New HIPAA Final Rule: Key Changes to Reproductive Health Care Privacy - Thought Leaders in Health Law®
Podcast - Data Privacy and Tracking Technology Compliance
Medical Device Legal News with Sam Bernstein: Episode 10
AI Risks in Healthcare
Business Associates Here, There, and Everywhere: When Does Your Service Provider Really Need to Sign a HIPAA Business Associate Agreement?
Healthcare Privacy Walkthroughs
HIPAA Tips With Williams Mullen - Health Care Providers - Are You Ready for a Ransomware Attack?
Hybrid Workforces and Compliance with Sheila Limmroth
Privacy and Healthcare Business Associates with Isabella Porter
Podcast: Interoperability: The Provider Perspective - Diagnosing Health Care
HIPAA Tips With Williams Mullen - COVID Health Information and HIPAA – Do You Know the Rules?
Podcast–Interoperability: How Far We’ve Come and Where We’re Going - Diagnosing Health Care
State Law Privacy Video Series | Healthcare Entities and Health Data
Getting Personal—Wearable Devices, Data, and Compliance
AGG Talks: Technology - In the Balance: Interoperability and Security
Podcast: How Can Companies in the Health Care and Life Sciences Industries Strengthen Their Cybersecurity Posture? - Diagnosing Health Care
Nick Culbertson on Compliance Breaches in Healthcare
Privacy Series: HIPAA Breaches - When It Is, and When It Is Not a Breach
Podcast: Are Vaccine Passports the Key to Reopening? - Diagnosing Health Care
HIPPA: Privacy & Security and Potential Rule Changes
The HHS Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS) are notifying 946,801 people whose protected health information or other personally identifiable information...more
The Federal Trade Commission ("FTC") intends to "strengthen and modernize" the Health Breach Notification Rule with revamped and increased scrutiny on entities holding health information, including health apps, websites, and...more
The Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30,...more
On April 26, the Federal Trade Commission (FTC) approved its Final Rule revising the Health Breach Notification Rule (HBNR) (“Final Rule”) by a 3-2 vote. The HBNR requires vendors of personal health records (PHR) and related...more
HIPAA requires that covered entities notify the Office for Civil Rights (OCR) of any breaches of unsecured protected health information that affects less than 500 individuals in a calendar year within 60 days following the...more
Editor’s Note: On August 31, 2022, HaystackID shared an educational webcast on the topic of data mining in data breach incident response. As data mining has increasingly become one of the largest expenses during a cyber...more
HIPAA-covered entities should note the quickly approaching March 1, 2022 deadline for reporting breaches of unsecured protected health information that occurred in 2021 and involved fewer than 500 individuals. This article...more
Every year, we remind our readers that the HIPAA data breach notification regulations require covered entities to notify the Office for Civil Rights (OCR) of any reportable data breaches that involved fewer than 500...more
Report on Patient Privacy 19, no. 12 (December 2019) - Sentara Hospitals, a nonprofit group of 12 medical centers in Virginia and North Carolina, will implement a fairly minimal two-year corrective action plan (CAP) and...more
One health system recently learned the cost of relying too heavily on the HIPAA Breach Notification Rule’s “low probability of compromise” standard when it failed to notify all affected individuals and report the HIPAA breach...more
Don’t forget that the required end-of-the-year reporting of any small breaches of unsecured protected health information (PHI) that were discovered in 2018 is coming up. Under the Health Insurance Portability and...more
Conducting HIPAA Breach Risk Assessments - The HIPAA rules relating to assessment of potential patient confidentiality breaches were changed in 2013. Specifically, on January 17, 2013, the Office of Civil Rights released...more
The deadline to submit notice to the Department of Health and Human Services (HHS) of small HIPAA breaches (those that affected fewer than 500 individuals) discovered in calendar year 2017 is March 1, 2018....more
In the past several years, a huge increase has occurred in the number of electronic attacks in the United States using ransomware, a form of malware that targets and encrypts critical data and systems for the purpose of...more
Pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), covered entities (e.g. healthcare providers and health plans) must notify the Department of Health and Human Services (“HHS”) of breaches...more
Feb. 29, 2016, a/k/a Leap Day, is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health...more
Pursuant to HIPAA/HITECH, covered entities are required to report breaches of unsecured protected health information that occurred in 2015 and affected less than 500 individuals to the Office for Civil Rights no later than 60...more
HIPAA covered entities should note the looming February 29, 2016 reporting deadline for breaches of unsecured protected health information that occurred in 2015 and involved fewer than 500 individuals. This Alert provides a...more
HHS has finally issued its omnibus HITECH Rules. Our firm will issue a comprehensive summary of the rules shortly, but of immediate import is the change to the breach reporting harm threshold. The modification will make it...more
The breach notification interim final rule requires covered entities to submit to the Office for Civil Rights (OCR) notice of breaches of unsecured protected health information (PHI) (45 C.F.R. 164.408) by March 1, 2013....more