Privacy Series: HIPAA Breaches - When It Is, and When It Is Not a Breach
Compliance Perspective: What's New in Healthcare Privacy
The Office of the New York State Attorney General announced on August 13 that Letitia James, along with the Attorneys General of Connecticut and New Jersey, fined Enzo Biochem, Inc. $4.5 million for failing to adequately...more
Looking for compliance education and networking in your area? SCCE & HCCA’s Regional Compliance & Ethics Conferences bring compliance practitioners from all disciplines together for convenient, local compliance education....more
GoodRx Faces Million Dollar Proposed Penalty from FTC in First Enforcement Action Under the Health Breach Notification Rule - Settlement reveals views on application of unfairness authority to sharing of sensitive...more
The Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) recently submitted two annual reports to Congress setting forth a summary of complaints and breaches reported to the OCR during...more
General and specialty compliance training from the comfort of your home or office! HCCA’s Regional Healthcare Compliance Conferences provide practitioners with virtual compliance training that includes updates on the...more
Cyberattacks against healthcare providers accounted for 79% of all reported data breaches in 2020. (See here). The U.S. Department of Health and Human Services’ (HHS) Office of the Assistant Secretary for Preparedness and...more
SDNY Rejects Standing under “Increased Risk” Theory Where Data Not Targeted or Stolen - The Southern District of New York rejected a settlement that would have resolved a class action based on the unauthorized (and...more
On November 27, 2019 the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced a $2.175 million dollar settlement with a hospital system to resolve alleged violations of HIPAA’s Breach...more
After a quiet winter, the Department of Health and Human Services’ Office for Civil Rights (OCR) revived with the spring, issuing a set of frequently asked questions and two recent announcements. ...more
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services recently announced that 2018 was a significant year in Health Insurance Portability and Accountability Act (HIPAA) enforcement activity. ...more
On February 7, 2019, the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services published the resolution agreement for its final HIPAA settlement of 2018. ...more
Just before the new year, the Department of Health and Human Resources (HHS) released voluntary cybersecurity practices for health care organizations, which consists of a main document, two technical volumes, and resources...more
The health care industry is racing to adopt cutting-edge technology to provide patients with the best treatment possible at the lowest possible cost. ...more
In its July newsletter on cybersecurity, the Office for Civil Rights (OCR) released “Guidance on Disposing of Electronic Devices and Media,” which outlines the requirements health care providers and business associates have...more
In the age of electronic medical records and ransomware attacks, recent focus with regard to HIPAA compliance seems to be on electronic security. How are your electronic medical records stored? Do you require two-factor...more
The virtual world offers opportunities and obligations not found in nature. For a couple of years, my wife has followed the adventures of a bonded eagle couple, Liberty and Freedom, residing in the hills near Hanover,...more
Verizon recently issued its Protected Health Information (PHI) Data Breach Report, which is always an interesting read. Not surprisingly, Verizon’s report concludes that based upon analysis of 1,360 security incidents...more
For those familiar with the Shonda Rhimes juggernaut, Grey’s Anatomy, it is the story of surgical residents, fellows, and attending physicians as they work in the surgical wing of the fictional Grey Sloan Memorial Hospital....more
In its November newsletter, the Office for Civil Rights (OCR) made a great point that we are seeing in the industry—the risks associated with previous employees. According to its newsletter, entitled “Insider Threats and...more
According to a recent U.S. Government Interagency report, ransomware is the fastest growing malware threat, targeting users of all types. An incredible 51 percent of respondents in a January 2017 study by the Ponemon...more
More than 27 million patient records were affected by health care data breaches in 2016, according to a health care cybersecurity company. The cost associated with these breaches is staggering: an estimated $355 per stolen...more
Preventing unintended or unauthorized disclosure of protected health information is an ever-present goal of all covered entities and business associates. However, protective firewalls and electronic data security measures are...more
The Office for Civil Rights (OCR) recently released guidance entitled “My Entity Just Experienced a Cyber-attack! What Do We Do Now?” The Checklist is a practical tool for health care entities and outlines several steps to...more
The American Institute of CPAs (AICPA), has released a risk management reporting framework intended to "establish a common, underlying language for Cybersecurity risk management reporting — almost akin to US GAAP or IFRS...more