News & Analysis as of

Data Protection Dept. of Health and Human Services

HHS OCR Resumes HIPAA Enforcement Action Announcements: Four New Settlements and Penalties Totaling More than $5 million in a One...

by Arnall Golden Gregory LLP on

After a pause of nearly two months, the Department of Health and Human Services Office of Civil Rights (HHS OCR) has resumed its announcement of settlements for alleged HIPAA violations, with four new settlement agreements...more

Public Still Must be Kept Private under HIPAA

by Davis Wright Tremaine LLP on

A not-for-profit health care system recently agreed to pay the Department of Health and Human Services (HHS) $2.4 million as part of a settlement over potential Health Insurance Portability and Accountability Act (HIPAA)...more

First HIPAA Settlement Involving a Wireless Health Services Provider

by Saul Ewing LLP on

?On April 24, 2017, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that CardioNet, Inc. (CNI) agreed to pay $2.5 million and enter into a Corrective Action Plan (CAP) to settle...more

Lessons Gleaned From Recent HIPAA Settlements: An Ounce of Prevention is Worth a Pound of Cure: How Recent OCR Enforcement...

by McGuireWoods LLP on

HIPAA enforcement has been on the rise during the last several years, and the dollar impact of those settlements has continued to grow significantly. The Department of Health and Human Services, Office of Civil Rights (OCR)...more

HIPAA Enforcement Update (October 2016 – January 2017)

by Locke Lord LLP on

Since October 2016, the Department of Health and Human Services, Office for Civil Rights (OCR) announced four settlement agreements to resolve allegations of Health Insurance Portability and Accountability Act (HIPAA)...more

Key HIPAA Settlement Agreements by HHS’s Office for Civil Rights in 2015 & 2016

by LeClairRyan on

The last time this blog presented an overview of key HIPAA settlement agreements at the Office for Civil Rights in the U.S. Department of Health and Human Services was a review of 2014. The number of complaints that year had...more

HIPAA Breach? Notify Promptly or Face Significant Potential Fines from HHS OCR

by Arnall Golden Gregory LLP on

On January 9, 2017, the Department of Health and Human Services Office of Civil Rights (HHS OCR), which enforces the privacy requirements contained in Health Insurance Portability and Accountability Act (HIPAA), announced a...more

Breach of Privacy Prompts Breach of Etiquette: DHHS Sets New Precedent in Privacy Breach Enforcement

by Faegre Baker Daniels on

On January 9, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) took action against a health system for non-timely reporting of a breach of protected health information. It was the first...more

Health Care Institutions

by K&L Gates LLP on

Originally published in Haig, Business and Commercial Litigation in Federal Courts, Fourth Edition §§ 87:1 et seq. © 2016 American Bar Association. This chapter discusses federal court litigation relating to health care...more

No Phishing: OCR Warns of Phishing Attempts Disguised as Official HIPAA Audit Program Emails

by Davis Wright Tremaine LLP on

What’s worse than receiving an email indicating that you have been selected for an audit by your favorite government regulator? Clicking on a link in the email and discovering that it is a phishing attack that has just...more

New FTC Data Breach Response Guidelines

by Robins Kaplan LLP on

Cybersecurity should always be at the top of any retailer’s priority list—and even more so as the holiday shopping season gets underway. To that end, the Federal Trade Commission’s newly-released Data Breach Response...more

OCR Issues Alert Regarding Phishing Email Disguised as Official OCR Audit Communication

by BakerHostetler on

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published an alert on Nov. 28 describing a phishing email being circulated on mock HHS departmental letterhead under the signature of OCR...more

HHS OCR Alert: Phishing Email Disguised as Official OCR Audit Communication

This alert just in from HHS OCR: “It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels. This email appears to...more

OCR Warns of Phishing Campaign Disguised as Official OCR Communication

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published an alert on Monday describing a phishing campaign disguised as an email from OCR. The email is being circulated on mock HHS...more

GAO Report Criticizes HHS’ HIPAA Cybersecurity Guidance and Program

by BakerHostetler on

Recently, the Government Accountability Office (GAO) reviewed the U.S. Department of Health and Human Services’ (HHS) security and privacy oversight and identified significant gaps in the cybersecurity guidance provided by...more

Cloud Service Providers Beware, You May Be Subject to HIPAA Without Knowing It

by BakerHostetler on

The use of cloud service providers has exploded in the past several years. According to estimates from Gartner, the market for cloud services is expected to reach $204 billion in 2016. But the use of cloud service providers...more

HHS Designates Cloud Service Providers as Business Associates Under HIPAA

by Ballard Spahr LLP on

Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more

Confusing Joint Guidance published by OCR and FTC on HIPAA Authorization Forms

There are arguments that there is a dearth of guidance by both the Office for Civil Rights (OCR) and Federal Trade Commission (FTC), so when guidance comes out, we listen. But the most recent guidance jointly issued by the...more

HHS Publishes New Guidance on HIPAA and Cloud Computing

by Stinson Leonard Street on

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued a new guidance regarding HIPAA compliance and the use of cloud computing solutions. The guidance is intended to assist covered entities...more

GAO Study Slams HHS For Lack of Guidance to Covered Entities

We watch closely for any guidance to HIPAA covered entities and business associates from the Department of Health and Human Services Office for Civil Rights (HHS/OCR). Why? Because there is so little of it. Lately, the only...more

Small-Breach Focus Shows Growing Scope Of HIPAA Probes

by Ropes & Gray LLP on

Flexing yet more enforcement muscle under the Health Insurance Portability and Accountability Act, on Aug. 18, 2016, the U.S. Department of Health and Human Services Office for Civil Rights announced that it will more widely...more

Healthcare Compliance: Juggling Risk Mitigation Strategies

by Michael Volkov on

Healthcare organizations – ranging from physician practice groups to large, multi-state hospital systems – face a variety of risks, including fraud and abuse, as well as HIPAA privacy issues. Starting from a baseline risk...more

OCR to Increase Efforts to Investigate Breaches Affecting Fewer Than 500 Individuals

by BakerHostetler on

The Department of Health and Human Services Office for Civil Rights (OCR) is the federal agency tasked with investigating data breaches involving protected health information (PHI) under the Health Insurance Portability and...more

Illinois Revises Data Privacy Statute

by Franczek Radelet P.C. on

Earlier this year, Illinois enacted a number of changes to the Illinois Personal Information Protection Act (“PIPA”). The amendments to PIPA, among other things, expand the definition of personal information subject to...more

Cybersecurity in life sciences: what is your duty of care?

by Allen & Overy LLP on

Cybersecurity continues to be headline-grabbing news, particularly following recent reports of high-profile cyber attacks on a number of major well-known corporations. Conscious of their fiduciary duties, boardrooms of global...more

183 Results
|
View per page
Page: of 8
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
Feedback? Tell us what you think of the new jdsupra.com!