Data Protection Covered Entities

News & Analysis as of

OCR Releases HIPAA Guidance on Cloud Computing

On October 6, 2016, the Department of Health and Human Services Office for Civil Rights (OCR) released HIPAA guidance on cloud computing (Guidance). The Guidance is intended to help covered entities and business associates...more

GAO Study Slams HHS For Lack of Guidance to Covered Entities

We watch closely for any guidance to HIPAA covered entities and business associates from the Department of Health and Human Services Office for Civil Rights (HHS/OCR). Why? Because there is so little of it. Lately, the only...more

Best Practices for Safeguarding Protected Health Information in Inclement Weather

As the East Coast prepares for the arrival of Hurricane Matthew, covered entities and business associates should take the opportunity to remind their workforce members to safeguard protected health information (PHI) that is...more

The Cyber Regulation Drops

On September 13, 2016, Governor Andrew Cuomo announced the first proposed broadly applicable cyber regulation in the U.S. (the “Regulation”). The Regulation covers banks, insurance companies and other financial institutions...more

Privacy & Cybersecurity Update: New York State Proposes Cybersecurity Regulation for Financial Institutions

New York state has proposed a new regulation — to go into effect January 1, 2017 — that would require banks, insurance companies and other financial services institutions regulated by the New York State Department of...more

OCR Continues to Strengthen HIPAA Enforcement Efforts

The United States Department of Health and Human Services Office for Civil Rights ("OCR") sent a strong HIPAA enforcement message this summer, entering four resolution agreements, including the highest financial settlement to...more

OCR to Increase Efforts to Investigate Breaches Affecting Fewer Than 500 Individuals

The Department of Health and Human Services Office for Civil Rights (OCR) is the federal agency tasked with investigating data breaches involving protected health information (PHI) under the Health Insurance Portability and...more

BYOD Risks under HIPAA – Does Your HIPAA Compliance Program Adequately Address the Ever Increasing Use of Portable Electronic...

Many U.S. employers are now allowing employees to use their own personal handheld devices and laptop computers for work-related purposes. As the age of employer-provided devices is coming to an end and “bring your own device”...more

Just a Matter of Time: First-Ever Settlement of HIPAA Claims Against a Business Associate

On June 30, 2016, the Health and Human Services Office for Civil Rights (OCR) announced the first-ever settlement of Health Insurance Portability and Accountability Act (HIPAA) claims against a business associate. According...more

OCR Warns of HIPAA Risks in Third-Party Apps

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently issued a warning regarding vulnerabilities in third-party applications used by entities covered by HIPAA. The OCR warning applies...more

PHI on the Cloud and White Label Covered Entities: HIPAA Challenges for Telemedicine Providers

Both telemedicine providers and technology companies that serve the telehealth industry face some unique and sometimes complicated challenges dealing with HIPAA, especially as it relates to the storage, transmission, and use...more

New York Department of Financial Services Sets Forth Extensive Cybersecurity Regulatory Framework Proposal

On November 9, 2015, the New York State Department of Financial Services (NYDFS) issued a letter to the members of the Financial and Banking Information Infrastructure Committee (FBIIC) detailing a new cybersecurity framework...more

HIPAA and Text Messaging

Text messaging is pervasive. Doctors and other health care providers, covered entities, and business associates currently use (and embrace) the technology. Texting is easy, fast and efficient. It doesn’t require a laptop...more

Data-Harvesting Zombie Hackers, Blood-Thirsty Auditors, and Other Reasons to be Scared on Halloween

This Halloween, the scariest monsters might not be in your closet or under your bed. They may be overseas, orchestrating intrusions into your electronic medical record. Or they may be lurking in your own workforce, carrying...more

HHS’ Selection of Contractor Provides Latest Update on Impending Second Round of HIPAA Audits

On October 27, 2015, a U.S. Department of Health and Human Services (“HHS”) official stated that the agency has hired FCi Federal, a provider of management and professional services to government agencies in Ashburn, VA, to...more

Alphabet Soup and Data Security

In the span of two days, mobile device users learned of two data breaches that could compromise their personal data. In one, Experian (a credit reporting agency) reported that it was hacked, potentially putting 15 million...more

Privacy, Security, Risk: What You Missed At IAPP Conference

Earlier this month, privacy and security professionals from around the globe gathered for “Privacy. Security. Risk. 2015”—the second joint conference between the International Association of Privacy Professionals and the...more

OIG Reports Insufficient Oversight Of HIPAA Compliance

The HHS Office for Civil Rights (OCR) must improve its oversight and enforcement of patient information privacy and security rules by “covered entities” and their business associates under the Health Information Portability...more

Is Your HIPAA Compliance Program Ready for the FTC?

Everyone in healthcare knows that the next round of HIPAA audits is coming. Covered entities and business associates have long been advised to review and update their HIPAA security risk analyses, have business associate...more

SEC Ramps up Cybersecurity Scrutiny With Examination Priorities and an Enforcement Action

Why it matters - Signaling that it will continue to increase its scrutiny of firms' cybersecurity readiness, the Office of Compliance, Inspections and Examinations of the Securities and Exchange Commission (SEC) issued a...more

OCR announces launch of Phase 2 of HIPAA audits

Although the Office for Civil Rights (OCR) has indicated in the past that it would start its next round of HIPAA audits, apparently it means business now. In the wake of an Inspector General report that the OCR was merely...more

Blog: HHS To Launch New HIPAA Audits in Early 2016 in Response to OIG Reports

The Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) issued two reports yesterday calling for the HHS Office of Civil Rights (OCR) to strengthen its Health Insurance Portability and...more

Cure of Security Rule Violations Following Breach of EPHI Cannot Save Covered Entities from $750,000 Settlement; Non-Breach...

More than three years after the Cancer Care Group, P.C. (“CCG”) notified the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) of a breach of unsecured electronic protected health...more

Recent Enforcement Shows the Importance of Encrypting Mobile Devices Containing Protected Health Information

With headlines every day announcing another release of Protected Health Information (PHI), providers are asking themselves – is there a way to protect against these breaches? Beyond improving the security of large...more

Alert: Digital Advertising Alliance Begins Enforcing Mobile Privacy Rules

On September 1, 2015, the Digital Advertising Alliance ("DAA") began enforcing the application of its Self-Regulatory Principles for Online Behavioral Advertising and Multi-Site Data (the "OBA Principles", the "MSD...more

96 Results
View per page
Page: of 4
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.