Archive

Tennessee will become the first state to require companies to notify consumers of data breaches in which their personal information was breached, even if that information was encrypted. On March 24, 2016 Tennessee's Governor Bill Haslam signed SB2005/HB1631, amending Tennessee's Identity Theft Deterrence Act the "ACT") (Tenn. Code § 47-18-2107) to eliminate its safe-harbor for encrypted information.

On March 31, 2016, in the matter of Government Employees Ins Co v Avanguard Medical Group PLLC (--- N.E.3d ----, 2016 WL 1247701 (N.Y.), 2016 N.Y. Slip Op. 02473), the Court of Appeals held that, unlike hospitals and ambulatory surgery centers that are regulated under Article 28 and licensed by New York State through the Department of Health, office based surgery centers, which are not licensed by the State, are not entitled to reimbursement of facility fees. Unlike the former, there is no specific fee schedule (adopted by the Superintendent under the No-fault law) that provides for the reimbursement of facility fees to office based surgery centers and, therefore, they are not entitled to reimbursement. This is a significant ruling in that owners of office based surgery centers are often also the service providers, significantly increasing their fees at the expense of reducing the amount of coverage otherwise available to claimants under their No-fault policies. In that regard, the decision further promotes the cost containment objectives of the No-fault law.

On March 29, 2016, in the matter of Liberty Mutual Fire Insurance Company, et al. v Isaac Shapson, et al. (13-cv-05046-ENV-PK), Judge Eric N. Vitaliano of the United States District Court for the Eastern District of New York rejected medical professional corporations' attempt to invoke the doctrine of Primary Jurisdiction to stay Liberty Mutual's fraud-based affirmative recovery action pending an investigation by the New York State Department of Financial Services ("DFS"). Defendants argued that under section 5109 of the Insurance Law, which authorizes the DFS to investigate and de-authorize health providers from submitting claims through the No-fault system, Liberty Mutual's action should be stayed pending an investigation and determination by DFS as to whether the professional corporations at issue were fraudulently incorporated. In general, the doctrine of primary jurisdiction applies in instances where, although a claim may be brought in court, an administrative agency is imbued with special competence to determine an issue that is the subject of the court claim and, therefore, should decide that issue before proceeding in court.

Six months after adopting its Principles for Effective Cybersecurity Insurance Regulatory Guidance in order to guide insurers, producers, and other regulated entities to join forces in identifying risks and adopting practical solutions to protect information entrusted to them, the National Association of Insurance Commissioners' (NAIC) Cybersecurity Task Force has adopted a Cybersecurity Bill of Rights aimed at assisting consumers when their sensitive information is breached. The Cybersecurity Bill of Rights will be made available for state insurance departments to publish for local consumers (although the rights may vary depending on individual state laws or federal law), and is designed to describe to consumers what they can expect from insurance companies, agents, and other businesses when they collect, maintain, and use personal information

NetDiligence's Fifth Annual Cyber Claims Study, released yesterday, has found that Small Businesses still make up the majority of claims made pursuant to cyber-insurance policies.