The Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30,...more
7/2/2024
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Breach Notification Rule ,
Patient Privacy Rights ,
PHI ,
Popular ,
Reporting Requirements
Imagine you are a corporate Human Resources/Total Rewards leader who receives a request from a state’s law enforcement agency for health plan records about a plan participant’s abortions or other reproductive health care. How...more
6/4/2024
/ Abortion ,
Employee Benefits ,
Employee Privacy Rights ,
Employer Group Health Plans ,
Employer Liability Issues ,
Final Rules ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Privacy Rule ,
PHI ,
Popular ,
Reproductive Healthcare Issues
It is critical for employers and plan fiduciaries/administrators to stay informed of HIPAA privacy and security-related legal developments because most employer sponsored group health plans — regardless of the employer’s...more
5/23/2024
/ Department of Health and Human Services (HHS) ,
Dobbs v. Jackson Women’s Health Organization ,
Employee Benefits ,
Employer Group Health Plans ,
Final Rules ,
Health Care Providers ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Privacy Rule ,
OCR ,
PHI ,
Popular ,
Reproductive Healthcare Issues
With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity...more
12/21/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Violations ,
OCR ,
Phishing Scams ,
Popular ,
Ransomware ,
Regulatory Oversight ,
Regulatory Requirements ,
Vulnerability Assessments
Direct-to-consumer health and wellness applications are forewarned: the Federal Trade Commission (FTC) is proposing changes to the Health Breach Notification Rule (HBNR), 16 C.F.R. part 318, that, if finalized, would cement...more
6/9/2023
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Federal Trade Commission (FTC) ,
Health Information Technologies ,
Healthcare ,
Mobile Health Apps ,
Patient Privacy Rights ,
Policy Statement ,
Popular ,
Regulatory Agenda ,
Regulatory Reform
The Supreme Court’s landmark decision in Dobbs v. Jackson Women’s Health Organization represents a sea-change in Constitutional law that has already impacted our country in multiple ways. By overruling Roe v. Wade (1973)...more
8/19/2022
/ Abortion ,
Dobbs v. Jackson Women’s Health Organization ,
EMTALA ,
Health Care Providers ,
Healthcare ,
New Guidance ,
Patient Access ,
Popular ,
Pregnancy ,
Reproductive Healthcare Issues ,
Roe v Wade ,
SCOTUS
Companies that make ransomware payments, whether they be the victim of a ransomware attack or entities that facilitate such payments, should review the updated advisory issued by U.S. Department of the Treasury's Office of...more
9/28/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Economic Sanctions ,
Financial Institutions ,
Hackers ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
Risk-Based Approaches ,
SDN List
In response to a recent General Accounting Office (GAO) report recommending federal guidance to mitigate cybersecurity risks in retirement plans and to respond to ever-increasing cyber threats to plan participant data and...more
4/16/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
Department of Labor (DOL) ,
EBSA ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Fiduciary ,
GAO ,
Investment Management ,
Popular ,
Retirement Plan ,
Risk Mitigation
The New York Department of Financial Services ("NYDFS") recently released its Cyber Insurance Risk Framework (the “Framework”), which provides best practices for managing cyber insurance risk....more
2/25/2021
/ Commercial Insurance Policies ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
Personally Identifiable Information ,
Popular ,
Risk Management
Healthcare providers are under siege, not only from the COVID-19 pandemic, but also from cyber criminals. Following reports of targeted email phishing attempts, the FBI issued a FLASH alert warning healthcare providers on...more
Nonprofit organizations often collect personal information from a variety of sources such as donors, employees, volunteers, and the people who benefit from their services. This information is diverse and might include credit...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) kicked off the holiday season by publishing a settlement agreement under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)...more
The U.S. Department of Health and Human Services Office for Civil Rights (HHS) recently announced that it has reached an agreement with a small pharmacy to resolve potential HIPAA violations. The settlement arose from the...more
Healthcare providers and businesses that store or process protected health information ("PHI") face increased scrutiny and significant fines for data privacy breaches and security lapses in the coming months....more