Cyber Laws You Should Know
In the previous post about cyber law, we outlined the broad and rapidly evolving area of cyber law in general terms. In this second post, we’ll dive into several specific laws that fit within the broad rubric of “cyberlaw” with a focus on U.S. laws. It’s important to emphasize that the U.S.–unlike many other countries–does not have a general consumer data privacy or cybersecurity law. Instead, we have a patchwork of laws at the federal and state levels, making compliance complex and challenging, as these laws sometimes conflict with each other.
Industry Cyber Laws
Health Insurance Portability and Accountability Act of 1996 – HIPAA
The Health Insurance Portability and Accountability Act(HIPAA) was passed in 1995 and led to the development of the HIPAA Privacy Rule in 2003 and the HIPAA Security Rule in 2005. These two rules collectively prohibit covered entities from disclosing patients’ protected health information (PHI) without patient consent and require those same entities to take specific measures to protect that information. HIPAA is a national standard that establishes the safe transfer of data between health care providers to deliver quality care. Moreover, it gives patients control of their personal healthcare information.
To adhere to the HIPAA Security Rule, every healthcare provider or covered entity must designate a HIPAA Security Officer. This is the person who leads the team and is held responsible for complying with HIPAA security standards. In addition, they must highlight compliance requirements on the security and privacy policies and the medical facility. The Chief Information Security Officer (CISO) often serves in this role for large-scale healthcare providers.
The Health Information Technology for Economic and Clinical Health (HITECH) Act is another law related to HIPAA and cybersecurity. Enacted in February 2009, the law requires increased use of electronic health records (EHR), as its acronym so cleverly reveals. EHR allows interconnectivity and makes sharing information to coordinate health treatment much easier but also raises increased security and privacy concerns.
Healthcare Cyber Laws
Healthcare is one of the most frequently targeted industries for ransomware attacks. Forty-three percent of healthcare providers admit that they do not have fully developed security programs in place putting them at risk for substantial penalties under federal and state law. As a result, healthcare is a leading industry for cybersecurity and privacy professionals who understand this complex legal and regulatory environment.
The Master of Legal Studies in Cybersecurity and Data Privacy from Cleveland Marshall College of Law can help CISOs or the designated Security Officer at a small healthcare provider understand these complex laws and develop a comprehensive compliance program. There is no one-size-fits-all in HIPAA compliance, and our degree is here to teach how scalable and attainable it is.
The HIPAA and Privacy course provides a comprehensive survey of these issues. While it focuses on HIPAA, the course also covers critical state laws that govern medical information privacy and relevant administrative regulations and processes.
Cleveland-Marshall’s Master of Legal Studies In Cybersecurity and Data Privacy
Cleveland-Marshall’s innovative online Master of Legal Studies (MLS) in Cybersecurity and Data Privacy takes an integrative approach to education, preparing professionals to understand the technical and business dimensions of cybersecurity and privacy as well as current laws and regulations.
The part-time and fully online program is led by faculty from the Center for Cybersecurity and Privacy Protection at Cleveland-Marshall College of Law and other leading practitioners in the field, focusing on relevant, real-world experience. Also, the MLS degree is designed for professionals who need to understand the significant legal and business risks posed by cybersecurity and data privacy. Lastly, the program prepares graduates with the knowledge and necessary skills to enter these fast-growing fields and advance to senior positions within organizations.