Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
Healthcare organizations continue to be prime targets of cyberattacks. It is well-established that cyberattacks can lead to financial loss, reputational damage, and, in some cases, risks to patient care and safety. The recent...more
On February 14, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published a new, final version of their guidance for...more
The Association of American Universities (AAU) and the Council on Governmental Relations (COGR) are among a handful of groups “urging the Biden administration to rescind a policy proposal that would threaten the American...more
On February 16, 2024, the HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published a final version of the cybersecurity resource guide (the “Guide”) with respect to the HIPAA...more
There has been a notable emphasis on proactive enforcement of the privacy and security of protected health information in recent weeks as evidenced by multiple developments regarding compliance with the Health Insurance...more
As previously reported in this blog, on Dec. 6, 2023, the Department of Health and Human Services (HHS or the Department) released a “concept paper,” which laid out its vision of future action regarding healthcare...more
The Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) recently submitted two annual reports to Congress setting forth a summary of complaints and breaches reported to the OCR during...more
As a Halloween treat for HIPAA-covered entities and business associates, on October 31, the Department of Health and Human Services Office for Civil Rights (OCR) released a new video on its YouTube channel, in which senior...more
A strong cybersecurity program can help defend against cyber attacks and protect sensitive patient data. Thanks to a 2021 amendment of the HITECH Act, when a breach occurs, it can also reduce enforcement penalties. The...more
The National Institute of Standards and Technology (NIST) has released an initial draft of Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide (Resource...more
The HHS Office for Civil Rights is requesting comments about HIPAA covered entities’ and business associates’ implementation of “recognized security practices” and payments to “harmed individuals” from funds the agency...more
Just one month remains to comment on the U.S. Department of Health and Human Services (HHS) Office for Civil Rights' (OCR) current Request for Information (RFI), which seeks public input on the implementation of two statutory...more
On April 6, 2022, the Department of Health and Human Services Office for Civil Rights (OCR) issued a Request for Information (RFI) to solicit public comments on the implementation of the “safe harbor” under the Health...more
The US Department of Health Human Services (HHS) is seeking public comments about the appropriate role of “recognized security practices” in enforcement of the HIPAA Security Rule. Congress, through an amendment to the HITECH...more
The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) released a Request for Information (RFI) to obtain industry feedback and inform potential future rulemaking regarding information...more
On April 6, 2022, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) seeking public comment on "recognized security practices" and on sharing civil...more
There is a glut of information out there regarding privacy and cybersecurity these days. Our new feature “What We’re Reading” provides a curated list of articles, blogs, newsletters, and books that you may find interesting...more
On January 21, 2021, the Department of Health and Human Services (HHS) published proposed modifications to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for...more
Recently, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), the agency enforcing the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - Cybersecurity Standards Issued for Government Contractors - On January 31, the Office of the Under Secretary of Defense for Acquisition and...more
Report on Patient Privacy 20, no. 2 (February 2020) - The year is still young, but the federal government has announced a potentially far-reaching privacy effort that should catch HIPAA compliance officers’ attention. And...more
Google Health’s Partnerships Raise Privacy Concerns - Recently, Google has been at the center of privacy concerns due to its health- sharing collaborations with the University of Chicago Medical Center (the Medical Center)...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - FTC Submits Comment on the Preliminary Draft for the NIST Privacy Framework - On October 24, 2019, the Federal Trade Commission ("FTC") announced that...more
Report on Medicare Compliance Volume 28, Number 40. (November 11, 2019) - - In a new Medicare compliance review, the HHS Office of Inspector General (OIG) said Angels Care Home Health in Salina, Kansas, didn’t comply with...more