There is no question that COVID-19 has brought unprecedented change to our world. The temporary relaxation of HIPAA's requirements is one of many examples of the government's efforts to address the public's health care needs...more
3/24/2020
/ Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
OCR ,
Public Health Emergency ,
Relief Measures ,
Telehealth ,
Telemedicine ,
Waivers
On March 16 and 17, the United States Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced limited waivers of penalties and sanctions with respect to certain HIPAA requirements due to the...more
On March 9, 2020, the U.S. Department of Health and Human Services (HHS) finalized two sets of regulations that are intended to increase patients' access to health data. As explained by HHS Secretary Alex M. Azar, "These...more
As organizations prepare for certain contingency work arrangements in response to the coronavirus (COVID-19) outbreak, companies must also focus attention on ensuring appropriate cyber hygiene. ...more
2020 OCIE Priorities -
On January 7, 2020, the Securities Exchange Commission's (SEC) Office of Compliance Inspections and Examination (OCIE) released its "2020 Examination Priorities," which included a focus on...more
Cybersecurity attacks represent a real threat to our national security and the defense industrial base. To combat these threats, the Department of Defense (DoD) recently released Cybersecurity Maturity Model Certification...more
Happy Data Privacy Day! Today, January 28, is a day to raise awareness, foster dialogue, and empower companies to act to ensure proper privacy (and security) of all types of data and information....more
Health care providers should take heed of the $10,000 settlement announced on October 2, 2019 between the U.S. Department of Health and Human Service (HHS) Office for Civil Rights (OCR) and a small dental practice based on...more
11/20/2019
/ Covered Entities ,
Dentists ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Online Reviews ,
Penalties ,
PHI ,
Physicians ,
Prior Authorization ,
Settlement ,
Unauthorized Disclosure ,
Yelp
October was National Cyber Security Awareness Month and, as its parting gift, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the Office of the National Coordinator for Health...more
In early July, a global hospitality company announced in a U.S. Securities and Exchange Commission (SEC) filing that it had been fined more than $124 million (more than £99 million) by the United Kingdom's Information...more
Organizations and their legal departments continue to deal with the repercussions of email compromises. Regardless of whether your organization is considering migration of email services to Microsoft Office 365 (O365) or...more
Effective December 2018, the Federal Energy Regulatory Commission (FERC) approved supply chain risk management Reliability Standards (Order No. 850) that require all utilities to develop and implement a security controls plan...more
On Friday, December 28, 2018, the Department of Health and Human Services (HHS) released several documents, including the "Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients," an...more
On the day before the U.S. Department of Health and Human Services, Office of the National Coordinator for Health Information Technology (ONC) Annual Meeting in Washington, D.C., the ONC released its draft Strategy on...more
Does your company qualify as a "data broker"? You may be surprised by the answer and as of January 1, 2019 your company may be subject to a new Vermont law governing such entities....more
The HHS Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) released an updated Security Risk Assessment (SRA) Tool this week. All covered entities and business...more
10/19/2018
/ Business Associates ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Duty to Update ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
ONC ,
Popular ,
Risk Mitigation ,
Security Risk Assessments
After a confusing month of contradicting guidance, the Centers for Medicare & Medicaid Services (CMS) issued a memorandum clarifying its position regarding the use of text messaging with patient information between providers....more
A recently unsealed qui tam action further demonstrates the growing focus on the propriety of incentive payments made under Medicare and Medicaid's Electronic Health Records (EHR) Incentive Programs. Health care providers...more
A multi-year discovery dispute regarding the adverse medical incident reports of a Jacksonville, Florida hospital concluded on October 2, 2017 when the United States Supreme Court denied a petition for a writ of certiorari in...more
11/13/2017
/ Appeals ,
Data Collection ,
Data Reporting ,
Discovery Disputes ,
FL Supreme Court ,
Health Care Providers ,
Healthcare Facilities ,
Hospitals ,
Medical Errors ,
Medical Malpractice ,
Medical Records ,
Motion to Compel ,
Patient Safety ,
Peer Review ,
Petition for Writ of Certiorari ,
Reporting Requirements ,
Reversal ,
SCOTUS ,
State and Local Government ,
Work-Product Doctrine
States continue to amend their Data Protection and Breach Notification Requirements. Maryland and Delaware are the most recent states to pass legislation designed to bring additional precision to an organization's...more
Regardless of whether you have experienced any disruptions to date, you cannot ignore the major global cybersecurity attack that continues to plague organizations. A particularly destructive piece of malicious software, the...more
New York Attorney General Eric T. Schneiderman announced on Friday that the AG's office reached settlements with three mobile application developers who marketed their apps without possessing sufficient information to back up...more
On November 22, 2016, the University of Massachusetts Amherst (UMass) agreed to pay $650,000 and enter into a corrective action plan to settle allegations that it violated the HIPAA Privacy and Security Rules in connection...more
Ransomware, a specialized form of malware used for extortion attempts, has been around the internet for more than a decade but now, because of a rash of recent attacks, has moved to the forefront as the most problematic cyber...more
On April 14, 2016 the European Parliament approved the European Union General Data Protection Regulation (GDPR), which replaces the EU Data Protection Directive (95/46/EC), the privacy law originally established in 1995. The...more