News & Analysis as of

Health Insurance Portability and Accountability Act Data Breach

The Health Insurance Portability and Accountability Act is a United States federal statute enacted in 1996 to provide greater protection for individual's medical information and prescribe standards for the... more +
The Health Insurance Portability and Accountability Act is a United States federal statute enacted in 1996 to provide greater protection for individual's medical information and prescribe standards for the manner in which healthcare professionals gather, use, and maintain health information.  less -

Recent Events Increase the Importance of HIPAA Risk Analyses and HIPAA Policies

Recent events highlight the fact that threats to customer and patient data continue to increase. In recent months, government agencies, news outlets, and others have spent considerable time investigating and reporting on...more

Lessons Learned from 2017 OCR HIPAA Enforcement Actions

by Foley & Lardner LLP on

So far 2017 is proving to be an active year for Health Insurance Portability and Accountability Act (HIPAA) enforcement. This comes on the heels of 2016, which saw an unprecedented level of enforcement actions, with 13 total...more

Part Two: Abandoned Mines and Data Retention Policies

by McGuireWoods LLP on

As discussed in Tuesday’s post, in addition to taking reasonable precautions to secure data, companies should consider whether they have an affirmative duty to destroy data in the United States – to clear the explosives out...more

Attempting To Avoid The High Cost Of A Reported HIPAA Breach

by Dickinson Wright on

Preventing unintended or unauthorized disclosure of protected health information is an ever-present goal of all covered entities and business associates. However, protective firewalls and electronic data security measures are...more

Maryland Amends Personal Information Protection Act

by Jackson Lewis P.C. on

Amendments to Maryland’s Personal Information Protection Act expand the definition of personal information, modify the definition of breach of the security of the system, provide a 45-day timeframe for notification, allow...more

What is the HIPAA Complaint Process?

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) is responsible for enforcing the HIPAA Privacy and Security Rules. Any person who believes that a covered entity or business associate is not...more

New York’s New Cybersecurity Regulations and its Impact on your Sensitive Health Information

by Farrell Fritz, P.C. on

Effective March 1, 2017, the New York State Department of Financial Services promulgated regulations to help protect against cybercriminals and their efforts to exploit sensitive electronic data. These cybersecurity...more

How the U.S. Healthcare Sector Can Prepare for and Harden Its Systems Against Cyberattack

by Hogan Lovells on

“The number one issue on the minds of many CEOs and boards is cyberattacks and data breaches,” said Hogan Lovells partner Marcy Wilder. In this hoganlovells.com interview, Wilder discusses three key things health sector...more

OCR Releases “Improved Web Tool” for Breach Reporting

The Office for Civil Rights (OCR) recently issued an “improved web tool that puts important information into the hands of individuals, empowering them to better identify recent breaches of health information and learn how all...more

Maryland Amends Data Breach Notification Law

by Ballard Spahr LLP on

The Maryland General Assembly recently amended the Maryland Personal Information Protection Act to expand the definition of personal information, provide a 45-day timeframe for providing notice of a breach, allow for...more

The HIPAA “Wall of Shame” is Now Easier to Navigate

Last week, the HHS Office for Civil Rights (OCR) launched an improved version of their HIPAA Breach Reporting Tool (HBRT), commonly referred to by OCR and regulated entities alike as the HIPAA “Wall of Shame.” OCR has also...more

Health Care E-Note - July 2017

by Burr & Forman on

Everywhere you look these days, there seems to be another report of a cyberattack -- attacks which do not discriminate based on industry type, size of business, or impact. In other words, everyone is vulnerable. In fact, the...more

Ten Tips For Actions By A Covered Entity After A HIPAA Breach By A Business Associate

by Fox Rothschild LLP on

This blog recently discussed tips for a covered entity (CE) in dealing with a HIPAA business associate (BA). Now, even though you have adopted all of the tips and more, in this dangerous and ever more complex data security...more

Unencrypted Backup Drive of 531 EEG Patients Lost

Baptist Medical Center South, located in Jacksonville, Florida has admitted that one of its backup drives has been missing since May 18, 2017. The unencrypted backup drive contained the protected health information of 531...more

Case Update: In Consumer Data Breach Case, Eleventh Circuit Indicates Concern over Scope of FTC’s Enforcement Actions

by Dorsey & Whitney LLP on

On June 21, 2017, the Eleventh Circuit Court of Appeals heard oral argument in LabMD, Inc. v. FTC, Case No. 16-16270, a case that is being carefully watched to see if it will clarify the limits of the Federal Trade...more

NY AG Fines Healthcare Firm $130,000 for Improperly Delaying Breach Notices to Consumers Due to an FBI Investigation

by Arnall Golden Gregory LLP on

On June 15th, New York Attorney General Eric Schneiderman announced a settlement with CoPilot Provider Support Services Inc. to resolve allegations that the company improperly delayed notice to more than 220,000 consumers of...more

Protecting Data: Vendors May Be Your Weakest Link

by Murtha Cullina on

A Verizon Communications vendor misconfigured a cloud server that caused the information of 6 million Verizon customers to be exposed on-line. When a cyber incident or data breach occurs on your vendor’s watch, regardless of...more

Cyber Threats Equal Serious Threats

by Burr & Forman on

Every where you look these days, there seems to be another report of a cyber attack--attacks which do not discriminate based on industry type, size of business, or impact. In other words, everyone is vulnerable. In fact, the...more

AGs Weave Themselves Into Patchwork of Digital-Health Regs

by Pepper Hamilton LLP on

There are more than 165,000 mobile health applications available for download in Apple’s App Store or Google Play. This number will likely keep rising, and a body of federal and state regulators, including state attorneys...more

HIPAA in the Age of Ransomware

According to a recent US Government Interagency report, ransomware is the fastest growing malware threat, targeting users of all types, including health care facilities. This past spring, for example, the WannaCry ransomware...more

Office of the National Coordinator Issues Guidance After NotPetya Attack

Following the most recent ransomware attack, known as NotPetya, (among other nicknames), many health care entities were victims of the ransomware, which prompted the Office of the National Coordinator (ONC) to issue guidance...more

Princeton Community Hospital Replaces Computer Network After Petya Attack

Numerous hospitals were victims to last week’s (aka NotPetya) ransomware attack. But one hospital—Princeton Community Hospital in West Virginia–has admitted that it is going to replace its entire computer network after Petya...more

When Health Data Goes Missing: Largest Reported Ransomware Attack

In the aftermath of two powerful global ransomware attacks, a Michigan-based medical equipment provider has disclosed that hackers “encrypted our data files” and accessed more than 500,000 patient records in what is believed...more

Health Care Data Breaches Cost $380 per Record

A new study issued by Ponemon Institute, sponsored by IBM, reveals that healthcare data breaches still cost more than in other sectors. The Ponemon Institute’s calculation is that the average healthcare data breach costs...more

OCR Issues Reminder on Security Incidents

Following the frequent and varied ransomware attacks on health care entities over the past few years, the Office for Civil Rights (OCR) published guidance last summer to the health care industry reminding it that a ransomware...more

541 Results
|
View per page
Page: of 22
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.