Brian Cesaratto on Risk Management

Proposed HIPAA Security Rule Updates May Significantly Impact Covered Entities and Business Associates

As we noted in our previous blog here, on January 6, 2025, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) published a Notice of Proposed Rulemaking (NPRM) proposing substantial revisions...more

3/5/2025 / Business Associates , Cybersecurity , Data Privacy , Data Security , HIPAA Security Rule , OCR , Proposed Rules , Risk Management

California’s AI Revolution: Proposed CPPA Regulations Target Automated Decision Making

On November 8, 2024, the California Privacy Protection Agency (the “Agency” or the “CPPA”) Board met to discuss and commence formal rulemaking on several regulatory subjects, including California Consumer Privacy Act (“CCPA”)...more

3/3/2025 / Artificial Intelligence , Automated Systems , California Consumer Privacy Act (CCPA) , Consumer Privacy Rights , Data Privacy , Data Protection , Privacy Laws , Regulatory Requirements , Risk Management , State Privacy Laws

Proposed Modernization of the HIPAA Security Rules

The HIPAA Security Rule was originally promulgated over 20 years ago. While it historically provided an important regulatory floor for securing electronic protected health information, the Security Rule’s lack of...more

1/31/2025 / Cybersecurity , Data Privacy , Data Protection , Data Security , Electronic Protected Health Information (ePHI) , Health Insurance Portability and Accountability Act (HIPAA) , Healthcare , HIPAA Security Rule , NIST , Patient Privacy Rights , PHI , Proposed Rules , Risk Management

Recent Developments in Health Care Cybersecurity and Oversight: 2024 Wrap Up and 2025 Outlook

As Cyberattacks targeting the health care sector have continued to intensify over the past year, including ransomware attacks that have resulted in major data breaches impacting health care organizations, the protection of...more

1/16/2025 / Compliance , Covered Entities , Cybersecurity , Data Breach , Data Privacy , Health Insurance Portability and Accountability Act (HIPAA) , Healthcare , OCR , OIG , Regulatory Requirements , Risk Management

Cybersecurity in the Age of the COVID-19 Remote Worker and Beyond

Many more millions of employees have been working remotely as a result of the devastating COVID-19 virus than ever before. There is likely no going back....more

5/8/2020 / Coronavirus/COVID-19 , Cybersecurity , Data Protection , Popular , Remote Working , Risk Management , Telecommuting

The New York State “Stop Hacks and Improve Electronic Data Security Act” (SHIELD Act) Becomes Effective March 21, 2020: Is Your...

Time is running out. The effective date of New York’s cybersecurity law mandating that organizations implement an information security program to protect “private information” of New York State residents, including employee...more

2/6/2020 / Cybersecurity , Data Management , Data Protection , Data Security , Gramm-Leach-Blilely Act , Hackers , Health Insurance Portability and Accountability Act (HIPAA) , Information Technology , New Legislation , NYDFS , Personal Data , Personally Identifiable Information , Risk Management , Security Standards , SHIELD Act , State and Local Government , State Data Breach Notification Statutes

Take 5 Newsletter - November 2017

Five Issues in Focus for Financial Services - For this edition of the Take 5 for financial services, we focus on a number of very well-publicized issues. The tidal wave of sexual harassment allegations that followed the...more

11/29/2017 / Employer Liability Issues , Executive Compensation , Financial Services Industry , Hiring & Firing , Human Resources Professionals , Pay Gap , Pay Ratio , Political Speech , Risk Management , Salary/Wage History , Sexual Harassment , Trade Secrets

Brian Cesaratto

Epstein Becker & Green

Popular Topics by This Author

Latest Posts › Risk Management