A post on Dykema’s The Firewall blog considers the question: Who bears the loss from a breach perpetrated by a data breach fraudster: the consumer whose data was compromised, the financial institution where the data was used, or the business that failed to protect the data?

The author, David B. West, writes that the answer depends on which law applies.

“While statutes require banks and their vendors to protect customers’ Personally Identifiable Information (“PII”), the obligation of other businesses to do so is not as well defined,” West explains. “Regulatory obligations to protect data vary by industry and geography.”

He also discusses relying on common law for data breach losses, recovering damages, and the need for consistent ability to recover losses.

Read the article.

The Compliancy Group will present a free webinar focused on mitigation strategies Covered Entities and BA’s alike can take to minimize the risk of data breach or actions prompting an OCR Audit. The webinar will be Wednesday, March 9, beginning at 2 p.m. EST.

Healthcare IT thought leadership and practice managers continually seek ways to foster a culture of alertness when it comes to HIPAA compliance, the company said in a release. They have the dual challenge of staying on the right side of federal regulators and stopping would-be hackers. This is especially true given the potential impact a data breach can have on their organization’s reputation and bottom line. By reflecting on 2015, it becomes clear that covered entities and business associates alike will continue to prepare to mitigate the threat of cyber-attacks and the planned ramp up of OCR Phase 2 Audits.

The webinar will cover:

• Security risks that might initiate an OCR Audit or increase risk of data breach
• Why you should prioritize a Security Risk Analysis
• 6 Cyber Hacking prevention tips
• How to create a culture of a Cyber Security workforce
• What is TLS vs. SSL encryption and why you should care

Register for the webinar.

Clearwater Compliance will present a complimentary webinar featuring industry experts discussing how to assess specific security risks and build a strong business case for enhanced security.

The webinar, titled “How to Calculate the Cost of a Data Breach and How to Get the Budget for Your HIPAA-HITECH Compliance Program,” will be Dec. 3, 2015, from 11 a.m. to 12:15 Central time.

“Even with the increased enforcement of HIPAA and HITECH requirements and the increase in penalties being levied for non-compliance, the security efforts of health care organizations responsible for safeguarding protected health information (PHI) are simply not keeping pace with the growing risks of unauthorized or impermissible disclosures of PHI,” the company says on its website. “Those risks are increasing as a result of the expansion in the number of organizations handling PHI and thus statutorily-obligated to comply with HIPAA, the increase in electronic health record (EHR) adoption and the growing rewards of PHI theft.”

Register for the webinar.