Federal Agency to Develop Model Privacy Notice for Healthcare Apps

Healthcare_Apps_for_Android_TabletsOn Friday, February 26, 2016, the Office of the National Coordinator (ONC) for Health Information Technology (HIT) announced via a blog post, that ONC will be updating the Model Privacy Notice (MPN) that, in 2011, ONC developed in concert with the Federal Trade Commission (FTC) for “personal health records” (PHRs), which was the emerging technology at the time.  ONC noted that since 2011, many retail healthcare apps such as exercise trackers and other wearable technology, have emerged and that consumers using such technology should be informed on how data collected through such apps is being used by the app developer and other third parties.  ONC stated that the MPN is “a voluntary, openly available resource designed to help developers provide transparent notice to consumers about what happens to their data.”

Importantly, healthcare app developers should take heed that ONC is not the only federal agency interested in ensuring that there is adequate consumer protection for individuals taking Continue reading

Ten Easy Cyber Security Measures To Add To Your 2016 List Of New Year’s Resolutions

NewYearsEveClockWhen thinking about your 2016 New Year’s resolutions, include some data security resolutions on your list! The Kentucky Chamber of Commerce in coordination with Wyatt Tarrant & Combs, LLP, hosted a Cyber Security and Data Privacy seminar on December 17, 2015. This blog post highlights several ideas for resolutions that came from thoughts expressed by speakers during the seminar. In the coming year, think about what you should be doing to protect your personal identity as well as to protect the personal information of your customers, clients, patients and employees.  Here are ten resolutions to get you started:

RESOLUTION #1 – I will NOT use a credit or debit card at a gas pump. This resolution can serve a two-fold purpose: a) You can make progress toward your 10,000 steps by walking to the cashier window, and b) you can protect yourself from identity theft. Dan Jackman, a cyber security task force officer with the FBI, stated during the seminar that thieves are stealing credit card information from gas pumps and explained how they do it. According to Officer Jackman, there are ONLY five different pump keys for the entire Commonwealth of Kentucky.  So, dishonest fraudsters take a job with a gas station just to get access to the pump key so they can open the pump casing and change out credit card readers, not just at that station but dozens of stations using the same key.  By gaining access to the inside of the pump, they can replace the card reader in a way that it cannot be detected when closing and locking the pump casing.  The fraudster makes the switch in the dead of the night.  Credit/debit cards are being ripped off in a matter of seconds within the time they are used at a pump with a fake card reader. Apparently, this type of theft is rampant in Kentucky.

Officer Jackman recommends going to the window to use a credit card or pay cash (thereby making this a two-part resolution because you will get some steps). If you cannot break the habit of paying at the pump, then use a prepaid card to limit your losses. Avoid using a debit card tied to your checking account. Continue reading

Wyatt to sponsor the Kentucky Chamber’s Cyber Security and Data Protection Seminar

KY Chamber Cyber Security Seminar 2015

Wyatt will be sponsoring the Kentucky Chamber of Commerce‘s Cyber Security and Data Protection Seminar on December 17, 2015 in Lexington, Kentucky.  Kathie McDonald-McClure, Dayo Seton, Lisa Underwood and Martha Ziskind will be presenting on the following topics:

  • Kathie McDonald-McClure – “Is Your Cybersecurity Policy Up to Snuff? Do You Have One?”
  • Dayo Seton and Lisa Underwood – “Breaking Developments in Cyber Privacy Law – Is Your Company in the Know?”
  • Lisa Underwood – “Key Provisions to Address in Agreements with Your Vendors”
  • Martha Ziskind – “Federal Trade Commission Takes Driver’s Seat in Setting Data Privacy and Security Standards (or Not)”

This seminar will provide attendees with information on how to prevent a data breach from occurring and ensure that their company policies are in step with current federal laws and regulations.

Please click here to view the full agenda and register.

Stages 1, 2, And Now 3, Meaningful Use Criteria

The Centers for Medicare & Medicaid Services (“CMS”) proposed Meaningful Use criteria to implement Stage 3 and allow eligible professionals, eligible hospitals and critical access hospitals (“CAHs”) to qualify for incentive payments (or avoid downward payment adjustments) under the Medicare and Medicaid Electronic Health Record (EHR) Incentive Program implemented by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act of 2009. stethoscope, keyboardThen CMS made changes to Stage 1 and Stage 2 Meaningful Use criteria to better align with the proposed Stage 3 criteria just two weeks later.

On March 30, 2015, CMS published a long-awaited proposed rule which, if finalized, would implement Stage 3, making changes to the objectives and measures of meaningful use for providers effective in Continue reading

April 1 Deadline for Hospitals to Earn EHR Incentives

The Centers for Medicare & Medicaid Services (CMS) reminds hospitals that 2015 is the last year for eligible hospitals to begin participating in the Medicare Electronic Health Record (EHR) Incentive Program and earn incentive payments.

In order to earn a 2015 incentive payment, be eligible for a 2016 incentive payment, and avoid a 2016 payment reduction (called an “adjustment”), first-time hospital participants should:

  • Begin their 90-day reporting period no later than April 1, 2015 and
  • Attest by July 1, 2015.

Eligible hospitals that do not start their 90-day reporting period on April 1, 2015 have one last chance to earn a 2015 incentive payment if they begin their reporting period by July 1, 2015 and attest by Continue reading