Development of Privacy Incident Response Tool and Manual
Fortune 50 Health Care Insurance/Managed Care Company
Developed a privacy incident response tool for a Fortune 50 Health Care Insurance and Managed Care company that encompasses the laws and relevant industry guidance of all U.S. states and territories. This tool includes a user-friendly, step-by-step analysis of each state data breach reporting law, the relevant contact information for state regulators for breach notification purposes, and several lists that categorize the state laws by type (e.g., state laws that require reporting to the state attorney general and state laws that include “health information” in the definition of “personal information”). Shipman & Goodwin LLP privacy attorneys also prepared a comprehensive privacy incident response manual that covers all aspects of data breach investigation and response under both HIPAA and state laws.