The e-Workplace: Balancing Privacy and Information- Security to Manage Risk Presented by: Roger Hood, Partner Duffy & Sweeney, LTD.

Slides:

Advertisements

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP

Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

© The Association of Independent Schools of NSW ICT Conference Canberra Legal Ramifications Cathy Lovell Senior Advisor Employment Advisor 31 May 2013.

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

2014 HIPAA Refresher Omnibus Rule & HIPAA Security.

Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.

Division of Information Resources Collaborating with Office 365 Storage Options and Classifications.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

Visa Confidential1 Card Regulation; Pricing and Security Paul Russinoff State Government Relations.

CLOUD COMPUTING EMPLOYMENT LAW IMPLCIATIONS LEXPERT CLOUD COMPUTING CONFERENCE 2012 CLOUD COMPUTING: A PRACTICAL APPROACH PETER C. STRASZYNSKI

Employment Law Implications Cloud Computing Peter C. Straszynski LEXPERT Cloud Computing Conference 2013 November.

Policy 6460 Staff Use of Computerized Information Resources Regulation 6460 R-Staff Use of Computerized Information Resources Regulation 6460 R.2 Staff.

Copyright 2014 TOP TEN LEGAL ISSUES WITH. NUMBER 10: Are we friends?

What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

THE WHY AND HOW OF DATA SECURITY YOUR ROLE IN DATA STEWARDSHIP DEPARTMENT OF MEDICINE IT SERVICES.

The employment relationship as the privacy laboratory Elizabeth Denham Information and Privacy Commissioner for B.C. Privacy, Law and the Contemporary.

1 Developed by: U-MIC To start the presentation, click on this button in the lower right corner of your screen. The presentation will begin after the.

Protecting Sensitive Information PA Turnpike Commission.

Privacy and Security Risks in Higher Education

FLSA: Raising the Bar for Employee Exemptions How Will It Affect Your Organization? Presented by John S. Gannon, Esq.

Introduction to the West Virginia Executive Branch Privacy Policies Executive Branch Privacy Program Education & the Arts Presented by Heather Butler,

Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Wireless Password:  “The cloud” is real  Electronic data growth is rapid and pervasive  Employees use the cloud to conduct government work.

PRIVACY AND INFORMATION SECURITY ESSENTIALS Information Security Policy Essentials Melissa Short, IT Specialist Office of Cyber Security- Policy.

Quality Integrity Stewardship Courtesy Care Accountability Medical Records ARMA Florida Gulf Coast Chapter Michael Spake Lakeland Regional Medical Center.

ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.

Building a Privacy Foundation. Setting the Standard for Privacy Health Insurance Portability and Accountability Act (HIPAA) Patient Bill of Rights Federal.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

Working with HIT Systems

C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.

HITECH and HIPAA Presented by Rhonda Anderson, RHIA Anderson Health Information Systems, Inc

Robert J. Scott. Agenda Licensing Models Perpetual vs. Subscription User vs. Device Agreement Types Microsoft Business and Services Agreement Online Subscription.

Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.

Staying ahead of the storm: know your role in information security before a crisis hits Jason Testart, IST Karen Jack, Secretariat.

Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.

Data Security and Privacy Overview and Update Peter Moldave October 28, 2015.

TOP 10 DHS IT SECURITY & PRIVACY BEST PRACTICES #10 Contact The Office of Systems & Technology for appropriate ways to proceed if you need access to.

HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.

Functioning as a Business Associate Under HIPAA William F. Tulloch Director, PCBA March 9, 2004.

AAMC Contact: Ivy Baer Accounting for Disclosures Under HIPAA Proposed Rule: 76 Federal Register 31426, May 31, 2011.

Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.

ANNUAL HIPAA AND INFORMATION SECURITY EDUCATION. KEY TERMS  HIPAA - Health Insurance Portability and Accountability Act. The primary goal of the law.

BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.

HIPAA TRIVIA Do you know HIPAA?. HIPAA was created by?  The Affordable Care Act  Health Insurance companies  United States Congress  United States.

The Impact of Social Media on Employment Law Carmel Sunley Sunley Solicitors Limited.

The Medical College of Georgia HIPAA Privacy Rule Orientation.

New Hire HIPAA Orientation. HIPAA Overview HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of HIPAA.

Legally Well: Avoiding Legal Issues with Your Wellness Plans Sarah E. Pawlicki, Esq., SPHR Eastman & Smith Ltd.

Health Insurance Portability and Accountability Act (HIPAA) Primer for Observers, Volunteers, Medical Students Dr. Michael Palumbo- Privacy Officer/ EVP.

HIPAA PRIVACY & SECURITY TRAINING

Chapter 10 Cyberlaw, Social Media, and Privacy

Contingent Workforce: Global Privacy Laws Overview

Introduction to Soonr by ….

Privacy & Access to Information

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Making Your IRBs and Clinical Investigators HIPAA-Ready

HIPAA Overview.

Introduction to the PACS Security

Presentation transcript:

The e-Workplace: Balancing Privacy and Information- Security to Manage Risk Presented by: Roger Hood, Partner Duffy & Sweeney, LTD

The e-Workplace WHAT WILL WE COVER TODAY?  “Wearable Tech”  Data & Rights  Laws Affecting Wearables  The Cloud  Workplace Policy Considerations

The e-Workplace The IoT

The e-Workplace The World of “Wearable Tech”

The e-Workplace

 Ownership Rights –  (1) Who owns the device?  (2) Who owns the device data?  Privacy –  Who has access to device data?  Use Rights –  What data can be collected?  Who can use the data?  For what purposes can the data be used?  For what purposes can data be disclosed?

The e-Workplace  HIPAA –  Is the data considered PHI?  Data Protection –  Who is responsible for data security?  Storage –  Where is data stored?

The e-Workplace PRIVACY LAWS:  State  HIPAA/ADA/GINA/EEOC  GLB  DoD  International  PCI

The e-Workplace The e-Workplace - State Privacy PRIVACY and SOCIAL MEDIA Connecticut (Public Act No. 15-6) Massachusetts (S.B. No. 962 and 991) Rhode Island (RIGL ) Requiring applicant or employee to disclose their user name or password for social media account Prohibited unless service is provided by Employer, and use of account is for Employer’s business purposes N/A; proposed legislation pending Prohibited Requiring applicant or employee to add Employer to friend or contact list Prohibited N/A; proposed legislation pending Prohibited Requiring or requesting that an applicant or employee change the privacy settings of their social media account N/A Prohibited

The e-Workplace The e-Workplace - State Privacy Requiring or requesting an applicant or employee to disclose information that allows access to or observation of their social media account N/A N/A; proposed legislation pending Prohibited Requiring or requesting that an applicant or employee access their social media account in Employer’s presence Prohibited N/A; proposed legislation pending Prohibited Requiring or requesting that an applicant or employee divulge personal social media N/A Prohibited

The e-Workplace The e-Workplace - State Privacy Viewing information about an applicant that is available to the public Allowed Inspecting employees’ personal social media in connection with workplace investigations Allowed

The e-Workplace CLOUD STORAGE  Cap on damages?  Storage locations?  Disaster recovery?  Notice of breach requirements?  ISO 27018?

The e-Workplace HOW DOES WEARABLE TECHNOLOGY AFFECT YOU?  Employers  Ability to collect and analyze employee data  Track efficiency  Streamline operations  Employees  Track data in and out of work  Data collection  Protection of confidential information

The e-Workplace MOBILE DEVICE MANAGEMENT POLICY  Know your data  Know your regulatory requirements  Keep enterprise data in separate, encrypted containers on smart devices

The e-Workplace WHAT HAVE WE LEARNED? All data has value Productive mobility of wearable tech Review your Mobile Device Management Policy

The e-Workplace STAY TUNED … … more international, federal and state legislation daily!

The e-Workplace Discussion. Questions. Comments. Roger Hood, Partner Duffy & Sweeney, LTD

Employers Association of the NorthEast 67 Hunt Street PO Box 1070 Agawam, MA Interstate Lane Waterbury, CT Midstate Drive Auburn, MA Toll Free – Blackstone Valley Place Suite 402 Lincoln, RI