Physician Practices, Health Care Organizations See Own Staff as Source of Security Breaches  OncLiveA security breach from an insider remains a major challenge, according to the … Data Breach Response Plan: More than half of the respondents (54%) … Student Data Privacy Bill Would Close a Loophole in Current Law  Government Technology California legislation is designed to hold K-12 companies accountable for how they store and use student data. by Tanya Roscorla, Center for Digital … Hacked in 20 Minutes: Social Engineering Done Right   PC Magazine He asked if he could borrow the employee’s computer. When he sat down, the employee was still logged in, which meant he could do whatever he … Major Apple security flaw: Patch issued, users open to MITM attacks   ZDNet Data Security. Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later. Impact: An attacker with a privileged network…       Read More

I recently evaluated a claim with facts somewhat similar to the following: The claimant sustained a right knee injury in January of 2003, which was accepted as compensable. The claimant received medical benefits and was paid income benefits for a period of time until being released back to regular duty work in October of 2003. Fast forward ten years (during which time the claimant continually worked her regular duty job), and in October of 2013, the claimant now says that she needs a right knee replacement. What’s more, she says that it’s related to the 2003 work accident. Is there a statute of limitation defense? Should this claim be picked up?  First, it’s important to note that under Georgia law, there are two Statutes of Limitation (SOL): the “all issues” SOL, and the “change in condition” SOL. In situations where the “all issues” SOL applies, an injured worker’s claim is…       Read More

Security breach roundup: Kickstarter, Arizona pension fund, Korean credit cards  The OregonianThe Arizona public employees pension fund notified members of a data breach last week — a breach that officials learned about last fall. The Arizona … Facebook must comply with German data protection law, court rules  PC World Facebook has to comply with German data protection law, the Higher Court of Berlin ruled in a decision that directly contradicted an earlier decision by … 3 Reasons Your Medical Records Are at Risk   Fox Business In addition to defending themselves against data breaches, health systems also need to find the right balance to adequately protect their patients’ … More firms buying insurance for data breaches   Boston Globe Last year, cyber insurance polices sold to retailers, hospitals, banks, and … ‘Cyber risk and cyber insurance has really got the attention of the board … Kickstarter hacked, user data stolen…       Read More

On February 12, 2013, President Obama issued Executive Order 13636, “Improving Critical Infrastructure Cyber Security”, which called for a set of industry standards and best practices to help organizations manage cyber security risk.  Pursuant to this Order, on February 12, 2014, the National Institute of Standards and Technology (“NIST”) issued the “Framework for Improving Critical Infrastructure Cyber Security.”   Critical infrastructure is defined as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”  Although compliance is voluntary, good risk management dictates compliance with the Framework.  The Framework focuses on considering cyber security risks as part of an organization’s risk management process.  The Framework also includes a methodology to protect individual privacy and civil liberties when…       Read More

Three recent Court of Appeals of Georgia opinions discuss the impact of the Federal Arbitration Act (“FAA”), 9 U.S.C. § 1 et seq., on disputes in Georgia.  These cases further demonstrate that disputes arising from arbitration agreements governed by the FAA are much more likely to actually be arbitrated than are disputes arising from agreements governed exclusively by the Georgia Arbitration Code. Davidson v. A. G. Edwards & Sons, Inc. (FAA preempts Georgia’s signature requirement; FAA preempts Georgia’s prohibition against arbitration of “personal bodily injury” claims; and post-termination claims touching on the employment contract are arbitrable): In the first case, Davidson v. A. G. Edwards & Sons, Inc., the employment contract of Davidson, a broker/dealer who served clients in at least 16 states, included an arbitration clause stating that any controversy between Davidson and his employer in respect to the agreement or his employment shall be resolved by arbitration. Davidson…       Read More

Yahoo Usernames and Passwords Stolen in Cyberattack  WHSVYahoo email users were targets of a security breach as hackers stole usernames and passwords. Obama administration calls for tougher cyber security law  USA TODAY The Obama administration recommends a uniform federal standard requiring businesses to quickly report thefts… Most health IT execs unprepared for a data breach   FierceHealthIT Health IT executives aren’t exactly prepared to weather any storm–most don’t feel prepared for security breaches or unplanned outages, according to a new survey. Stars align for data security legislation   The HIll (blog) After headline-grabbing hacks at familiar retailers, lawmakers and analysts say the time could be right for a new data security law. A new approach to mobile data security   SC Magazine The past few months have been a little alarming when it comes to mobile data security. Scandals seem to break out every other week. For a lot of…       Read More

The uncomfortable truth is that many dental professionals will, at some point in their careers, have a law suit filed against them by a patient. It’s not pleasant to think about, and something to steadfastly avoid, but the odds are ever increasing that it will happen eventually. There are some proactive steps that any dental professional can take to limit their liability with regards to malpractice cases, and many of them boil down to your paper trail. So, what kind of documentation should a sufficiently cautious dental practitioner keep on hand? Patient consent forms should be on hand for every procedure that your office offers. Specialized forms should spell out in detail the general course of the procedure, any risks involved, and any follow-up treatment or recovery recommendations for the patient. It’s also a good idea to have a general dental treatment consent form which covers the procedures performed at…       Read More