Medical Device Legal News with Sam Bernstein: Episode 10
Drafting Consumer Breach Notices — From a Litigation Perspective - Unauthorized Access Podcast
IP|Trend: Dust up After the Breach
Hot Topics Roundtable for Fund Managers - Cybersecurity, Valuation, and More
Who will notify the potentially millions of individuals whose information might have been jeopardized by the massive cyberattack on Change Healthcare? Since the affiliate of UnitedHealth Group (UHG) first reported the...more
After months of uncertainty and multiple letters from industry associations advocating on behalf of the healthcare industry with the U.S. Department of Health and Human Service (HHS) Office for Civil Rights (OCR), covered...more
The HIPAA Privacy, Security, and Breach Notification Rules apply to healthcare providers who engage in certain electronic transactions, healthcare clearinghouses, and health plans, including employee group health plans with...more
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently published an executive summary (Report) outlining key enforcement activities of the Health Insurance Portability and...more
On Feb. 16, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published its 2022 Annual Report to Congress. ...more
A new HHS Final Rule overhauls the federal Part 2 regulations on the confidentiality of substance use disorder (SUD) records. Our Heath Care Health Care and Privacy, Cyber & Data Strategy Groups unpack how the changes will...more
For healthcare providers and health systems covered by the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), a breach of unsecured protected health information (PHI)...more
On June 30, 2023, Mount Desert Island Hospital (“MDIH”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that an unauthorized party had gained...more
Privacy Briefs: June 2023 - Long-term care pharmacy network PharMerica disclosed a breach involving more than 5.8 million patients, making it the largest breach reported to the HHS Office for Civil Rights (OCR) in the last...more
Halloween or HIPAA: Which is Scarier? HIPAA and the Pandemic - Telehealth: - On Friday, March 20, 2020, OCR announced it will “exercise its enforcement discretion and will not impose penalties for noncompliance with...more
Recently, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), the agency enforcing the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach...more
Dive into a broad spectrum of topics affecting healthcare organizations. Explore the latest laws, regulations, and developments to help you effectively manage your organization’s privacy compliance program. Our Academies are...more
The worldwide COVID-19 pandemic visited on America in the past several months has quickly reinvigorated the foundational and important debate concerning where, in a free society, individual autonomy ends (or should end) and...more
On March 20, 2020 OCR released a Frequently Asked Questions list to help further clarify its March 17th Waiver. In the FAQ, OCR clarifies that the waiver not only allows providers to utilize platforms that do not comply with...more
One health system recently learned the cost of relying too heavily on the HIPAA Breach Notification Rule’s “low probability of compromise” standard when it failed to notify all affected individuals and report the HIPAA breach...more
On November 27, 2019 the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced a $2.175 million dollar settlement with a hospital system to resolve alleged violations of HIPAA’s Breach...more
March 1, 2019 is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health information that were...more
Last week, the Office for Civil Rights (OCR) announced that it had reached a settlement with a contract physician group based in Florida to resolve potential HIPAA violations relating to the sharing of protected health...more
Covered entities, including employer sponsored health plans, should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights...more
The Department of Health and Human Services’ Office of Civil Rights (OCR) recently published a checklist to guide HIPAA-covered entities and business associates through an appropriate response to a ransomware or cybersecurity...more
Following the frequent and varied ransomware attacks on health care entities over the past few years, the Office for Civil Rights (OCR) published guidance last summer to the health care industry reminding it that a ransomware...more
The Center for Children’s Digestive Health (CCDH), a small, for-profit pediatric subspecialty practice that operates seven clinics in the Chicago area, has paid the U.S. Department of Health and Human Services, Office for...more
Although it is not a new requirement, it is important and therefore worth a reminder: HIPAA requires covered entities to establish and implement written policies and procedures that are consistent with its Privacy and...more
In the past several years, a huge increase has occurred in the number of electronic attacks in the United States using ransomware, a form of malware that targets and encrypts critical data and systems for the purpose of...more
March 1, 2017 is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health information that were...more