This Center for Democracy & Technology Policy Post explains how government access to identifiable health information is addressed by the PATRIOT Act, the HIPAA Privacy Rule, as well as the statutes and regulations protecting the confidentiality of patient information that is held by federally funded substance abuse treatment facilities and programs.
DLA Piper produced this handbook that sets out an overview of the applicable privacy and data protection laws and regulations across 63 different jurisdictions. (March 2013)
This is part of a series of guidance from the UK Information Commissioner’s Office that explains what organizations, and individuals who process personal data for purposes such as running a business, need to consider when they run, contribute to or download personal data from online forums such as social networking sites, message boards or blogs.
Davis Wright Tremaine is pleased to offer IAPP members complementary access to a section of its comprehensive HIPAA Audit Toolkit. This section assists healthcare providers with ensuring that they are providing individuals with access to their protected health information in compliance with HIPAA. This section is taken from the privacy assessment tool, one of several tools within the toolkit, which assists healthcare providers with ensuring that they maintain appropriate policies and procedures, training and documentation in compliance with the Standards for Privacy of Individually Identifiable Health Information.
The National Conference of State Legislatures has posted a list of states that have enacted laws that require entities to destroy, dispose, or otherwise make personal information unreadable or undecipherable.
Revision 4 of the NIST guidelines released in April of 2013. This publication provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations, organizational assets, individuals, other organizations and the nation from a diverse set of threats. The security and privacy controls are customizable and implemented as part of an organization-wide process that manages information security and privacy risk.
This chart from the National Conference of State Legistaltures summarizes the identity theft criminal penalties, restitution and identity theft passport laws.
This guidance from the UK Information Commissioner’s Office offers a set of questions and approaches an organisation should consider, in conjunction with a prospective cloud provider, in order to ensure that the processing of personal data done in the cloud complies with the Data Protection Act.
IT Manager Daily provides this sample of a basic cloud computing policy template that organizations can customize to fit their needs.
This site lists national privacy laws by country as well as U.S. state and federal privacy laws including links to actual text. It also includes a section on legal updates and news.
In this report from Wisegate, you’ll get practical insights from senior privacy and security officers on how to balance privacy and data protection compliance requirements with the need for continued business growth and innovation.
This article offers ten ways to supplement your training activities and bolster your awareness program to minimize privacy errors causing inadvertent data loss.
The complete suite of HIPAA Administrative Simplification Regulationsis an unofficial version offered by the Department of Health and Human Services that presents all the regulatory standards in one document. It includes transactions and code set standards, identifier standards, the privacy rule, the security rule, the enforcement rule and the breach notification rule.
This Close-Up provides tools and research to help covered entities and business associates make sense of the Health Insurance Portability and Accountability Act.
In this paper, Boris Segalis, CIPP/US, of InfoLawGroup LLP offers a detailed look at the key changes to HIPAA that are likely to affect most covered entities. Segalis also discusses additional requirements that will mostly affect covered healthcare providers and some non-covered entities, suggesting action items where appropriate.
Page 4 of 11 pages ‹ First < 2 3 4 5 6 > Last ›