Legal Disclaimer. Copyright Notice

Transcription

1 Legal Disclaimer Although the information provided by Clearwater Compliance may be helpful in informing customers and others who have an interest in data privacy and security issues, it does not constitute legal advice. This information may be based in part on current federal law and is subject to change based on changes in federal law or subsequent interpretative guidance. Where this information is based on federal law, it must be modified to reflect state law where that state law is more stringent than the federal law or other state law exceptions apply. This information is intended to be a general information resource and should not be relied upon as a substitute for competent legal advice specific to your circumstances. YOU SHOULD EVALUATE ALL INFORMATION, OPINIONS AND RECOMMENDATIONS PROVIDED BY CLEARWATER IN CONSULTATION WITH YOUR LEGAL OR OTHER ADVISOR, AS APPROPRIATE. Copyright Notice All materials contained within this document are protected by United States copyright law and may not be reproduced, distributed, transmitted, displayed, published, or broadcast without the prior, express written permission of Clearwater Compliance LLC. You may not alter or remove any copyright or other notice from copies of this content. *The existence of a link or organizational reference in any of the following materials should not be assumed as an endorsement by Clearwater Compliance LLC

2 Are You Ready? What to Expect When the State Attorney General Asks about Your HIPAA Compliance May 2, 2018

3 About Your Speakers Ernâni Magalhães Privacy Counsel Former Deputy Attorney General, Consumer Protection Division, Office of Attorney General Curtis Hill Russel Smith Deputy Attorney General, New Jersey Attorney General Moderator Erin BrisbayMcMahon, JD Senior Director, Legal and Compliance 3

4 Clearwater s Passion We re excited about what we do because we re helping organizations improve patient safety and the quality of care by safeguarding the very personal and private healthcare information of millions of fellow Americans And, keeping those same organizations off the Wall of Shame! 4

5 Some Webinar Logistics 1. Slide materials Link In Chat Box. Should have also received in reminder earlier today. 2. Please ask Questions in Question Area 3. In case of technical issues, check Chat Area 4. All attendees are in Listen Only Mode 5. Please complete Exit Survey when you leave session 6. Recorded version and final slides within 48 hours 5

6 Overview Topics Of Today s Webinar Current trends in State Attorneys General investigations Coordination of investigations Avoiding, understanding, and preparing for a potential investigation Best practices to consider during a SAG investigation How a SAG investigation might end Review of recent SAG cases Mantras: One OCR, 50 State Attorneys General All AG investigations are local 6

7 Current State of Attorney General Enforcement Unprecedented Attorney General Enforcement of Information Privacy and Security Requirements Target, Nationwide Insurance, Adobe Record-setting Attorney General Information Privacy Enforcement Actions 7

8 What You Need to Know about State Attorneys General Catch-all Enforcement Authority of State Laws and Many Federal Laws 50 State Attorneys General *plus D.C., Puerto Rico and various other non-states State Attorney General Structure Compared with OCR s Structure One OCR Many Attorneys General & Special Areas of Focus 8

9 Coordination between Attorneys General and OCR Required Contact between OCR and AGs Advisable Contact between OCR and AGs Coordination beyond Contact? What Coordination or its Absence May Mean for You Coordination among Attorneys Generals Remember: One OCR Many Attorneys General When AGs Decide to Work Together 9

10 What an Attorney General Investigation Looks Like How an Attorney General Investigation Starts Audits? Breach Notice News Comparison with OCR Investigations They Want the Truth: Informal Inquiries Civil Investigative Demands Comparison with OCR Investigative Devices 10

11 Best Practices for Responding to an Attorney General Investigation 1 Understanding your opponent 2 One size does not fit all 3 Cooperate or fight? 11

12 See You in Court? How an Attorney General Investigation May End Lawsuit or agreed judgment Assurance of voluntary compliance Comparison with OCR resolutions Potential Remedies How Attorney General Remedies Differ from OCR Remedies Fines Injunctive requirements 12

13 Recent Cases Aetna New York $1.15 million Virtua Medical Group New Jersey - $418,000 Horizon New Jersey - $1.1 million Download more information about these cases from 13

14 Questions? Ernâni Magalhães Click to edit Master text styles Click to edit Master text styles Click to Erin edit McMahon, JD Master text styles Russell Smith Click to edit Master text styles Click to edit Master text styles Please complete the short exit survey when you leave the webinar. Your feedback is so appreciated! The survey willpop up on your screen automatically. 14

15 At Clearwater Compliance, we have a passion for education. This is why we offer so many complimentary HIPAA compliance and cyber risk management resources. Upcoming Educational Live Web Events May 16 Complimentary Webinar How to Calculate the Cost of a Data Breach & Get the Funding for Your IRM program. May 22 Complimentary Webinar How to Develop Your HIPAA Policies & Procedures For more information & a complete list of upcoming web events please visit:

16 HIPAA & NIST-based CYBER RISK MANAGEMENT BOOTCAMP With Special Medical Device Risk Management Panelist Discussion Dr. Dale Nordenberg, MD Executive Director of Medical Device Information, Safety and Security Consortium (MDISS), Former CIO, National Centers for Disease Control s Center for Infectious Diseases Sue Wang, Technical Lead of the Healthcare Sector Team, National Cybersecurity Center of Excellence (NCCoE) Dan Bowden, CISO, Sentara Health May 3, 10 & 17, :00 3:00pm ET $595 Clearwater Customer Discounts Available In-Depth Virtual Education Earn CPEs 3 Sessions Designed For Busy Professionals Learn More &

17 Resources Grewal v. Virtua Medical Group Final Consent Judgment (March 2018) Massachusetts v. South Shore Hospital, Inc. (May 2012) In re: Hartford Hospital, VNA HealthCare, and EMC Corporation Assurance of Voluntary Compliance (Conn. AG 2015) Massachusetts v. Pioneer Valley Pathology Associates, P.C. Final Judgment by Consent (Jan. 2013) In re: Investigation by Schneiderman, Attorney General of New York, of Aetna Inc. Assurance of Discontinuance (Jan. 2018) Case Comparison Chart 17

18 Thank You. LINKEDIN