News & Analysis as of

Health Insurance Portability and Accountability Act Data Security

The Health Insurance Portability and Accountability Act is a United States federal statute enacted in 1996 to provide greater protection for individual's medical information and prescribe standards for the... more +
The Health Insurance Portability and Accountability Act is a United States federal statute enacted in 1996 to provide greater protection for individual's medical information and prescribe standards for the manner in which healthcare professionals gather, use, and maintain health information.  less -

NY AG Fines Healthcare Firm $130,000 for Improperly Delaying Breach Notices to Consumers Due to an FBI Investigation

by Arnall Golden Gregory LLP on

On June 15th, New York Attorney General Eric Schneiderman announced a settlement with CoPilot Provider Support Services Inc. to resolve allegations that the company improperly delayed notice to more than 220,000 consumers of...more

HHS Releases Health Care Industry Cybersecurity Task Force Report

Last week, the Department of Health and Human Services (HHS) issued its “Report on Improving Cybersecurity in the Health Care Industry,” which is the culmination of a year-long effort on behalf of the Cybersecurity Task...more

My Entity Just Experienced a Cyber-Attack! What Do We Do Now?

by Balch & Bingham LLP on

On June 9, 2017, the U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) released a cyber-attack “Quick Response” checklist (the Checklist) for the benefit of HIPAA covered entities and business...more

OCR Publishes Checklist and Infographic for Cyber Attack Response

OCR released a simple checklist and infographic last week to assist Covered Entities and Business Associates with responding to potential cyber attacks. As cybersecurity remains a pressing concern for health care entities,...more

HHS Task Force Says Healthcare Cybersecurity is in “Critical Condition”

Unbeknownst to many, Congress established the Health Care Industry Cybersecurity Task Force in 2015 to address the health care industry’s cybersecurity challenges. That Task Force–a combination of public and private...more

(Un)Protected Health Information Held for Ransom

by Snell & Wilmer on

Recent experiences of major health care companies offer a reminder of the importance of data security and following a well-written policy for compliance with the HIPAA Privacy Rule....more

Global Privacy & Cybersecurity Update Vol. 14

by Jones Day on

New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more

Over-Analyzed and Under-Protected: Cybersecurity Compliance is Actually Pretty Simple

by JD Supra Perspectives on

While certainly not easy, data security and privacy compliance is actually pretty simple....more

HIPAA spring check-up: Your obligations to safeguard third-party patient health information in medical records produced in...

You’ve had your apple a day, but you can’t keep the subpoenas away… And, if your organization is facing a request seeking records or other materials that may contain patient health information (“PHI”), it bears...more

New Mexico Enacts Data Breach Notification Law

by King & Spalding on

On April 6, 2017, New Mexico became the 48th state to enact a data breach notification law; the Data Breach Notification Act (the “Act”) will go into effect on June 16, 2017. The good news for many in the health care...more

OCR Announces First HIPAA Settlement with Wireless Health Services Provider

by Morgan Lewis on

The $2.5 million settlement reflects the agency’s focus on mobile health privacy. On April 24, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a settlement with CardioNet, a...more

Lessons from OCR HIPAA Settlements - Mobile Device Security Standards

by Ruder Ware on

In the first known case involving a wireless provider, a cardiology service provider agreed to pay a $2.5 million settlement based on the impermissible disclosure of unsecured electronic protected health information (ePHI)....more

Nutter Bank Report, April 2017

CFPB Delays the Effective Date of New Prepaid Accounts Rule - The CFPB adopted a final rule on April 20 that delays the general effective date of its rule governing prepaid accounts by six months. The rule will now take...more

Phishing Incident Leads to $400,000 HIPAA Settlement

by Saul Ewing LLP on

?On April 12, 2017, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that Metro Community Provider Network (MCPN) agreed to pay HHS $400,000 to settle alleged HIPAA Security Rule...more

Gone Phishin’: Hack Leads to HIPAA Settlement

Earlier this week, the HHS Office for Civil Rights (“OCR”) announced a $400,000 settlement with Metro Community Provider Network (“MCPN”) related to a 2012 HIPAA breach caused by a phishing scam. The phishing scam, carried...more

HIPAA Guidance Issued on Man-In-The-Middle Attacks

by McGuireWoods LLP on

Last week, the Office of Civil Rights (OCR) issued guidance on securing end-to-end communications for sensitive information transmitted between parties over the internet. The OCR warns against “man-in-the-middle” (MITM)...more

Recent HIPAA Privacy and Security Settlements and Lessons Learned

by Perkins Coie on

Although the fate of the Affordable Care Act remains undecided, enforcement of the HIPAA privacy and security regulations by the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services is ongoing,...more

March Fadness: Wearable Tech in the Workplace

Wearable technology continues to do a full court press on the marketplace and in the process, the step counters of the world and health apps tied to devices capable of tracking real-time biostatistics, are revolutionizing the...more

Global Privacy & Cybersecurity Update Vol. 13

by Jones Day on

On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more

2017 HIPAA Enforcement: Year to Date Lessons

With the announcements from OCR of three resolution agreements and one civil money penalty as of mid-February, OCR is off to a record start for HIPAA enforcement in 2017, with double the announcements as the same time last...more

The Rising Importance of Data Privacy and Security Practices for Healthcare Entities Facing Intensified Challenges

by McGuireWoods LLP on

For those in the healthcare industry, the privacy and security of information is vital to operations, but the importance and value of health information also makes the industry a prime target for threats. Studies suggest...more

$5.5 Million HIPAA Settlement Underscores Importance of Audit Controls

On February 16, 2017, the HHS Office for Civil Rights (OCR) disclosed a $5.5 million settlement with Memorial Healthcare Systems (MHS) for HIPAA violations affecting the protected health information (PHI) of 115,143...more

$5.5 Million HIPAA Settlement Matches Largest Payment To-Date

by Saul Ewing LLP on

On February 16, 2017, the U.S. Department for Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced that Memorial Healthcare Systems of Florida (“MHS”) agreed to pay $5.5 million and enter into a...more

Notable New State Privacy and Data Security Laws – Part Two

by Snell & Wilmer on

This is the second in a two-part series addressing recent developments in state privacy and data security laws. This article addresses new laws about student privacy, enforcement/ punishment for data privacy and security...more

Modernization? SAMHSA Falls Short in Updating 42 C.F.R. Part 2

by Davis Wright Tremaine LLP on

On January 18, 2017, the Department of Health and Human Services Substance Abuse and Mental Health Services Administration (“SAMHSA”) published a final rule amending 42 C.F.R. Part 2 (“Part 2”), with an effective date that...more

153 Results
|
View per page
Page: of 7
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.