When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more
On March 3, 2020, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announced a $100,000 settlement and corrective action plan with Steven A. Porter, M.D. to resolve potential...more
On May 24, 2019, the Department of Health and Human Services Office for Civil Rights (OCR) issued a new fact sheet which lists the provisions of the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (HIPAA)...more
In a development that may – understandably – have been overlooked by many heading into Memorial Day weekend, on May 24, 2019, the Health and Human Service’s (HHS) Office for Civil Rights (OCR) issued a Fact Sheet on Direct...more
Purpose and Practicality - The HIPAA Security Rule was designed to protect the confidentiality, integrity, and availability of a patient’s protected health information (PHI) while allowing flexibility for each covered...more
The HIPAA Security Rule requires covered entities and business associates to implement physical, administrative, and technical safeguards to protect protected health information (PHI). The U.S. Department of Health and Human...more
I have negotiated hundreds of SaaS agreements for dozens of software companies and I always hated when the company on the other side was a healthcare provider. Invariably, they would bring up Protected Health Information...more
The use of cloud service providers has exploded in the past several years. According to estimates from Gartner, the market for cloud services is expected to reach $204 billion in 2016. But the use of cloud service providers...more
Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued a new guidance regarding HIPAA compliance and the use of cloud computing solutions. The guidance is intended to assist covered entities...more
Many U.S. employers are now allowing employees to use their own personal handheld devices and laptop computers for work-related purposes. As the age of employer-provided devices is coming to an end and “bring your own device”...more
The HHS Office for Civil Rights (OCR) must improve its oversight and enforcement of patient information privacy and security rules by “covered entities” and their business associates under the Health Information Portability...more
On May 7, 2015, the Ponemon Institute released its Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data (the “Study”), which surveyed 90 HIPAA covered entities and 88 business associates regarding their...more
The Office of Civil RIghts (“OCR”) recently announced that Phase 2 of the HIPAA audits would be further delayed because the audit portals and project management tools that are needed to initiate the audit process are not...more
We welcome this guest blog by Gene Fry, Compliance Officer, Scrypt, Inc. The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. This means that any...more
The delivery of health care – and payment for that care – is a complex endeavor, and health care providers and health plans rely on third parties to help them operate as businesses and fulfill their responsibilities to...more
If you haven’t yet caught up with the new HIPAA Omnibus Rule and its consequences for those businesses who are not themselves healthcare providers, but are service providers to healthcare entities (and even further downstream...more
The Health Insurance Portability and Accountability Act omnibus regulations recently released by the U.S. Department of Health and Human Services have significant ramifications for business associates and subcontractors of...more
Changes to the HIPAA Security Rule Background: The HIPAA Security Rule protects electronic PHI by requiring Covered Entities to implement certain administrative, physical, and technical safeguards surrounding...more
On January 25, 2013, the Department of Health and Human Services (HHS) published the highly anticipated Health Insurance Portability and Accountability Act (HIPAA) Omnibus Final Rule (the “Final Rule”). The Final Rule...more
On January 17, 2013, the Office of Civil Rights of the U.S. Department of Health and Human Services (HHS) announced the omnibus final rulemaking (Omnibus Rule). According to HHS, this Omnibus Rule is needed to strengthen...more
The Department of Health and Human Services, Office for Civil Rights (OCR) has posted on its website sample business associate agreement provisions to help covered entities and business associates comply with the new business...more
Modifications to the rules require action by group health plan sponsors and their vendors, including revisions to policies and procedures and new privacy notices. On January 17, the Office for Civil Rights of the U.S....more
On January 18, 2013, nearly four years after the passage of the HITECH Act and its amendments to HIPAA, and nearly three years after it proposed regulatory amendments, the U.S. Department of Health and Human Services (“HHS”)...more
Originally published in Health IT Law & Industry Report, on January 23, 2013. On Jan. 17, 2013, the Office for Civil Rights of the U.S. Department of Health and Human Services (‘‘HHS’’) issued a long-awaited omnibus rule...more