Regulatory vs. Business Compliance
Fintech Focus Podcast | Navigating IT and Security Risks in Fintechs in Light of Impending DORA Deadline
On-Demand Webinar: Bring Predictability to the Spiraling Cost of Cyber Incident Response Data Mining
Episode 347 -- LRN's Code of Conduct Survey
Workplace Investigation Protocols: One-on-One with Greg Keating
The Election's Impact on the FTC Will Bring Big Changes, But Being Vigilant Must Remain a Priority
Harnessing Generative AI: Innovations and Best Practices — The Good Bot Podcast
Innovation in Compliance: Navigating Risk Management in the Automotive Industry with Tom Kline
Effective Compliance Training
Compliance Tip of the Day: Board Questions and Metrics for 3rd Party Risk Management
AI Washing: Simple Guidance to Avoid Risk
Webinar ¦ Benefits of Using AI in Construction
The Future of AI Regulation and Legislation: 5 Key Takeaways
Episode 342 -- How to Conduct an Internal Compliance Site Visit and Review
Why Privacy is Your Secret Weapon Against Third-Party Risk
Due Diligence in AI: 3 things you need to survive AI scrutiny
Enhancing Compliance: The Power of Independent Monitorships in Consumer Protection — Regulatory Oversight Podcast
Investigations and Cognitive Interviews
Consumer Finance Monitor Podcast Episode: Regulators Escalate Focus on the Risks of Bank Relationships with Fintechs and Other Third Parties
Fraud Prevention Techniques for Nonprofit Organizations - Part 3
2024 was a record year for cyberattacks in the healthcare sector. According to the Breach Portal maintained by the U.S. Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”), to date this year, there...more
In 1998, the Office of Inspector General (“OIG”) for the U.S. Department of Health and Human Services began issuing voluntary, compliance program guidance for various segments of the healthcare industry. Recently, the OIG has...more
A healthcare provider delivering pain management services in Florida and other states faces a $1.19 million civil monetary penalty from the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR)....more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on December 3 that it imposed a $1.19 million penalty on Gulf Coast Pain Consultants, a pain management practice in Florida, following...more
On October 23-24, 2024, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) Information Technology Laboratory hosted the Safeguarding...more
Our Health Care and Privacy, Cyber & Data Strategy Groups cover an upcoming proposed rule from U.S. Health and Human Services (HHS) that would formalize cybersecurity requirements and allow the Office for Civil Rights (OCR)...more
Ransomware attacks are a growing threat in the health care sector due to the value of personal health information (PHI). In addition to being expensive, these attacks can cripple health care operations, delay patient care,...more
The HHS Office for Civil Rights (OCR) has abandoned its appeal of a federal judge’s ruling overturning OCR’s guidance prohibiting covered entities (CEs) and business associates (BAs) from using the web-tracking technologies...more
The OIG, the nation’s leader in fighting fraud, waste and abuse of Medicare, Medicaid and other HHS programs, periodically publishes reports on how federal healthcare programs could improve....more
On July 1, 2024, the HHS Office of Civil Rights (OCR) announced that Pennsylvania-based healthcare system, Heritage Valley Health System (Heritage Valley), has agreed to pay $950,000 to settle potential violations of the...more
In today’s digital age, securing sensitive healthcare data is paramount. With the rise in cyber threats targeting healthcare organizations, the Department of Health and Human Services (HHS) has taken proactive steps to...more
Health care entities maintain compliance programs in order to comply with the myriad changing laws and regulations that apply to the health care industry. Although laws and regulations specific to the use of artificial...more
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently published an executive summary (Report) outlining key enforcement activities of the Health Insurance Portability and...more
Cyberattacks and data incidents are rapidly increasing, and third-party services companies are a frequent source of exposure for healthcare providers. Healthcare is a prime target for cybercriminals, with ransomware and...more
Welcome to Vital Signs, a curated compilation of the latest legal and regulatory developments in digital health. Our lead article reports on HHS' recent final rule on the confidentiality of substance use disorder patient...more
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
On February 14, 2024, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) issued two reports to Congress as required by the Health Information Technology for Economic and Clinical Health...more
The Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently announced a settlement under the Health Insurance Portability and Accountability Act (HIPAA) with Green Ridge Behavioral Health, LLC...more
The number of large data breaches, those involving 500 or more people, exposing protected health information has increased exponentially in the last few years, and ransomware and hacking are the primary cyber threats in...more
On February 6, the U.S. Department of Health and Human Services (HHS) announced a $4.75 million settlement with Montefiore Medical Center (MMC) for a breach of unsecured electronic protected health information (ePHI). The...more
On February 14, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published a new, final version of their guidance for...more
The HHS Office for Civil Rights (OCR) and other government agencies aren’t just worried that providers understand—and mitigate—the privacy and security risks of telehealth. In fact, in 2022, the Government Accountability...more
In late October, the U.S. Department of Health and Human Services (HHS) reached a settlement agreement with a medical management company based in Massachusetts over alleged HIPAA violations. Under the settlement terms, the...more
Phishing has long been a favorite tactic for threat actors (hackers) to commence a cyberattack. The rapid expansion of more adaptable and available artificial intelligence (AI) technologies, such as natural language...more
Is your organization a business associate? You could be subject to enforcement action if you fail to protect health information within your control from ransomware attacks. In October, for the first time, the U.S....more