Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
The Cybersecurity and Infrastructure Agency (CISA) is seeking comment on a proposed rule to implement reporting requirements for critical infrastructure entities, including health care entities, on cyberattacks and ransomware...more
Health care entities maintain compliance programs in order to comply with the myriad changing laws and regulations that apply to the health care industry. Although laws and regulations specific to the use of artificial...more
Healthcare organizations continue to be prime targets of cyberattacks. It is well-established that cyberattacks can lead to financial loss, reputational damage, and, in some cases, risks to patient care and safety. The recent...more
As previously reported in this blog, on Dec. 6, 2023, the Department of Health and Human Services (HHS or the Department) released a “concept paper,” which laid out its vision of future action regarding healthcare...more
A recently introduced bill in the Florida Legislature would provide businesses operating in Florida, including health care providers, with a legal defense to data breach lawsuits if they maintain robust cybersecurity measures...more
Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more
On March 8, the Department of Health and Human Services (HHS) released a cybersecurity implementation guide to assist public and private health care sectors prevent cybersecurity incidents. The Cybersecurity Framework...more
As a Halloween treat for HIPAA-covered entities and business associates, on October 31, the Department of Health and Human Services Office for Civil Rights (OCR) released a new video on its YouTube channel, in which senior...more
Hear about the latest in research compliance - Do you want to learn… - How to prepare for upcoming changes in Medicaid? - Ways to build and maintain a better research compliance work plan for your program? - How...more
An amendment to the Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law on Jan. 5, 2021, directing U.S. Health and Human Services (HHS) to consider "recognized security practices"...more
• The U.S. Department of Health and Human Services on Dec. 28, 2018, announced the release of the "Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients" that provides a "Call to Action" to make...more
On December 28, 2018, the Department of Health and Human Services (HHS) issued new voluntary cybersecurity guidance for the health care industry titled, “Health Industry Cybersecurity Practices: Managing Threats and...more
The Food & Drug Administration has recently released for comment a draft expansion of guidance regarding Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. Although the FDA issued existing...more
Earlier this week, I moderated a panel discussion at an event hosted by the New York chapter of the Health Information and Management Systems Society (HIMSS). The panel was comprised of private sector health information...more
Unbeknownst to many, Congress established the Health Care Industry Cybersecurity Task Force in 2015 to address the health care industry’s cybersecurity challenges. That Task Force–a combination of public and private...more
On July 22, the National Cybersecurity Center of Excellence (“NCCoE”), a U.S. government organization formed in 2012 within the National Institute of Standards and Technology (“NIST”), released a draft Cybersecurity Practice...more
With health care breaches constantly on the rise, increasing access to electronic health records (EHRs) from mobile devices, and more prevalent “shadow” cloud use, health care organizations are getting a bit of help from the...more