August 25, 2015 Articles

The Legal Cybersecurity Landscape for Pipeline Companies

The potential coalescence of legal standards and best practices into an applicable standard of care.

By Jay Johnson – August 25, 2015

A Connecticut court recently determined that the Health Insurance Portability and Accountability Act privacy rule, 42 U.S.C. § 1320d-6, and its implementing regulations “may be utilized to inform the standard of care applicable to . . . claims arising from allegations of negligence in the disclosure of patient’s medical records pursuant to a subpoena.” Byrne v. Avery Ctr. for Obstetrics & Gynecology, 2014 WL 5507439, at *8 (Conn. Nov. 11, 2014). In other words, the court determined that federal health care information privacy standards may be used to define the applicable standard of care against which the defendant company will be judged when defending a state law tort claimByrne is limited to tort claims based on health care information in Connecticut. Nonetheless, proactive energy pipeline compliance professionals should be mindful of what the decision more broadly may signal—namely, an attempted coalescence, by plaintiffs, of otherwise inapplicable or voluntary legal standards and best practices into an applicable standard of care against which a company’s cybersecurity practices may be judged.  


Premium Content For:
  • Litigation Section
Join - Now