Which are the relevant federal regulators?

/in /by

Which are the relevant federal regulators? – What are the relevant state regulations?
NYC Health Care (NYCHC) is an insurance provider based in New York, New York. You have just been hired as the companys Chief Compliance and Privacy O?cer, and have been asked by the CEO and CLO to do a privacy assessment. You are not being asked to develop any policies, you are simply being asked for relevant information. Because you are brand new, you only know a few things about the company, but you should feel confident that you know enough to get started. Heres what you know: – The company has approximately 3,000 employees. Most of them are based in New York City, but some are outside of the city, and some reside in other parts of the country. You know you have remote employees in California and Illinois, for example. – You provide a number of di?erent insurance products to large and small employers. Your contract is with the employers themselves, but you process health insurance data from their employees both to keep records and to process claims made when they visit hospitals or clinics. While these providers and employers are primarily in NYC, many covered employees are strewn about the country. – The last time the privacy policy was updated was in 2010. – There is no written security policy. – There is no data breach response plan. – The company has an IT department of 2 people. What should the company do to make sure it has adequate data privacy protections? What are the steps you recommend taking to become compliant? In addition, the CEO and CLO want to know the following: – Which are the relevant federal regulators? – What are the relevant state regulations? In particular, the company wants to know whether the NYCRR 500 applies to the company, and what to do to become compliant with the California Consumer Privacy Protection Act of 2018. Please structure your memo in a way that answers these questions but that also provides a coherent plan for privacy compliance, with the rationales being given for each step you provide. Format guidance: Your memo should be between 7 pages long, double-spaced 12 point Times New Roman font, with 1 inch margins. If you must quote legal language extensively, please do so in an appendix that will not count toward the page length. 1. Write clearly. This is of course easier said than done, but clear writing reflects clear thinking. I will understand better what you are trying to convey if you take the time to be clear. If I have to work hard to fill in the gaps, make necessary inferences, or figure out what you were trying to say, then you have not made your writing clear enough. There are a few specific things you can do to help make your writing clear: Avoid typos. I cannot emphasize this enough. I am OK with typos in your discussion board posts (and there are many), because its meant to be an informal discussion. But this is different. Please take the time to both edit and proofread your work. Of course no one is perfect – myself included. But first drafts (which are by definition unedited) will never reflect your best effort. The best writers are editors. And good memos are not written on the due date! Avoid throat-clearing. I am not looking for a page of introductory text telling me how important privacy is. You really dont need any ramp-up. I am looking for you to discuss, analyze, and resolve the issues presented. If you find yourself needing filler and playing with page margins, reach out to me to make sure you understand the assignment. Avoid redundancy. While summaries and conclusions are fine if done well, please avoid repeating ideas in your memo that you have previously stated. Have a reason for everything you write. Organize well. Make sure I will be able to follow your argument and analysis, and that you have presented it logically and with enough markers to help guide me to where youre going. 2. Favor analysis over description. While you will need to do some describing in your memo, it is not useful to tell me the history of HIPAA and the structure of the regulations if what Im trying to understand is whether you can apply the law to the facts. The worst thing you can do is use a page or more of space in your memo so you can simply cut and paste the regulations. Work the text of a law into your analysis as necessary to make your argument. 3. Make sure you have read and understood what the case study asks. This might sound obvious, but students ignore key parts of the fact pattern all the time. Dont be one of them. Im not looking for a right answer. Im looking for a solid, tight analysis clearly written.