Latest Publications

Share:

The HIPAA “Wall of Shame” is Now Easier to Navigate

Last week, the HHS Office for Civil Rights (OCR) launched an improved version of their HIPAA Breach Reporting Tool (HBRT), commonly referred to by OCR and regulated entities alike as the HIPAA “Wall of Shame.” OCR has also...more

Ransomware Attack – Quick Facts

By now, you may have heard about the global ransomware attacks affecting health care and other organizations throughout the world, in particular the United Kingdom, but also in the United States. The ransomware variant,...more

WannaCry Ransomware Attack Updates — Europol Says “Patch Before Monday”

UPDATE: Europol chief Rob Wainwright told the BBC, “Companies need to make sure they have updated their systems and ‘patched where they should’ before staff arrives for work on Monday morning.” By now, you may have...more

Advice to Healthcare Providers on Ransomware from the Head of the FBI

On Wednesday, March 8, James B. Comey, Director of the FBI, was at Boston College to deliver the keynote address for the inaugural Boston Conference on Cyber Security (BCCS 2017). Director Comey addressed various industry,...more

The Newly Updated Common Rule is Here – And On a Collision Course With the 21st Century Cures Act

On January 18th, the U.S. Department of Health and Human Services (HHS) and 15 other federal agencies issued a final rule updating regulations for the protection of human research subjects, the so-called “Common Rule.” The...more

HHS Publishes Guidance on HIPAA and Cloud Computing

On October 7, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) published guidance to assist cloud service providers (CSPs) and their customers with HIPAA compliance. As discussed below,...more

“Your Money or Your PHI”: OCR Releases Guidance on Ransomware

On July 11, 2016, the Office for Civil Rights (OCR) released important new guidance on ransomware for hospitals and other healthcare providers and finally addressed the question of whether electronic protected health...more

NIH Signals “Paradigm Shift” with Policy on Multi-Site Studies

Federally-funded clinical trials conducted at multiple sites will move to a single Institutional Review Board (IRB) review scheme under a new National Institutes of Health (NIH) Policy. The NIH has finalized its policy to...more

6/24/2016  /  Clinical Trials , Federal Funding , IRB , NIH

CMS Proposes “Advancing Care Information” Program to Replace Meaningful Use

The Medicare Access and CHIP Reauthorization Act (MACRA) proposes a new approach, with new branding labels, to paying clinicians for the value and the quality of care that they provide by replacing a patchwork of existing...more

OCR Releases New HIPAA Audit Protocol and Other Audit-Related Materials

Earlier this month the Department of Health and Human Services Office for Civil Rights (OCR) released a revamped audit protocol that now addresses the requirements of the 2013 Omnibus Final Rule. OCR will be using the audit...more

State Data Security Breach Notification Laws - April 2016

The general definition of “personal information” used in the majority of statutes is: An individual’s first name or first initial and last name plus one or more of the following data elements: (i) Social Security number, (ii)...more

Ready or Not, It’s Time For Phase 2 HIPAA Audits

On March 21st, the HHS Office for Civil Rights (“OCR”) officially launched Phase 2 of the HIPAA Audit Program. Covered Entities and Business Associates need to be prepared for these audits and be on the lookout for emails...more

Don’t Neglect Your Business Associate Agreements!

As we have repeatedly emphasized on this blog, HIPAA Covered Entities must ensure that they have compliant business associate agreements (“BAAs”) in place with all of their business associates and must ensure that they have...more

HIPAA and Health Care Data Privacy – 2015 Year in Review

As the year winds down, we look back with a mixture of nostalgia and queasiness on the major Health Insurance Portability and Accountability Act (HIPAA) events that defined 2015. Incredibly large data breaches became...more

Data-Harvesting Zombie Hackers, Blood-Thirsty Auditors, and Other Reasons to be Scared on Halloween

This Halloween, the scariest monsters might not be in your closet or under your bed. They may be overseas, orchestrating intrusions into your electronic medical record. Or they may be lurking in your own workforce, carrying...more

Just in Time for the Phase II Audits: OIG Criticizes OCR’s Enforcement Efforts

As HIPAA-regulated entities anxiously await the commencement of the Phase II HIPAA audit program, the Office of the Inspector General (OIG) for the Department of Health and Human Services (HHS) has issued a report critical of...more

Exellus BlueCross BlueShield – Latest Victim of a “Sophisticated” Health Plan Cyberattack

Exellus BlueCross BlueShield has announced that the personal information of at least 10 million members has been compromised in a “very sophisticated” cyberattack that occurred on December 23, 2013 and was discovered by the...more

Drastic Changes Proposed for Clinical Research Rules

The U.S. Department of Health and Human Services (“HHS”) and fifteen other Federal Departments and Agencies have announced a proposal to update the Federal Policy for the Protection of Human Subjects known as the “Common...more

Data Breach Affects Millions of Current and Former Government Workers

The U.S. Office of Personnel Management (OPM) announced that hackers have stolen the personal information of approximately 4 million current and former federal employees, including names, birthdates and social security...more

MACRA’s Advancement of EHR Interoperability and Telehealth

This is the fourth and final post in our series on the Medicare Access and CHIP Reauthorization Act (MACRA). Pub.L. No. 114-10. We’ve previously covered the repeal of the Sustainable Growth Rate (SGR) in our April 20th post,...more

Could the Anthem Hack Happen Again? New Report Analyzes Insurers’ Cyber Security Programs

The New York State Department of Financial Services (the “Department”) recently released a “Report on Cyber Security in the Insurance Sector” (the “Report”). The Report was released on February 8, 2015, just four days after...more

Happy Data Privacy Day!

January 28th is Data Privacy Day. Given that privacy is the bedrock on which successful health care delivery is built, I would like to mark the occasion with a few thoughts for our health care industry clients and friends...more

1/28/2015

On the Tenth Day of Privacy, OCR Gave to Me…..

……………..a cumbersome C-A-P The U.S Department of Health and Human Services Office for Civil Rights has received tremendous publicity in recent years for its upward-trendingfines and aggressive enforcement of HIPAA...more

Cliff Notes from the Joint OCR/NIST HIPAA Security Conference

As a service to our readers, we have distilled last week’s joint HHS Office of Civil Rights (OCR) and National Institute of Standards in Technology (NIST) conference, “Safeguarding Health Information: Building Assurance...more

10/1/2014  /  Encryption , HHS , HIPAA , NIST , OCR , Risk Assessment , Training

Massive Data Breach Affects 4.5 Million Patients in 29 States

Community Health Systems, Inc. (the “Company”), one of the largest hospital organizations in the country, announced via a public filing (Form 8K) made yesterday with the Securities and Exchange Commission (“Report”) that the...more

50 Results
/
View per page
Page: of 2

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.