No human instinct is as ingrained as the desire to defend oneself against unjust criticism. But that instinct must be tamed where personal health information is involved. A Connecticut medical practice has just learned that...more
HIPAA was enacted in 1996. In the years since, most healthcare entities have adapted to the major requirements imposed by HIPAA, HITECH, and the Privacy and Security Rules. Nevertheless, the thicket of regulations still...more
Apparently prompted by the recent high-profile wave of ransomware attacks, the Department of Health and Human Services’ Office of Civil Rights (OCR) has reminded hospitals, healthcare systems, and other covered entities and...more
We have previously written that the Internet of Things continues to spawn new cybersecurity and privacy concerns. These vulnerabilities have already served as plot devices for shows such as Homeland. Now, the U.S. Department...more
The Department of Health and Human Services’ Office of Civil Rights (OCR) has issued guidelines for HIPAA-covered entities that utilize cloud computing in processing electronic protected health information (ePHI). The...more
In a presidential election year, Americans are often reminded that “As Ohio goes, so goes the nation.” When it comes to banks, insurers and financial institutions, it may be equally true to say “As goes New York, so goes the...more
A recently publicized settlement with the Office of Civil Rights of the U.S. Department of Health and Human Services highlights that it is not only important to have a HIPAA-compliant form of business associate agreement...more