News & Analysis as of

Risk Management Health Insurance Portability and Accountability Act (HIPAA) Department of Health and Human Services (HHS)

Ropes & Gray LLP

A Flurry of Healthcare Sector Cybersecurity Regulatory Developments in 2024

Ropes & Gray LLP on

2024 was a record year for cyberattacks in the healthcare sector. According to the Breach Portal maintained by the U.S. Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”), to date this year, there...more

Arnall Golden Gregory LLP

OIG Updates Compliance Guidance for Nursing Facilities

In 1998, the Office of Inspector General (“OIG”) for the U.S. Department of Health and Human Services began issuing voluntary, compliance program guidance for various segments of the healthcare industry. Recently, the OIG has...more

Jackson Lewis P.C.

Florida Healthcare Provider Faces $1.19M HIPAA Penalty Following Independent Contractor Breach

Jackson Lewis P.C. on

A healthcare provider delivering pain management services in Florida and other states faces a $1.19 million civil monetary penalty from the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR)....more

Rivkin Radler LLP

Million Dollar Penalty Imposed on Pain Management Practice Following HIPAA Breach

Rivkin Radler LLP on

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on December 3 that it imposed a $1.19 million penalty on Gulf Coast Pain Consultants, a pain management practice in Florida, following...more

BakerHostetler

6 Important Takeaways for HIPAA Covered Entities and Business Associates from 2024 NIST HHS OCR Conference

BakerHostetler on

On October 23-24, 2024, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) Information Technology Laboratory hosted the Safeguarding...more

Alston & Bird

Coming This December: Will Health Care Entities Be Unwrapping New HIPAA Security Rules for the Holidays?

Alston & Bird on

Our Health Care and Privacy, Cyber & Data Strategy Groups cover an upcoming proposed rule from U.S. Health and Human Services (HHS) that would formalize cybersecurity requirements and allow the Office for Civil Rights (OCR)...more

Williams Mullen

Ransomware Hat Trick: OCR Scores Three Major Enforcement Actions in 2024

Williams Mullen on

Ransomware attacks are a growing threat in the health care sector due to the value of personal health information (PHI). In addition to being expensive, these attacks can cripple health care operations, delay patient care,...more

Health Care Compliance Association (HCCA)

HHS Abandons Appeal in Public Website Pixel Case, But CEs and BAs Should Expect Continued Scrutiny

The HHS Office for Civil Rights (OCR) has abandoned its appeal of a federal judge’s ruling overturning OCR’s guidance prohibiting covered entities (CEs) and business associates (BAs) from using the web-tracking technologies...more

BakerHostetler

Looking in the Mirror: HHS OIG Audit Demonstrates HHS Agency’s Own Need for Focus on Cloud Security

BakerHostetler on

The OIG, the nation’s leader in fighting fraud, waste and abuse of Medicare, Medicaid and other HHS programs, periodically publishes reports on how federal healthcare programs could improve....more

King & Spalding

OCR Settles Alleged HIPAA Violations for $950,000 Following 2017 Ransomware Attack

King & Spalding on

On July 1, 2024, the HHS Office of Civil Rights (OCR) announced that Pennsylvania-based healthcare system, Heritage Valley Health System (Heritage Valley), has agreed to pay $950,000 to settle potential violations of the...more

Epiq

Healthcare Organizations Can Meet New HHS Cybersecurity Goals with the Help of Tabletop Exercises

Epiq on

In today’s digital age, securing sensitive healthcare data is paramount. With the rise in cyber threats targeting healthcare organizations, the Department of Health and Human Services (HHS) has taken proactive steps to...more

Robinson+Cole Health Law Diagnosis

Forecasting the Integration of AI into Health Care Compliance Programs

Health care entities maintain compliance programs in order to comply with the myriad changing laws and regulations that apply to the health care industry. Although laws and regulations specific to the use of artificial...more

Benesch

Annual Report to Congress on Breaches of Unsecured Protected Health Information

Benesch on

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently published an executive summary (Report) outlining key enforcement activities of the Health Insurance Portability and...more

Arnall Golden Gregory LLP

Responding to a Third-Party Data Breach: Practical Legal and Compliance Steps

Cyberattacks and data incidents are rapidly increasing, and third-party services companies are a frequent source of exposure for healthcare providers. Healthcare is a prime target for cybercriminals, with ransomware and...more

Jones Day

Vital Signs: Digital Health Law Update | Winter 2024

Jones Day on

Welcome to Vital Signs, a curated compilation of the latest legal and regulatory developments in digital health. Our lead article reports on HHS' recent final rule on the confidentiality of substance use disorder patient...more

Clark Hill PLC

Right To Know - March 2024, Vol. 15

Clark Hill PLC on

Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more

Saul Ewing LLP

HHS OCR Issues Its Most Recent HIPAA Annual Report and a Second Ransomware Settlement

Saul Ewing LLP on

On February 14, 2024, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) issued two reports to Congress as required by the Health Information Technology for Economic and Clinical Health...more

Paul Hastings LLP

HHS’ Civil Rights Office Reaches Second-Ever Ransomware Settlement

Paul Hastings LLP on

The Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently announced a settlement under the Health Insurance Portability and Accountability Act (HIPAA) with Green Ridge Behavioral Health, LLC...more

Paul Hastings LLP

Data Breaches Exposing Protected Health Information Are Surging

Paul Hastings LLP on

The number of large data breaches, those involving 500 or more people, exposing protected health information has increased exponentially in the last few years, and ransomware and hacking are the primary cyber threats in...more

Rivkin Radler LLP

Montefiore Medical Center Settles HIPAA Breach for $4.75 Million

Rivkin Radler LLP on

On February 6, the U.S. Department of Health and Human Services (HHS) announced a $4.75 million settlement with Montefiore Medical Center (MMC) for a breach of unsecured electronic protected health information (ePHI). The...more

Ogletree, Deakins, Nash, Smoak & Stewart,...

Federal Regulators Unveil Revised Final Guidance for Healthcare Cybersecurity and HIPAA Compliance

On February 14, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published a new, final version of their guidance for...more

Health Care Compliance Association (HCCA)

‘An Unknown Individual Walked In’: Protecting Against Telehealth Risks Includes Non-IT Threats

The HHS Office for Civil Rights (OCR) and other government agencies aren’t just worried that providers understand—and mitigate—the privacy and security risks of telehealth. In fact, in 2022, the Government Accountability...more

Hall Benefits Law

HHS Issues First Settlement for HIPAA Violations Related to a Ransomware Attack

Hall Benefits Law on

In late October, the U.S. Department of Health and Human Services (HHS) reached a settlement agreement with a medical management company based in Massachusetts over alleged HIPAA violations. Under the settlement terms, the...more

Jackson Lewis P.C.

AI, Phishing Attacks, Healthcare, and a $480,000 OCR Settlement under HIPAA

Jackson Lewis P.C. on

Phishing has long been a favorite tactic for threat actors (hackers) to commence a cyberattack. The rapid expansion of more adaptable and available artificial intelligence (AI) technologies, such as natural language...more

Brooks Pierce

Business Associate Victim of Ransomware Attack Pays $100,000 to HHS OCR

Brooks Pierce on

Is your organization a business associate? You could be subject to enforcement action if you fail to protect health information within your control from ransomware attacks. In October, for the first time, the U.S....more

79 Results
 / 
View per page
Page: of 4

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide