News & Analysis as of

OCR announces launch of Phase 2 of HIPAA audits

Although the Office for Civil Rights (OCR) has indicated in the past that it would start its next round of HIPAA audits, apparently it means business now. In the wake of an Inspector General report that the OCR was merely...more

Comment period extended for NIST Cybersecurity Practice Guide

The National Institute of Standards and Technology has announced that due to stakeholder feed-back, the period to submit comments for the draft guide, “Securing Electronic Health Records on Mobile Devices” has been extended...more

Blog: HHS To Launch New HIPAA Audits in Early 2016 in Response to OIG Reports

The Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) issued two reports yesterday calling for the HHS Office of Civil Rights (OCR) to strengthen its Health Insurance Portability and...more

What's So Great About an Information Security Policy?

Lawyers and compliance professionals constantly tout the importance of internal information security policies, particularly in light of data privacy problems that are reported almost daily in the media. Admittedly, drafting...more

Evolving Litigation of Data Breach Claims

An Illinois circuit court judge has dismissed five of six claims in a consolidated class action against Advocate Health and Hospital Corporation arising from a data breach in July 2013. The judge’s dismissal with prejudice...more

Cure of Security Rule Violations Following Breach of EPHI Cannot Save Covered Entities from $750,000 Settlement; Non-Breach...

More than three years after the Cancer Care Group, P.C. (“CCG”) notified the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) of a breach of unsecured electronic protected health...more

Recent Enforcement Shows the Importance of Encrypting Mobile Devices Containing Protected Health Information

With headlines every day announcing another release of Protected Health Information (PHI), providers are asking themselves – is there a way to protect against these breaches? Beyond improving the security of large...more

How to Avoid and Respond to a Cybersecurity Breach

In light of numerous recent data breaches, cybersecurity has emerged as an issue impacting organizations ranging from the local hardware store to the largest multi-national firms in the world. In short, no industry is immune...more

OCR Enters into $750,000 Settlement with Physician Practice for HIPAA Violations

On September 2, the Department of Health and Human Services Office of Civil Rights (OCR) announced a settlement with Cancer Care Group, P.C., a thirteen-physician oncology practice in Indiana related to violations of the...more

Data Breach Response Planning: Laying the Right Foundation

Part of Bradley Arant’s Privacy and Information Security Team’s seven-part Data Breach Toolkit Webinar Series, the “Data Breach Response Planning: Laying the Right Foundation” webinar, led by Paige Boshell and Amy Leopard,...more

OCR settlement reiterates importance of proactive security rule compliance

On September 2, 2015, the U.S. Department of Health & Human Services (HHS) announced that Cancer Care Group, P.C. (CCG), a physician practice located in Indiana, agreed to pay $750,000 as part of a settlement to resolve...more

Time for a HIPAA Security Check-Up!

The 2015 HIPAA Security conference held by the National Institute of Standards and Technology (“NIST”) and the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) kicked off last week with OCR’s...more

[Webinar] Mobile Device Management for Health Care Organizations and Vendors - Sept. 10th, 10:00am PDT

In this webinar, we will demystify the HIPAA Security Rule and how to apply the administrative, physical, and technical safeguards in a mobile environment. We will discuss key takeaways from the recently released NIST Draft...more

Security Frameworks 101: Which is Right for my Organization?

These days information security is on the minds of virtually all technology professionals and business executives alike. But how does an organization ensure that their security profile is adequate. It can certainly help to...more

Back to School – HIPAA 101

After a summer that saw major data breaches at the Office of Personnel Management and UCLA Health System, this fall is a great time to take your organization back to school on HIPAA compliance and data security. Here are...more

Under the Thumb: Regulatory Compliance When Outsourcing Cybersecurity Management

Managed security services are often a natural “add-on” when outsourcing IT services given that data protection is integral to application development, software as a service, and cloud storage, among other services. More...more

Corridors September 2015 - News for North Carolina Hospitals

This article will provide an outline of some of the most significant points for hospitals to use when confronted with a formal government investigation under the Criminal or Civil False Claims Act. As noted below, you should...more

New Potential Liability for Data Security: U.S. Court of Appeals for the Third Circuit Announces FTC has Authority to Scrutinize a...

The U.S. Court of Appeals for the Third Circuit announced that the Federal Trade Commission (FTC) has the authority to scrutinize a business’s data security protocol -- and to file a complaint if the FTC finds that protocol...more

Seventh Circuit rules hospital system is not a Consumer Reporting Agency under FCRA

Is a hospital a “consumer reporting agency”? Can a health care provider be liable under the Fair Credit Reporting Act (FCRA) in the event of a data breach? The Seventh Circuit Court of Appeals recently considered these...more

New NIST Guide Advises Healthcare Companies on Securing Patient Health Information on Mobile Devices

In response to a growing demand for cybersecurity guidance in the health care industry, the National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence, recently published a...more

HHS issues fact sheet on HIPAA rules and resources

The Department of Health and Human Services (HHS) has released a fact sheet on the privacy, security, and breach notification rules of the Health Insurance Portability and Accountability Act (HIPAA). Designed to apply to...more

Are You the Next Cybercrime Target?

How valuable is your data? If you store personally identifiable information, such as Social Security numbers, protected health information under HIPAA, and even more mundane information such as dates of birth and e-mail...more

Doing Business With the State of Connecticut: A Guide to Data Privacy and Security Requirements

Doing business with Connecticut’s state government requires individuals, businesses and other entities to comply with numerous legal, regulatory and contractual requirements. Among these obligations are some of the nation’s...more

Oregon Amends Data Breach Law — Companies Can Expect More Enforcement Actions

Oregon Gov. Kate Brown recently signed into law amendments to the state’s data breach law. These amendments recognize the growing definition of data, expand the role of the Attorney General in addressing data breaches,...more

With No Federal Law in Sight, States Continue to Refine Their Own Data Privacy Laws

With no Congressional consensus to adopt a federal data privacy and breach notification statute, states are updating and refining their already-existing laws to enact more stringent requirements for companies. Two states...more

299 Results
View per page
Page: of 12

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.