonReuters

JANUARY 14, 2021

Proposed Modifications to the HIPAA Privacy Rule to Support, and Remove Barriers to, Coordinated Care and Individual Engagement. HHS has announced proposed regulations that would make significant changes to targeted aspects of the HIPAA privacy rule, focused primarily on clarifying individual access rights. Notice of Privacy Practices.

52

52

Equilest

MARCH 27, 2023

Equitest also follows strict privacy policies and does not share user data with third parties. How does Equitest ensure the privacy and security of user data? The platform also follows strict privacy policies and does not share user data with third parties.

Business Valuation 40

Business Valuation Start-ups Appraisal Marketability 40

ThomsonReuters

JUNE 23, 2022

The User Guide explains that the content covers seven categories: SRA basics; security policies, procedures, and documentation; access management and workforce training; technical security procedures; physical security procedures; business associates; and contingency planning. According to the webpage, both formats have the same content.

Compliance 98

Compliance Technology 98

ThomsonReuters

NOVEMBER 4, 2021

Covered entities and business associates that rely on legacy systems may wish to review their risk assessments and related HIPAA policies and procedures in light of the information provided in the newsletter.

Technology 52

Technology 52

Reynolds Holding

APRIL 24, 2023

On April 3, 2023, the Consumer Financial Protection Bureau (“CFPB”) issued a policy statement regarding what constitutes an “abusive” act or practice (the “Policy Statement”). [1] Nevertheless, the Policy Statement will be published in the Federal Register, and comments may be submitted until July 3, 2023. [5]

Banking 45

Banking Marketability 45

Reynolds Holding

OCTOBER 4, 2022

First, it is asserting its authority to hold Meta accountable for following its content moderation policies and conforming those policies with human rights law. Most decisions involve freedom of expression, but the board has also considered cases involving privacy, nondiscrimination, and economic and social rights.

Compliance 72

Compliance 72

ThomsonReuters

OCTOBER 29, 2020

Also, privacy and confidentiality concerns may require particular destruction methods. For example, ERISA fiduciary obligations and HIPAA privacy considerations may require shredding or some other method that permanently obliterates individual information about plan participants and beneficiaries.

Compliance 58

Compliance 58

Benzinga

JULY 19, 2022

The product is designed for privacy management of customer data across multiple cloud platforms. Clients can access data using policy-based controls and can revoke access if and when the need arises. Key Industry Developments: September 2019 : IBM Corporation introduced its new enterprise platform called IBM z15.

Marketability 40

Marketability Technology 40