New HIPAA Final Rule: Key Changes to Reproductive Health Care Privacy - Thought Leaders in Health Law®
Navigating the Labyrinth of Private Equity Investments in Health Care – Diagnosing Health Care
HHS Office for Civil Rights Director Melanie Fontes Rainer on Progress and News at OCR
ERISA Blog | Changes to the HIPAA Privacy Rules A Primer for Self-Insured Group Health Plans
Hospice Insights Podcast - A Refresh: What’s New in the New OIG General Compliance Program Guidance
The Presumption of Innocence Podcast: Special Edition | Episode 36 - Rolling Change: The DEA Turns Over a New Leaf on Marijuana Scheduling
Understanding the HHS OIG’s General Compliance Program Guidance
OMG. . .The OIG is at it Again
The FTC's Health Privacy Enforcement Actions
Medical Device Legal News with Sam Bernstein: Episode 19
Episode 303 --- Deep Dive into the HHS-OIG Compliance Program Guidance
Counsel That Cares - The Private Payer's Perspective on Value-Based Care
Medical Device Legal News with Sam Bernstein: Episode 17
Podcast - Data Privacy and Tracking Technology Compliance
Podcast - A Conversation on Cannabis: Are Challenges or Changes Coming?
Episode 280 -- Healthcare Compliance and Fraud
Heed Caution: Takeaways From the OIG's Advance Care Planning Report
2023 Human Resources Outlook Podcast Series: EMEA
Telehealth Risk Report: What the Government Found
UPIC Report Card: The OIG’s Evaluation of the UPICs Provides Insight Into the Future of Hospice Audits
One of our recent posts discussed the uptick in AI risks reported in SEC filings, as analyzed by Arize AI. There, we highlighted the importance of strong governance for mitigating some of these risks, but we didn’t address...more
Shortly after our prior blog post discussing the need for healthcare entities to shore up protections against phishing attacks, the Department of Health and Human Services (HHS) and the Federal Bureau of Investigation (FBI)...more
Phishing, the act of impersonating a person or business to deceive a target into revealing sensitive information, has quickly become the tool of choice for scammers and cybercriminals. In 2023, the Federal Bureau of...more
Phishing has long been a favorite tactic for threat actors (hackers) to commence a cyberattack. The rapid expansion of more adaptable and available artificial intelligence (AI) technologies, such as natural language...more
With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity...more
Happy Holidays! The December Monthly Minute includes a fiduciary checkup reminder and a look at HHS’ recent settlement stemming from a phishing attack that impacted ePHI of nearly 35,000 individuals....more
On December 7, 2023, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced its first-ever settlement involving a phishing attack under the Health Insurance Portability and...more
On October 18, 2023, the Department of Health and Human Services (DHHS) through the Office for Civil Rights (OCR) issued an update1 containing two resource documents to help educate patients regarding privacy and security...more
Data breaches come in many different forms, sizes, and levels of complexity, but they tend to share certain key facts: A third-party bad actor—whether through a phishing attack, a ransomware attack, exploitation of a zero-day...more
The systems healthcare providers use to provide safe and reliable patient care, and their confidential patient information, provide attractive targets for hackers using ransomware to extort payment....more
Report on Patient Privacy 22, no. 8 (August, 2022) - The Department of Justice (DOJ) seized around $500,000 in Bitcoin ransom paid by two health care organizations in Kansas and Colorado to North Korean ransomware actors...more
Ransomware is the “business pandemic.” Warnings have been issued by multiple agencies around the world to alert businesses to increase their protection and awareness. Most recently, the Department of Health and Human...more
Report on Patient Privacy 22, no. 3 (March, 2022) - HHS said in early March that it was not aware of any specific threat to U.S. health care organizations stemming from the Russian invasion of Ukraine. “However, in the...more
The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) recently issued a report entitled “Electronic Medical Records in Healthcare” that discussed security risks applicable to...more
In a recent Press Release dated December 15, 2021, the Office of the Attorney General for the State of New Jersey (the “N.J. Attorney General’s Office”) announced the settlement, via consent order, of alleged HIPAA violations...more
Report on Research Compliance 18, no. 9 (September, 2021) - A former Harvard Medical School and Massachusetts General Hospital (MGH) researcher who was the principal investigator on a 2014 NIH award of $939,495.27 and...more
Report on Patient Privacy 21, no. 4 (April 2021) - A Texas Medicaid subcontractor has been terminated after a data breach caused by a ransomware attack originating from Russia exposed the personal information of tens of...more
This week the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released a Joint Cybersecurity Advisory warning of...more
The OCR has announced a surprising number of HIPAA settlements in the past few months with penalties ranging from $10,000 to $6.5 million. Here are some of the key takeaways for healthcare providers: 1. Protect against...more
The third HIPAA settlement to be announced by the U.S. Department of Health and Human Services within one week was a big one. On September 25, HHS announced that Premera Blue Cross agreed to pay $6.85 million to HHS’s Office...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently warned healthcare providers and organizations about a new phishing scam that targets HIPAA Compliance Officers. Postcards are being...more
The COVID-19 pandemic has had a disparate effect on privacy regulators, with varying levels of enforcement advocated by different government entities; the California Attorney General, the U.S. Department of Health & Human...more
Report on Research Compliance 17, no. 5 (May 2020) - Cybercriminals are “sending malicious phishing emails that appear to be from trusted federal agencies,” such as HHS, in order to “steal sensitive data,” warned Michael...more
Risk Management Question - What precautions can law firms, along with their lawyers and staff, take when they receive an unexpected request for protected health information (PHI) from someone claiming to be a...more
In the midst of the coronavirus pandemic, hackers are capitalizing on fears surrounding the outbreak by crafting COVID-19-themed attacks aimed to infect computers with malware or obtain sensitive, personal information....more