Data Security Covered Entities

News & Analysis as of

2017 HIPAA Enforcement: Year to Date Lessons

With the announcements from OCR of three resolution agreements and one civil money penalty as of mid-February, OCR is off to a record start for HIPAA enforcement in 2017, with double the announcements as the same time last...more

HIPAA Enforcement Update (October 2016 – January 2017)

Since October 2016, the Department of Health and Human Services, Office for Civil Rights (OCR) announced four settlement agreements to resolve allegations of Health Insurance Portability and Accountability Act (HIPAA)...more

HIPAA Small Breach Notification Due March 1: “In Like a Lion, Out Like a Lamb” if You Submit Timely

March 1, 2017 is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health information that were...more

Recent HIPAA Enforcement Actions

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently announced the first ever settlement related to a Covered Entity’s untimely breach notification in violation of HIPAA. Presence Health,...more

[Webinar] HIPAA in the Cloud – OCR Guidance on HIPAA and Cloud Service Providers - Jan. 31st, 1:00pm ET

As the health care sector further embraces the benefits of cloud computing, numerous challenges have arisen with applying HIPAA to cloud computing services....more

HHS Gets Agressive: HIPAA Audits from 2016

HHS has become more aggressive with audits, and with increased penalties, covered entities and business associates simply cannot afford an audit on HIPAA rules and regulations. In March of 2016, HHS's Office for Civil Rights...more

Time Waits for No One: OCR Announces First HIPAA Settlement for Lack of Timely Breach Notification

On Jan. 9, 2017, the Department of Health and Human Services Office for Civil Rights (“OCR”) announced the first HIPAA enforcement action for failure to timely report a breach. Often investigating and making formal...more

HHS OCR Levies Significant HIPAA Penalties in a Series of Recent Settlements: Covered Entities and Business Associates Alike...

Between June and November 2016, the Department of Health and Human Services Office of Civil Rights (HHS OCR) has announced seven high-dollar settlements to resolve alleged violations of the HIPAA privacy, security, and breach...more

Health Update - November 2016

Post-Election Analysis: Healthcare Antitrust in a Trump Administration - In a Republican sweep of all the elected branches of the federal government, Donald Trump won the presidential election and Republicans retained...more

OCR Guidance Underscores Importance of Authentication under HIPAA

In its tenth OCR Cyber Awareness Newsletter of the year (Newsletter), the Office for Civil Rights (OCR) reminded HIPAA-covered entities and business associates of the importance of selecting an appropriate authentication...more

Cloud Service Providers Beware, You May Be Subject to HIPAA Without Knowing It

The use of cloud service providers has exploded in the past several years. According to estimates from Gartner, the market for cloud services is expected to reach $204 billion in 2016. But the use of cloud service providers...more

HHS Designates Cloud Service Providers as Business Associates Under HIPAA

Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more

HHS Publishes New Guidance on HIPAA and Cloud Computing

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued a new guidance regarding HIPAA compliance and the use of cloud computing solutions. The guidance is intended to assist covered entities...more

Cybersecurity Requirements Proposed for New York Financial Companies

The New York Department of Financial Services has proposed new cybersecurity regulations “designed to promote the protection of customer information as well as the information technology systems of regulated entities...more

OCR Releases HIPAA Guidance on Cloud Computing

On October 6, 2016, the Department of Health and Human Services Office for Civil Rights (OCR) released HIPAA guidance on cloud computing (Guidance). The Guidance is intended to help covered entities and business associates...more

Business Associates Beware! OCR Means Business

In June 2016, OCR entered into its first settlement agreement with a business associate, Catholic Health Care Services of the Archdiocese of Philadelphia (“CHCS”), for potential violations of the HIPAA Laws by failing to...more

OCR Sets Sights on Smaller HIPAA Breaches

Covered entities and business associates can expect increased scrutiny for breaches of unsecured protected health information affecting fewer than 500 individuals. Starting August 2016, the U.S. Department of Health and Human...more

Now is a Good Time to Review Your HIPAA Policies

The HHS Office for Civil Rights (OCR) has announced it is increasing its investigations of breaches of unsecured protected health information (PHI) affecting fewer than 500 individuals. As a reminder, the HIPAA Breach...more

FTC Finds Laboratory Security Practices Caused Consumer Harm

On July 28, 2016, a panel (the “FTC Panel”) of three acting Federal Trade Commission (“FTC”) commissioners issued an opinion that found that LabMD, Inc. (“LabMD”) failed to implement reasonable security measures to protect...more

Got Data? Actual Harm Not Required for FTC Enforcement Action for Lax Security Measures

While much of Washington, D.C. is enjoying the slow and hazy days of summer, the Federal Trade Commission (FTC) is staying busy solidifying its presence as the go-to authority for data security. Most recently, on July 29,...more

Record-Breaking HIPAA Settlement Sends Strong Message to Covered Entities

This month marked the largest HIPAA settlement to-date for a single entity. Advocate Health Care Network (“Advocate”) agreed to pay $5.5 million and adopt a corrective action plan after an investigation by the Department of...more

Largest HIPAA Settlement Announced Against A Single Entity: $5.55 Million

On August, 4, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced that Advocate Health Care Network (Advocate) agreed to pay a settlement amount of $5.55 million and adopt a...more

Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws

The US Department of Health and Human Services (HHS) has recently issued guidance under the Health Insurance Portability and Accountability Act (HIPAA) on what covered entities and business associates can do to prevent and...more

Largest Health & Human Services HIPAA Settlement Wake-Up Call for Covered Entities to Evaluate and Mitigate Risks

On Thursday, August 4, 2016, the U.S. Department of Health & Human Services, Office of Civil Rights (OCR) announced the largest settlement ever with a single entity for multiple potential Health Insurance Portability and...more

Alert: FTC Commissioners Find LabMD's Failure to Implement Data Security Practices "Unfair"

On July 29, 2016, the Federal Trade Commission (FTC or Commission) announced its long-awaited decision in its LabMD enforcement action. The Commissioners reversed the decision of an Administrative Law Judge (ALJ) and held...more

44 Results
|
View per page
Page: of 2
Cybersecurity

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×