News & Analysis as of

Data Security Dept. of Health and Human Services

NY AG Fines Healthcare Firm $130,000 for Improperly Delaying Breach Notices to Consumers Due to an FBI Investigation

by Arnall Golden Gregory LLP on

On June 15th, New York Attorney General Eric Schneiderman announced a settlement with CoPilot Provider Support Services Inc. to resolve allegations that the company improperly delayed notice to more than 220,000 consumers of...more

Tick Tock Tick Tock, When a Breach Occurs, You’re on the Clock!

As a reminder that state attorneys general have enforcement authority over breach notifications, the New York Attorney General recently announced a $130,000 settlement for a failing to provide breach notification in a...more

HHS Releases Health Care Industry Cybersecurity Task Force Report

Last week, the Department of Health and Human Services (HHS) issued its “Report on Improving Cybersecurity in the Health Care Industry,” which is the culmination of a year-long effort on behalf of the Cybersecurity Task...more

Rallying Cry: Health Care Cybersecurity a Key Public Health Concern

by Sedgwick LLP on

On June 2, 2017, the Health Care Industry Cybersecurity Task Force published its Report on Improving Cybersecurity in the Health Care Industry. The lengthy and comprehensive Report serves as a wake-up call to the medical...more

My Entity Just Experienced a Cyber-Attack! What Do We Do Now?

by Balch & Bingham LLP on

On June 9, 2017, the U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) released a cyber-attack “Quick Response” checklist (the Checklist) for the benefit of HIPAA covered entities and business...more

OCR Publishes Checklist and Infographic for Cyber Attack Response

OCR released a simple checklist and infographic last week to assist Covered Entities and Business Associates with responding to potential cyber attacks. As cybersecurity remains a pressing concern for health care entities,...more

HHS Task Force Says Healthcare Cybersecurity is in “Critical Condition”

Unbeknownst to many, Congress established the Health Care Industry Cybersecurity Task Force in 2015 to address the health care industry’s cybersecurity challenges. That Task Force–a combination of public and private...more

(Un)Protected Health Information Held for Ransom

by Snell & Wilmer on

Recent experiences of major health care companies offer a reminder of the importance of data security and following a well-written policy for compliance with the HIPAA Privacy Rule....more

Global Privacy & Cybersecurity Update Vol. 14

by Jones Day on

New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more

HHS Plans To Launch Cybersecurity Center Focused On Medical App Security

by Dentons on

The US Department of Health and Human Services (HHS) announced on April 20 that it plans to launch a cybersecurity initiative modeled on the US Department of Homeland Security’s National Cybersecurity and Communications...more

HHS to Launch Cybersecurity Center

The Department of Health and Human Services (HHS) will soon launch a healthcare focused cybersecurity initiative modeled on the Homeland Security Department’s National Cybersecurity and Communications Integration Center...more

OCR Announces First HIPAA Settlement with Wireless Health Services Provider

by Morgan Lewis on

The $2.5 million settlement reflects the agency’s focus on mobile health privacy. On April 24, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a settlement with CardioNet, a...more

Phishing Incident Leads to $400,000 HIPAA Settlement

?On April 12, 2017, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that Metro Community Provider Network (MCPN) agreed to pay HHS $400,000 to settle alleged HIPAA Security Rule...more

Gone Phishin’: Hack Leads to HIPAA Settlement

Earlier this week, the HHS Office for Civil Rights (“OCR”) announced a $400,000 settlement with Metro Community Provider Network (“MCPN”) related to a 2012 HIPAA breach caused by a phishing scam. The phishing scam, carried...more

Recent HIPAA Privacy and Security Settlements and Lessons Learned

by Perkins Coie on

Although the fate of the Affordable Care Act remains undecided, enforcement of the HIPAA privacy and security regulations by the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services is ongoing,...more

$5.5 Million HIPAA Settlement Underscores Importance of Audit Controls

On February 16, 2017, the HHS Office for Civil Rights (OCR) disclosed a $5.5 million settlement with Memorial Healthcare Systems (MHS) for HIPAA violations affecting the protected health information (PHI) of 115,143...more

$5.5 Million HIPAA Settlement Matches Largest Payment To-Date

On February 16, 2017, the U.S. Department for Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced that Memorial Healthcare Systems of Florida (“MHS”) agreed to pay $5.5 million and enter into a...more

HIPAA Enforcement Update (October 2016 – January 2017)

by Locke Lord LLP on

Since October 2016, the Department of Health and Human Services, Office for Civil Rights (OCR) announced four settlement agreements to resolve allegations of Health Insurance Portability and Accountability Act (HIPAA)...more

HIPAA Small Breach Notification Due March 1: “In Like a Lion, Out Like a Lamb” if You Submit Timely

by Davis Wright Tremaine LLP on

March 1, 2017 is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health information that were...more

2016 Edition of HIPAA Regulations Released

The Code of Federal Regulations has recently published the 2016 version of the HIPAA regulations. This is the most up-to-date “official” version of the HIPAA regulations....more

HHS Modifies Drug and Alcohol Abuse Confidentiality Regulations, Proposes Additional Revisions

by Bass, Berry & Sims PLC on

On January 18, 2017, the U.S. Department of Health and Human Services, Substance Abuse and Mental Health Services Administration (SAMHSA) released a final rule (the Final Rule) modifying the federal regulations governing the...more

[Webinar] HIPAA in the Cloud – OCR Guidance on HIPAA and Cloud Service Providers - Jan. 31st, 1:00pm ET

by Davis Wright Tremaine LLP on

As the health care sector further embraces the benefits of cloud computing, numerous challenges have arisen with applying HIPAA to cloud computing services....more

HHS Gets Agressive: HIPAA Audits from 2016

by Kiesewetter Law Firm on

HHS has become more aggressive with audits, and with increased penalties, covered entities and business associates simply cannot afford an audit on HIPAA rules and regulations. In March of 2016, HHS's Office for Civil Rights...more

The Price of PHI – A $2.2 Million USB Drive

by Davis Wright Tremaine LLP on

A stolen unencrypted USB drive led to a $2.2 million settlement and a Resolution Agreement. The Department of Health and Human Services Office for Civil Rights (OCR) announced on January 18th a settlement with MAPFRE Life...more

Breach of Privacy Prompts Breach of Etiquette: DHHS Sets New Precedent in Privacy Breach Enforcement

by Faegre Baker Daniels on

On January 9, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) took action against a health system for non-timely reporting of a breach of protected health information. It was the first...more

70 Results
|
View per page
Page: of 3
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.