News & Analysis as of

Electronic Medical Records Data Security

HIPAA Guidance Issued on Man-In-The-Middle Attacks

by McGuireWoods LLP on

Last week, the Office of Civil Rights (OCR) issued guidance on securing end-to-end communications for sensitive information transmitted between parties over the internet. The OCR warns against “man-in-the-middle” (MITM)...more

Substance Abuse and Mental Health Services Administration (SAMHSA) Issues Confidentiality of Alcohol and Drug Abuse Patient...

by King & Spalding on

On January 13, 2017, SAMHSA issued a Final Rule updating the Confidentiality of Alcohol and Drug Abuse Patient Records regulations (42 C.F.R. Part 2). SAMHSA also issued a Supplemental Proposed Rule requesting comments on...more

HHS Modifies Drug and Alcohol Abuse Confidentiality Regulations, Proposes Additional Revisions

by Bass, Berry & Sims PLC on

On January 18, 2017, the U.S. Department of Health and Human Services, Substance Abuse and Mental Health Services Administration (SAMHSA) released a final rule (the Final Rule) modifying the federal regulations governing the...more

Beware of Phishing Email Disguised as Official OCR Audit Communication

by Ballard Spahr LLP on

The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has posted an alert (and a follow-up alert) warning health plans, health care providers, and their vendors of a mock communication...more

The FTC Faces an Embarrassing Set-Back in its Data Security Enforcement Authority as the LabMD Saga Continues

by Moore & Van Allen PLLC on

On November 10th, the Eleventh Circuit Court of Appeals handed an embarrassing defeat to the Federal Trade Commission and an early Christmas present to LabMD, Inc. in the ongoing David and Goliath battle between the...more

Cloud Service Providers Beware, You May Be Subject to HIPAA Without Knowing It

by BakerHostetler on

The use of cloud service providers has exploded in the past several years. According to estimates from Gartner, the market for cloud services is expected to reach $204 billion in 2016. But the use of cloud service providers...more

HHS Designates Cloud Service Providers as Business Associates Under HIPAA

by Ballard Spahr LLP on

Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more

HHS Publishes New Guidance on HIPAA and Cloud Computing

by Stinson Leonard Street on

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued a new guidance regarding HIPAA compliance and the use of cloud computing solutions. The guidance is intended to assist covered entities...more

Small-Breach Focus Shows Growing Scope Of HIPAA Probes

by Ropes & Gray LLP on

Flexing yet more enforcement muscle under the Health Insurance Portability and Accountability Act, on Aug. 18, 2016, the U.S. Department of Health and Human Services Office for Civil Rights announced that it will more widely...more

MedStar Health Cardiology Associates Employee Emails Patient Information to Personal Account and Gets Fired

MedStar Health Cardiology Associates, (“MedStar Cardiology”) affiliated with MedStar Health, which was recently in the news for a ransomware attack, discovered that an employee sent protected health information of 907...more

HIPAA Compliance: Navigating a Health Care Minefield

by Foley & Lardner LLP on

In the two decades since its original passage, complying with the federal Health Insurance Portability and Accountability Act (HIPAA) hasn’t gotten any easier. Enacted with the primary goal of protecting the confidentiality,...more

Data Security Safeguards Can Help Healthcare Employers Withstand Cyberattacks—and Government Audits

The last couple of years have brought a steady rain of bad news for the healthcare industry when it comes to data security: Insurers faced with massive data breaches affecting thousands of health plans and millions of...more

Newest Ponemon study released on health care data breaches

The Ponemon Institute has recently released its Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data. The study has included business associates for the past two years. The study included information received...more

Fourth Circuit Finds That Traditional CGL Policies May Continue to Provide Coverage for Cyberliability Claims

by Reed Smith on

A federal U.S. Court of Appeals has confirmed that comprehensive general liability (CGL) and other traditional policies may yet be a source of liability insurance coverage for cyberliabilities. Although a dedicated...more

Hanging Around: Fourth Circuit Confirms the Coverage for Data Breach Can Still Be Found in Traditional Liability Policies

With today’s increased focus on data breaches and related cyber liability exposure, the insurance market continues to develop policies tailored to this unique risk. Insurers are also excluding cyber risks in many traditional...more

Fourth Circuit Expands Cyber Coverage under Commercial General Liability Policies

by Wilson Elser on

The United States Court of Appeals for the Fourth Circuit recently affirmed a decision by the United States District Court for the Eastern District of Virginia, Alexandria Division (District Court), finding that Travelers...more

Court Upholds Coverage Under General Liability Policy for Claim Alleging Failure to Protect Data

by Reed Smith on

In an encouraging development for insureds, the United States Court of Appeals for the Fourth Circuit held that a health care company’s general liability insurer was required to defend the company against claims stemming from...more

Virginia Telehealth Law: What You Need to Know

by Foley & Lardner LLP on

Virginia has made strides to expand the telehealth offerings available to its residents and the Old Dominion took another step forward advancing telemedicine when it enacted a bill amending Virginia Code § 38.2-3418.16 to...more

DC Proposes New Telemedicine Rules: What You Need to Know

by Foley & Lardner LLP on

The District of Columbia Department of Health recently issued proposed rules that, if enacted, would constitute the first regulations on telemedicine practice standards in the nation’s capital. Other than a 2014 policy...more

Employee Health Information: Separate and Secure

by Zelle LLP on

There are several reasons an employer might have employee health information, ranging from the results of a pre-employment physical to the contents of a request for FMLA leave to what’s written in a health provider’s note...more

OIG Reports Insufficient Oversight Of HIPAA Compliance

by King & Spalding on

The HHS Office for Civil Rights (OCR) must improve its oversight and enforcement of patient information privacy and security rules by “covered entities” and their business associates under the Health Information Portability...more

Comment period extended for NIST Cybersecurity Practice Guide

The National Institute of Standards and Technology has announced that due to stakeholder feed-back, the period to submit comments for the draft guide, “Securing Electronic Health Records on Mobile Devices” has been extended...more

Cure of Security Rule Violations Following Breach of EPHI Cannot Save Covered Entities from $750,000 Settlement; Non-Breach...

by Reed Smith on

More than three years after the Cancer Care Group, P.C. (“CCG”) notified the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) of a breach of unsecured electronic protected health...more

Don't Wait for It; Recent HIPAA Enforcement Action Signal More to Come in Phase 2 Audits

Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called "Phase 2 Audits" are set to commence...more

Recent Enforcement Shows the Importance of Encrypting Mobile Devices Containing Protected Health Information

by Foley & Lardner LLP on

With headlines every day announcing another release of Protected Health Information (PHI), providers are asking themselves – is there a way to protect against these breaches? Beyond improving the security of large...more

40 Results
|
View per page
Page: of 2
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
Feedback? Tell us what you think of the new jdsupra.com!