Articles Tagged with Internet of Things

Published on:

SVLG Shareholder Stephen Wu will host a conference call program on the recent Equifax data breach on October 25, 2017 at 10 am Pacific/1 pm Eastern. While the Equifax is not the largest ever in terms of the total number of records affected, by some estimates, it affected about half of the population in the United States. With a breach that large, legislators and regulators are considering what new policies may help to prevent future large-scale breaches.

For businesses that create, receive, maintain, and transmit personal data, the Equifax breach raises the question of what changes are necessary to keep up with evolving data security threats. According to news reports, the breach occurred because of a failure in patch management — a failure to implement a publicly available patch to a known security vulnerability for a period of months. Are there emerging threats that warrant changes in patch management practices? Or did the Equifax breach occur because of the company’s failure to take care of the basic patch management steps. We will explore these questions in this program.

The program will generally explore the technical and legal ramifications of the breach.  What are the prospects for liability? What compliance challenges does the breach highlight? Are there changes in documented practice and procedure that the breach would suggest?

Published on:

Silicon Valley Law Group is pleased to announce the publication of Attorney Stephen S. Wu’s new book: “A Guide to HIPAA Security and the Law – Second Edition.” The American Bar Association published his book last month. The book provides detailed information about healthcare information technology security legal requirements and how covered entities and business associates can comply with them.

Also, please join us for a special Meetup presentation, in which Steve Wu will share his thoughts on an important topic covered in one of his book’s chapters: the impact of emerging technologies on HIPAA security compliance. The program is on September 28, 2016 at 10:00 a.m. Pacific Time at SVLG’s offices. A dial-in is available for those unable to attend in person.

The Department of Health and Human Services issued the HIPAA Security Rule in 2003 to impose information technology security requirements on HIPAA covered entities:  healthcare providers, health plans, and healthcare clearinghouses.  Later legislation and regulation also imposed HIPAA security requirements on various “business associates” of these covered entities.  Despite some changes in coverage and the breach notification rule, the core HIPAA security requirements have remained unchanged since 2003.  Nonetheless, technology trends such as cloud computing, social media, and mobile computing required applying the existing rules to new technologies.  Moreover, we are now facing dramatic and sweeping changes with augmented and virtual reality systems, Big Data, 3D printing, healthtech, the Internet of Things, robots, and artificial intelligence systems.