On April 11, 2025, the Department of Justice's National Security Division (NSD) issued additional guidance to assist U.S. organizations in understanding and complying with the Data Security Program (DSP). As discussed in our...more
4/24/2025
/ Data Security ,
Data Transfers ,
Department of Justice (DOJ) ,
Export Controls ,
Final Rules ,
Foreign Adversaries ,
National Security ,
New Regulations ,
Personal Data ,
Regulatory Requirements ,
Sensitive Personal Information
In the final days of the Biden administration the U.S. Department of Justice (DOJ) issued a sweeping set of regulations which are in effect as of yesterday, April 8, 2025. The regulations focus on cross-border data transfers...more
4/9/2025
/ China ,
Compliance ,
Cross-Border Transactions ,
Data Privacy ,
Department of Justice (DOJ) ,
Final Rules ,
International Data Transfers ,
National Security ,
Personal Data ,
Regulatory Requirements ,
Russia ,
Sensitive Personal Information
In late February, California lawmakers introduced new legislation that would impose sweeping restrictions on the use of location and tracking data. Known as the California Location Data Act (CLDA), this legislation goes a...more
On May 6, 2024, OCR published the final rule interpreting and implementing Section 1557 at 45 C.F.R. § 92 (the Final Rule). The Final Rule regulates the use of patient care decision support tools, including AI algorithms for...more
1/24/2025
/ Artificial Intelligence ,
Automation Systems ,
Covered Entities ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Care Providers ,
Healthcare ,
OCR ,
Regulatory Requirements ,
Risk Management ,
Section 1557
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) on December 27, 2024, to update the Health Insurance Portability and Accountability Act...more
The HIPAA Privacy Rule to Support Reproductive Health Care Privacy went into effect on June 24, 2024. The 2024 Final Rule strengthens privacy protections for medical records and other health information related to...more
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently settled two ransomware cases with covered entities. These cases signal the government's growing concern with health care...more
10/11/2024
/ Corrective Action Plans (CAPs) ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Violations ,
OCR ,
Popular ,
Ransomware ,
Risk Assessment ,
Settlement
In today's digital age, the health care industry faces a growing threat from scammers who don't have to use sophisticated cyberattacks; they can use the most routine task to steal information from unwitting and...more
There has been a notable emphasis on proactive enforcement of the privacy and security of protected health information in recent weeks as evidenced by multiple developments regarding compliance with the Health Insurance...more
Are you a health care provider, business associate, or other entity subject to the requirements of the Health Insurance Portability and Accountability Act (HIPAA) regarding the use and disclosure of protected health...more
It is official. On July 26, 2023, the Securities and Exchange Commission (SEC) passed rules regarding reporting "material cybersecurity incidents" within four business days of the determination, which will surely vex...more
On May 31, 2023, renowned managed file transfer solution provider Ipswitch, Inc. revealed a zero-day vulnerability in its flagship solution, MOVEit Transfer, that can enable mass data theft from thousands of organizations....more
On Thursday, May 19, 2023, the Federal Trade Commission (FTC) issued a notice of proposed rulemaking and a request for public comment on proposed changes to the Health Breach Notification Rule (HBNR or, the Rule) that would...more
Artificial Intelligence (AI), including ChatGPT, has now ushered its way regularly into management conversations. How can AI benefit an organization, provide it with a competitive advantage, or make it more efficient? At the...more
On April 17, 2023, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) published a Proposed Rule to support reproductive health care privacy in the Federal Register. Through the...more
On March 22, 2023, the Health Resources and Services Administration (HRSA), an agency of the U.S. Department of Health and Human Services, launched the Organ Procurement and Transplantation Network Modernization Initiative...more
In August 2022, LastPass – one of the largest password managers in the world – suffered a cyber breach resulting in the theft of thousands of password vaults of both individual and corporate users. Password managers are an...more
On January 25, the Department of Veterans Affairs (VA) published a new final rule amending contractual provisions in the VA Acquisition Regulation (VAAR) to address data privacy, protection, and cybersecurity. The aim of the...more
If your management team and board of directors are not talking often about cyber liability and risk management, they will be soon. As a matter of both corporate and individual liability, recent enforcement makes it clear...more
For most companies, human resource departments handle one of their most valuable and sensitive information assets: the personal data of their employees and job candidates. While this dataset provides employers a goldmine of...more
On October 7, President Biden signed an Executive Order directing the federal government to implement U.S. commitments under the European Union-U.S. Data Privacy Framework (EU-U.S. DPF). The new Executive Order enhances...more
In mid-September, the Office of Management and Budget (OMB) released a memorandum requiring federal agencies to obtain attestation from software developers before running third-party software on government networks. Under...more
Earlier this week, the Federal Bureau of Investigation (FBI) published another notification alerting health care providers of increasing cyber threats to medical devices operating on unpatched or outdated devices. In its...more
In the wake of the Supreme Court's decision in Dobbs v. Jackson Women's Health Organization and the evolving legal patchwork now confronting both patients accessing reproductive health care and their health care providers,...more
Cyber whistleblowing is the newest and hottest area of exposure for organizations. All government contractors and grant recipients must develop an understanding of the use of the False Claims Act (FCA) to address...more
4/15/2022
/ Biden Administration ,
Civil Monetary Penalty ,
Compliance ,
Cyber Crimes ,
Cybersecurity ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Executive Orders ,
False Claims Act (FCA) ,
Federal Contractors ,
Federal Grants ,
Popular ,
Qui Tam ,
Risk Management ,
Whistleblowers