News & Analysis as of

HIPAA Enforcement Update (October 2016 – January 2017)

Since October 2016, the Department of Health and Human Services, Office for Civil Rights (OCR) announced four settlement agreements to resolve allegations of Health Insurance Portability and Accountability Act (HIPAA)...more

New Year, New Rules – The 2017 Illinois Personal Information Protection Act

On January 1, 2017, Illinois ushered in a broader and stronger personal information and data breach regime. The Illinois Personal Information Act (PIPA), 815 ILCS § 530, applies any entity that “handles, collects,...more

Key HIPAA Settlement Agreements by HHS’s Office for Civil Rights in 2015 & 2016

The last time this blog presented an overview of key HIPAA settlement agreements at the Office for Civil Rights in the U.S. Department of Health and Human Services was a review of 2014. The number of complaints that year had...more

Happy Data Privacy Day! A Few Tips from the MVA Privacy and Data Security Group

Saturday January 28, 2017 is Data Privacy Day. The Moore & Van Allen Privacy and Data Security group took a break from the pre-holiday revelries to put together some thoughts and tips for DataPoints. So hoist a glass and...more

HIPAA Breach? Notify Promptly or Face Significant Potential Fines from HHS OCR

On January 9, 2017, the Department of Health and Human Services Office of Civil Rights (HHS OCR), which enforces the privacy requirements contained in Health Insurance Portability and Accountability Act (HIPAA), announced a...more

“Primed” to Read about Data Privacy? The Sedona Conference Has a New Primer for You: eDiscovery Best Practices

The proliferation of data in our society today makes the task of protecting sensitive and private data more challenging than ever. Without a doubt, privacy and data protection laws have evolved quite a bit over the past...more

Breach of Privacy Prompts Breach of Etiquette: DHHS Sets New Precedent in Privacy Breach Enforcement

On January 9, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) took action against a health system for non-timely reporting of a breach of protected health information. It was the first...more

Health Care Institutions

Originally published in Haig, Business and Commercial Litigation in Federal Courts, Fourth Edition §§ 87:1 et seq. © 2016 American Bar Association. This chapter discusses federal court litigation relating to health care...more

Do You Know Where Your Data Is Located? Why Knowing is Half the Battle

Whether you realize it or not, you are probably storing some personal or business data in the cloud. The National Institute of Standards and Technology (NIST) defines cloud computing as a model for enabling ubiquitous,...more

No Phishing: OCR Warns of Phishing Attempts Disguised as Official HIPAA Audit Program Emails

What’s worse than receiving an email indicating that you have been selected for an audit by your favorite government regulator? Clicking on a link in the email and discovering that it is a phishing attack that has just...more

Health-chising: Starting-up a Health Care Franchise

In recent years, health care franchises have grown at a rapid pace. Yet, it is worth noting that franchising is not a new concept to the health care industry. Health care franchise systems have been around for decades and...more

2016 Breach Roundup, Part I: U.S. State Data Breach Notification Laws Highlights and Trends

In many respects, 2016 has been a remarkable year, but one constant with recent history is that multiple states (six this year) amended their breach notification statutes. As is commonly stated, the U.S. ...more

FTC Publishes Data Breach Response Guidelines

Whether resulting from a planned cyberattack or mere carelessness, data breaches are on the rise. In 2015, 781 data breaches were reported across the United States, with the average breach costing $3.8 million. In 2016, the...more

OCR Issues Alert Regarding Phishing Email Disguised as Official OCR Audit Communication

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published an alert on Nov. 28 describing a phishing email being circulated on mock HHS departmental letterhead under the signature of OCR...more

HHS OCR Alert: Phishing Email Disguised as Official OCR Audit Communication

This alert just in from HHS OCR: “It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels. This email appears to...more

OCR Warns of Phishing Campaign Disguised as Official OCR Communication

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published an alert on Monday describing a phishing campaign disguised as an email from OCR. The email is being circulated on mock HHS...more

GAO Report Criticizes HHS’ HIPAA Cybersecurity Guidance and Program

Recently, the Government Accountability Office (GAO) reviewed the U.S. Department of Health and Human Services’ (HHS) security and privacy oversight and identified significant gaps in the cybersecurity guidance provided by...more

Cloud Service Providers Beware, You May Be Subject to HIPAA Without Knowing It

The use of cloud service providers has exploded in the past several years. According to estimates from Gartner, the market for cloud services is expected to reach $204 billion in 2016. But the use of cloud service providers...more

HHS Designates Cloud Service Providers as Business Associates Under HIPAA

Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more

Confusing Joint Guidance published by OCR and FTC on HIPAA Authorization Forms

There are arguments that there is a dearth of guidance by both the Office for Civil Rights (OCR) and Federal Trade Commission (FTC), so when guidance comes out, we listen. But the most recent guidance jointly issued by the...more

HHS Publishes New Guidance on HIPAA and Cloud Computing

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued a new guidance regarding HIPAA compliance and the use of cloud computing solutions. The guidance is intended to assist covered entities...more

Fenwick Privacy Bulletin - Fall 2016

Privacy Shield – An Early Reflection - EU law generally prohibits the transfer of personal data from the European Economic Area to the U.S., unless the transfer is made in accordance with an authorized data transfer...more

OCR Releases HIPAA Guidance on Cloud Computing

On October 6, 2016, the Department of Health and Human Services Office for Civil Rights (OCR) released HIPAA guidance on cloud computing (Guidance). The Guidance is intended to help covered entities and business associates...more

GAO Study Slams HHS For Lack of Guidance to Covered Entities

We watch closely for any guidance to HIPAA covered entities and business associates from the Department of Health and Human Services Office for Civil Rights (HHS/OCR). Why? Because there is so little of it. Lately, the only...more

Best Practices for Safeguarding Protected Health Information in Inclement Weather

As the East Coast prepares for the arrival of Hurricane Matthew, covered entities and business associates should take the opportunity to remind their workforce members to safeguard protected health information (PHI) that is...more

364 Results
|
View per page
Page: of 15
Popular Topics

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×