Author Archives: Richard B. Caplan

Richard B. Caplan

About: Richard B. Caplan

Richard Caplan is a litigation associate in the firm’s Atlanta office. After law school, Richard practiced in New York City for five years, representing firm clients in high-stakes disputes as well as taking on numerous pro bono matters. Following his time in New York City, Richard clerked in Washington, D.C. for Judge Robert L. Wilkins on the United States District Court for the District of Columbia and then in Atlanta for Judge Beverly B. Martin on the United States Court of Appeals for the Eleventh Circuit.

Key HIPAA Settlement Agreements by HHS’s Office for Civil Rights in 2015 & 2016

The last time this blog presented an overview of key HIPAA settlement agreements at the Office for Civil Rights in the U.S. Department of Health and Human Services was a review of 2014.  The number of complaints that year had spiked up compared to 2013: around a 25% increase.  This post will examine key cases from 2015 and 2016.  While the number of complaints in 2015 was relatively steady with 2014, it appears, based on preliminary numbers, that 2016 was the busiest year ever for the Office. HHS has data through November 2016 currently posted on its website, but no …

[ CONTINUE READING ]

Cyber Insurance: Make Sure You Understand Your Coverage

Today, businesses are increasingly purchasing cyber-specific insurance in an effort to mitigate the financial impact of a breach or other cybercrime.  In terms of what might be covered in a cyber insurance policy, there are basically two types of coverage – “first party” coverage and “third-party” coverage.  First party coverage covers the types of losses that your company might suffer directly in the event of a data incident.  That may include losses, some of which may be covered and some not, such as data destruction, denial of service attacks, incident response, crisis management, public relations, forensic investigation, remediation, breach notifications, …

[ CONTINUE READING ]

Cybersecurity Developments at the SEC

In September 2015, the Securities and Exchange Commission took two separate but significant actions related to cybersecurity in the securities industry. Because they occurred so close together, the actions had some people wondering whether they were linked, suggesting an imminent increase in enforcement actions by the agency. Both actions are important, not only to securities firms in particular, but to anyone interested in understanding the agency’s viewpoint when it comes to cybersecurity. But, when viewed in context, the SEC’s recent actions do not appear to signal any meaningful shift in agency behavior. Notwithstanding, they should serve as a reminder to …

[ CONTINUE READING ]

Somebody’s Watching You: What Are the Rules?

In 1984, Kennedy William Gordy, better known as pop artist Rockwell, released his first and ultimately biggest hit: Somebody’s Watching Me.  One can only imagine how Rockwell would have felt if the Internet was in full swing when he sang about his fears. Our behavior on the Internet is of great interest to many different people, including advertisers. They want to know what sites we visit, in part, to provide targeted ads. In other countries, it is common for governments to require that consumers opt-in to user tracking and targeting. But in the United States, several advertising industry associations, supported …

[ CONTINUE READING ]

A Year in Review: Key HIPAA Settlement Agreements by HHS’s Office for Civil Rights

The U.S. Department of Health and Human Services Office for Civil Rights had another busy year in 2014. More resolution agreements were signed by HHS and Covered Entities than in the previous year, and several Covered Entities agreed to pay significant amounts to resolve investigations. Below is a brief summary of the most notable enforcement actions. In March 2014, OCR settled alleged HIPAA violations by Skagit County, Washington, home to approximately 118,000 residents. The County agreed, among other things, to pay a $215,000 monetary settlement. According to OCR, the electronic protected health information of 1,581 people was accessed by unknown …

[ CONTINUE READING ]