Thursday, October 23, 2012, 6:00 PM – 9:00 PM

Cloud computing is becoming more and more common place — both in the business world and the legal profession. Yet with this method of delivery of computing and storage capacity comes a new set of ethical dilemmas that must be addressed, including issues of protecting privacy, trademarks and trade secrets; issues involving sharing of data and compliance; ethical issues regarding storage; security cpncerns — and more.

A panel of experts will use real world examples to discuss the hot button ethical concerns, and provide guidance about adopting best practices.

http://www.nycla.org/index.cfm?section=CLE&page=CLE_Detail&itemID=2864&dateID=20121011

Approved Slides – Download PDF

Recommended Reading:

1) “The Perfect Preservation Letter” – Craig T Ball – www.craigball.com/perfectpreservationletter.pdf

2) Sample Preservation Letter – Email me (raj@brainlink.com) for a sample preservation letter.

3) What Should Attorneys know about CyberForensics? – April Issue of NYCLA’s magazine – http://www.brainlink.com/2012/08/what-attorneys-should-know-about-cyberforensics/

4) The Real Realities of Cloud Computing: Ethical Issues for Lawyers, Law Firms, and Judges – American Bar Association – Download PDF

5) Cloud risks: Technology use tests the attorney-client privilege – http://www.americanbar.org/newsletter/publications/youraba/201203article02.html

6) Issues Paper Concerning Client Confidentiality and Lawyers’ Use of Technology – American Bar Association – Download PDF

7) Cloud Computing – Silver Lining or Thunderstorms for Lawyers – Virginia State Bar – Download PDF

8 ) Think carefully before collecting Data – CSOOnline – http://blogs.csoonline.com/data-privacy/2370/think-carefully-collecting-data?source=CSONLE_nlt_update_2012-09-20

Massachusetts AG Says Having a WISP is Not Enough to Comply With Massachusetts Data Security Regulations

The Massachusetts Attorney General’s Office and Belmont Savings Bank have agreed to resolve allegations that Belmont Savings Bank has violated the Commonwealth’s stringent data security regulations (see our post about 201 CMR 17.00 here) through an Assurance of Discontinuance, which has been filed in Massachusetts state court (see document here). Belmont Savings Bank has agreed to pay a civil penalty of $7,500 and has also agreed to institute new security and training procedures following a breach in May 2011, when an employee left a computer backup tape on a desk overnight, rather than in a storage vault. A surveillance camera showed that the backup tape was inadvertently discarded by the evening cleaning crew and, according to the Attorney General’s Office, was likely incinerated by the bank’s waste disposal company.

While there is no evidence indicating that any customer’s personal information has been acquired or used by an unauthorized person or used for an unauthorized purpose, the Assurance of Discontinuance states that if actual harm to customers results, the Attorney General’s Office will reopen discussions in order to determine appropriate restitution. This is the first settlement related to a violation of the Commonwealth’s relatively new data security regulations. While the Attorney General’s Office entered into a consent agreement with a restaurant chain in April 2011 for data security failures, that alleged breach occurred before the new data security regulations went into effect on March 1, 2010. (See our post about this consent agreement here.)

via Massachusetts AG Says Having a WISP is Not Enough to Comply With Massachusetts Data Security Regulations : Privacy Law Blog.

Last week, BCBS of Tennessee agreed to pay $ 1.5M for HIPAA data breaches.

BCBSoTenn failed to encrypt hard drives containing voicemail files.

 Is YOUR medical practice encrypting hard drives and flash drives embedded within

• Laptops
• Desktops
• Servers
• Copiers
• Voice Mail systems
• And other smart systems?

The settlement is available at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/resolution_agreement_and_cap.pdf.  (more…)

ANSI (the American National Standards Institute ) has produced a phenomenal, and free, report on the financial impact of losing healthcare data.

Highly recommended that you download it from http://webstore.ansi.org/phi/

Still think HIPAA compliance is strictly for the big guys?

Still think your small medical practice or medical billing business is safe from hackers, criminals and litigators?

From the March 12, 2012 NY Times:

The New Year’s Eve burglary of a California office building has led to the collapse of a national medical records firm.

Impairment Resources LLC filed for bankruptcy Friday after the break-in at its San Diego headquarters led to the electronic escape of detailed medical information for roughly 14,000 people, according to papers filed in U.S. Bankruptcy Court in Wilmington, Del. That information included patient addresses, social security numbers and medical diagnoses.

(more…)

Ambulances turned away as computer virus infects Gwinnett Medical Center computers

By Misty Williams and Joel Anderson

The Atlanta Journal-Constitution

Gwinnett Medical Center on Friday confirmed it has instructed ambulances to take patients to other area hospitals when possible after discovering a system-wide computer virus that slowed patient registration and other operations at its campuses in Lawrenceville and Duluth.

Staff members discovered the virus Wednesday afternoon and have been working since then with outside I.T. experts to fix the problem, spokeswoman Beth Okun said. In the meantime, the health system has been forced to switch back to paperwork.

The situation is expected to last through the weekend, Okun said.

via Ambulances turned away as computer virus infects Gwinnett Medical Center computers  | ajc.com.

Raj Goel, CISSPCTOBrainlink International, Inc. raj@brainlink.com 917-685-7731 Raj’s LinkedIn profile

Since 2005, the Ponemon institute has released an annual study comparing the costs of data breach.

According to the latest study, lost record costs range from $ 133 to $249, depending on your industry.

In light of that, the Office Of Civil Right’s penalty for CIGNET set’s new standards at $ 946/record ($ 4.3 million / 4541 records).

This should help healthcare CSOs and CPOs get more attention from their CEOs and CFOs.

The OCR isn’t kidding about HIPAA penalties anymore.

About time.

Raj Goel, CISSP, is chief technology officer of Brainlink International, an IT services firm. He is located in New York and can be reached at raj@brainlink.com.