News & Analysis as of

Protected Health Information Dept. of Health and Human Services

HHS Issues Limited Waiver of HIPAA Sanctions Post-Hurricane Harvey

The U.S. Department of Health and Human Services (HHS) has used its authority to waive certain provisions of HIPAA in response to Hurricane Harvey. HHS previously declared a public health emergency in Texas and Louisiana...more

HHS Issues Limited Waiver of HIPAA Sanctions Post-Hurricane Harvey

The U.S. Department of Health and Human Services (HHS) has used its authority to waive certain provisions of HIPAA in response to Hurricane Harvey. HHS previously declared a public health emergency in Texas and Louisiana...more

Hurricane Harvey, HIPAA, and Access to Health Information

Hurricane Harvey has been pummeling the Gulf Coast since Monday, with nearly 52 inches of rainfall in parts of Texas. The storm has displaced thousands of people from their homes and has resulted in over 30 reported deaths....more

Recent HHS Activity Following International Cyber Attacks

by Steptoe & Johnson PLLC on

Following recent international cyber attacks, the U.S. Department of Health and Human Services (HHS) has issued warnings to healthcare organizations, provided a cyber attack checklist, and launched its revised HIPAA Breach...more

HHS Releases Health Care Industry Cybersecurity Task Force Report

Last week, the Department of Health and Human Services (HHS) issued its “Report on Improving Cybersecurity in the Health Care Industry,” which is the culmination of a year-long effort on behalf of the Cybersecurity Task...more

Increased Focus on Health Care Cybersecurity: HHS Releases Long-Awaited Report and Cyber Attack Quick-Response Checklist

by McGuireWoods LLP on

The U.S. Department of Health & Human Services (HHS) issued a recent report noting that cybersecurity is a key public health concern that needs “immediate and aggressive attention.” Shortly thereafter, HHS’ Office for Civil...more

AGG Food and Drug Newsletter - June 2017

by Arnall Golden Gregory LLP on

Arnall Golden Gregory LLP's Food and Drug Newsletter is a monthly update of legal and regulatory issues that affect the FDA-regulated community, including regular updates on legislative initiatives from AGG’s Washington, DC...more

My Entity Just Experienced a Cyber-Attack! What Do We Do Now?

by Balch & Bingham LLP on

On June 9, 2017, the U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) released a cyber-attack “Quick Response” checklist (the Checklist) for the benefit of HIPAA covered entities and business...more

New HHS Cybersecurity Preparedness Checklist

by Carlton Fields on

The Department of Health and Human Services’ Office of Civil Rights (OCR) recently published a checklist to guide HIPAA-covered entities and business associates through an appropriate response to a ransomware or cybersecurity...more

$387,200 Fine from HHS OCR for the Improper Disclosure of PHI to an Employer and a Volunteer Organization

by Arnall Golden Gregory LLP on

On May 23, 2017, the Department of Health and Human Services Office of Civil Rights (HHS OCR) announced a settlement with St. Luke’s-Roosevelt Hospital Center, part of the Mount Sinai Health System, to resolve allegations...more

OCR Publishes Checklist and Infographic for Cyber Attack Response

OCR released a simple checklist and infographic last week to assist Covered Entities and Business Associates with responding to potential cyber attacks. As cybersecurity remains a pressing concern for health care entities,...more

Causes of Healthcare Data Breaches (Update)

by Bryan Cave on

Pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), covered entities (e.g. healthcare providers and health plans) must notify the Department of Health and Human Services (“HHS”) of breaches...more

(Un)Protected Health Information Held for Ransom

by Snell & Wilmer on

Recent experiences of major health care companies offer a reminder of the importance of data security and following a well-written policy for compliance with the HIPAA Privacy Rule....more

Complying With HIPAA Following a Ransomware Attack

by Morris James LLP on

In 2016, the U.S. Department of Health and Human Services (“HHS”) issued guidance to help covered entities and business associates understand, among other things, how to respond appropriately to ransomware attacks under the...more

Impermissible Disclosure of HIV Information Results in $387,000 HIPAA Settlement

St. Luke’s-Roosevelt Hospital Center, Inc. (SLRHC), a member of the New York-based Mount Sinai Health System, paid $387,000 to the U.S. Department of Health and Human Services (HHS) and entered into a corrective action plan...more

The Future Of The Patient Protection And Affordable Care Act May Be Uncertain… But HIPAA Is Here To Stay

by Fraser Trebilcock on

While the future of the Patient Protection and Affordable Care Act and any potential replacement legislation is still in question, the Office for Civil Rights (“OCR”) within the U.S. Department of Health and Human Services...more

Employers: Are You Ready for a Cyberwar? Attackers Using Ransomware are Saying Show Me Your Bitcoin!

by Dechert LLP on

Recently, the WannaCry ransomware attack impacted 150 countries and over 300,000 computers. Not all ransomware attacks are so massive but they all are fast moving and require swift action to prevent destruction and lose of...more

HHS OCR Resumes HIPAA Enforcement Action Announcements: Four New Settlements and Penalties Totaling More than $5 million in a One...

by Arnall Golden Gregory LLP on

After a pause of nearly two months, the Department of Health and Human Services Office of Civil Rights (HHS OCR) has resumed its announcement of settlements for alleged HIPAA violations, with four new settlement agreements...more

Public Still Must be Kept Private under HIPAA

by Davis Wright Tremaine LLP on

A not-for-profit health care system recently agreed to pay the Department of Health and Human Services (HHS) $2.4 million as part of a settlement over potential Health Insurance Portability and Accountability Act (HIPAA)...more

Inappropriate Disclosure of a Single Patient Name Results in $2.4 Million HIPAA Settlement

Texas’ Memorial Hermann Health System (MHHS) paid $2.4 million to the U.S. Department of Health and Human Services (HHS) and entered into a corrective action plan (CAP) to resolve allegations related to the impermissible...more

Failure to Ensure Vendor Safeguarded Protected Health Information Costs Small Health Care Provider $31,000

by Reed Smith on

Having proper internal systems and procedures in place to manage data security is essential for organizations storing personal information in any industry. But health care organizations that rely on external vendors to...more

$2.5 Million Settlement Shows That Not Understanding HIPAA Requirements Creates Risk

by Fox Rothschild LLP on

In one of the best examples we have ever seen that it pays to be HIPAA compliant (and can cost A LOT when you are not), the U.S. Department of Health and Human Services, Office for Civil Rights, issued the following press...more

Settlement Highlights Need for HIPAA-Covered Entities to Have Business Associate Agreements in Place with PHI Vendors

by Dickinson Wright on

The Department of Health and Human Services’ Office for Civil Rights (ORC) announced an agreement to settle possible Health Insurance Portability and Accountability Act (HIPAA) violations with The Center for Children’s...more

Another HIPAA Settlement: Stolen Laptop Costs $2.5 Million Plus Encryption Requirement

by Perkins Coie on

The U.S. Department of Health and Human Services (HHS) recently announced yet another HIPAA privacy and security settlement involving Protected Health Information (PHI) on a stolen laptop. Although this might be seen as just...more

First HIPAA Settlement Involving a Wireless Health Services Provider

?On April 24, 2017, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that CardioNet, Inc. (CNI) agreed to pay $2.5 million and enter into a Corrective Action Plan (CAP) to settle...more

345 Results
|
View per page
Page: of 14
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.