About

Conor Duffy is a member of Robinson+Cole's Health Law Group and the firm's Data Privacy + Security Team. Mr. Duffy advises hospitals, physician groups, accountable…

Conor Duffy is a member of Robinson+Cole's Health Law Group and the firm's Data Privacy + Security Team. Mr. Duffy advises hospitals, physician groups, accountable care organizations, community providers, post-acute care providers, and other health care entities on general corporate matters and health care issues. He provides legal counsel on a full range of transactional and regulatory health law issues, including contracting, licensure, mergers and acquisitions, the False Claims Act, the Stark Law, Medicare and Medicaid fraud and abuse laws and regulations, HIPAA compliance, state breach notification requirements, and other health care regulatory matters. Read his full rc.com bio here.

More Posts

On June 16, and then on July 6, 2021, Connecticut Governor Ned Lamont signed into law a pair of bills that together address privacy and cybersecurity in the state. As cybersecurity risks continue to pose a significant threat to businesses and the integrity of private information, Connecticut joins other states in revisiting its data breach reporting laws to strengthen reporting requirements, and offer protection to businesses that have been the subject of a breach despite implementing cybersecurity safeguards from certain damages in resulting litigation.

Public Act 21-59 “An Act Concerning Data Privacy Breaches” (PA 21-59) modifies Connecticut law addressing data privacy breaches to expand the types of information that are protected in the event of a breach, to shorten the timeframe for reporting a breach, to clarify applicability of the law to anyone who owns, licenses, or maintains computerized data that includes “personal information,” and to create an exception for entities that report breaches in accordance with HIPAA. Public Act 21-119 “An Act Incentivizing the Adoption of Cybersecurity Standards for Businesses” (PA 21-119) correspondingly establishes statutory protection from punitive damages in a tort action alleging that inadequate cybersecurity controls resulted in a data breach against an entity covered by the law if the entity maintained a written cybersecurity program conforming to industry standards (as set forth in PA 21-119).

Both laws take effect October 1, 2021.

About

Conor Duffy is a member of Robinson+Cole's Health Law Group and the firm's Data Privacy + Security Team. Mr. Duffy advises hospitals, physician groups, accountable…

Conor Duffy is a member of Robinson+Cole's Health Law Group and the firm's Data Privacy + Security Team. Mr. Duffy advises hospitals, physician groups, accountable care organizations, community providers, post-acute care providers, and other health care entities on general corporate matters and health care issues. He provides legal counsel on a full range of transactional and regulatory health law issues, including contracting, licensure, mergers and acquisitions, the False Claims Act, the Stark Law, Medicare and Medicaid fraud and abuse laws and regulations, HIPAA compliance, state breach notification requirements, and other health care regulatory matters. Read his full rc.com bio here.

Subscribe: Subscribe via RSS