Breach Notification Rule Data Breach

News & Analysis as of

OCR to Focus More Investigative Resources on Smaller HIPAA Breaches with Less Than 500 Individuals Affected

The Department of Health & Human Services (DHHS) Office of Civil Rights (OCR) recently announced it will devote more resources to investigate smaller HIPAA breaches. Before this announcement, OCR typically opened...more

OCR to Investigate More HIPAA Breaches Affecting Fewer Than 500 Individuals

On August 18, 2016, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced plans to expand its investigations of reported breaches of the Health Insurance Portability and...more

HIPAA Phase 2 Audits: What Has OCR Requested from Auditees to Date?

In our April 8, 2016, advisory, we discussed the U.S. Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) “Phase 2” audit program. Then, we could only make educated guesses about what documents OCR...more

Smaller HIPAA Breaches To Get More Attention by Office for Civil Rights

The HIPAA breach notification rule has two buckets for classifying data breaches – those that involve “protected health information” (PHI) of 500 or more individuals and those that involve fewer than 500 individuals. Since...more

HSS Issues New Guidance on Ransomware Attacks Against HIPAA-Covered Entities

Ransomware attacks at hospitals and other healthcare facilities have dramatically increased over the last several years, putting healthcare providers in the uncomfortable position of having to consider paying thousands of...more

University of Mississippi to Pay $2.75 Million for Alleged HIPAA Violations

On July 21, 2016, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) announced a settlement with the University of Mississippi Medical Center (UMMC), stemming from a 2013 breach of...more

Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws

The US Department of Health and Human Services (HHS) has recently issued guidance under the Health Insurance Portability and Accountability Act (HIPAA) on what covered entities and business associates can do to prevent and...more

Advocate Health Care Network Agrees to Pay $5.55 Million to Settle Potential HIPAA Penalties

On August 4, 2016, the Office of Civil Rights (“OCR”) announced that Advocate Health Care Network (“Advocate”), Illinois’ largest fully-integrated health care system, has agreed to pay a record-breaking $5.55 million to...more

Largest Health & Human Services HIPAA Settlement Wake-Up Call for Covered Entities to Evaluate and Mitigate Risks

On Thursday, August 4, 2016, the U.S. Department of Health & Human Services, Office of Civil Rights (OCR) announced the largest settlement ever with a single entity for multiple potential Health Insurance Portability and...more

2.7 Million Dollar HIPAA Settlement

Last week, Oregon Health & Science University (“OHSU”) agreed to pay $2.7 million to resolve potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Security Rule, Privacy Rule, and...more

Unlocking the EU General Data Protection Regulation: A practical handbook on the EU's new data protection law: Chapter 11:...

Why does this topic matter to organisations? Under the GDPR, the concept of a "processor" does not change. Any entity that is a processor under the Directive likely continues to be a processor under the GDPR. However,...more

Unlocking the EU General Data Protection Regulation: A practical handbook on the EU's new data protection law: Chapter 10:...

Why does this topic matter to organisations? Each time an organisation processes personal data, it will do so as either a controller or a processor. These roles bear different responsibilities. Therefore, it is...more

HHS OCR Guidance on Ransomware Attacks: They Constitute a “Security Incident” and Are Likely a Data Breach

On July 11, 2016, the HHS Office of Civil Rights (OCR) released guidance on HIPAA covered entities’ responsibilities in a ransomware attack, a type of cyber-attack that has targeted the health care sector extensively in...more

HHS: Ransomware Attacks Likely HIPAA Breaches In Absence of Encryption

On July 11, 2016, the U.S. Department of Health & Human Services (HHS) issued a Fact Sheet that provides guidance on (i) how HIPAA Security Rule compliance can assist health care organizations combat ransomware attacks, and...more

OCR Begins HIPAA Phase 2 Audits

What covered entities and business associates can do to prepare for the next round of audits. On July 11, the HIPAA Phase 2 audits commenced when 167 covered entities received notice of a desk audit from the Department...more

Check Your Desk: HIPAA Audits for Covered Entities Have Arrived

The Office of Civil Rights (OCR) of the Department of Health and Human Services has moved forward with Phase 2 of its Health Insurance Portability and Accountability Act of 1996 (HIPAA) audit program. On Monday, July 11,...more

“Your Money or Your PHI”: OCR Releases Guidance on Ransomware

On July 11, 2016, the Office for Civil Rights (OCR) released important new guidance on ransomware for hospitals and other healthcare providers and finally addressed the question of whether electronic protected health...more

Data Breach Incident Response: 5 Questions to Ask and New Laws to Know Now

The spring legislative sessions this year brought a now-familiar round of revisions to data breach notification laws, with states broadening their laws in often divergent ways. This year, Illinois, Nebraska, and Tennessee...more

Six Myths of Breach Response

Data breach has, unfortunately, become a fact of life. Practically every corporation has experienced some sort of security incident, although most have avoided (to their knowledge) significant network intrusions and loss or...more

Nebraska and Illinois Update Breach Notice Requirements

The data breach notification laws for Nebraska and Illinois have been updated to expand the definition of “personal information” to include usernames and email addresses in combination with a password or security question...more

Retail and Consumer Products Law Roundup - June 2016

President Signs Legislation Modernizing Federal Chemical Regulation Law - Overhaul of Toxic Substances Control Act (TSCA) has important business implications for consumer product manufacturers and retailers. ...more

Illinois Joins the Fray: Strengthens its Laws Around Data Breach Notification and Data Security

Sophisticated phishing scams and muscular hacking efforts continue to compromise personal and sensitive information held by insurers, hospital systems, and businesses large and small. In response, many states have...more

The Paper Trail: The Potential Data-Breach Sitting in your Printer

In April 2016, the sensitive personal medical information of NFL players was stolen from the car of a trainer who had left the files in a backpack in his locked car. In 2014, Safeway, Inc. settled charges brought by the...more

Tennessee Legislature Amends Data Breach Notification Statute - Encryption is No Longer an Automatic Safe Harbor

On March 24, 2016, Governor Haslam signed S.B. 2005 which amends Tennessee's data breach notice statute. The amended statute will go into effect on July 1, 2016. The new Tennessee breach notice requirements are triggered by...more

Insurers Face Increasing Data Breach Notice Obligations

Earlier this year, the National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force proposed a comprehensive model law that covers, among other things, data security breach reporting. The model law...more

251 Results
|
View per page
Page: of 11
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×