Many HIPAA covered entities and business associates struggle with developing and implementing a sanctions policy. What should it say, is zero-tolerance required, do we have to impose discipline in every case, etc. These are...more
Purpose and Background of the GLBA - The Gramm-Leach-Bliley Act (“GLBA”), also known as the Financial Services Modernization Act of 1999, is a federal statute enacted by Congress in 1999 that requires financial...more
Elite Dental Associates (Elite), located in Dallas, Texas has agreed to settle alleged HIPAA violations with the Office for Civil Rights (OCR) for $10,000....more
For the first time in 17 years, the FTC is proposing significant increases to the information security standards which apply to those financial institutions that are regulated by the FTC and are not already subject to similar...more
The FTC has proposed amendments to its 2003 Safeguards Rule and the 2000 Privacy Rule, applicable to financial institutions under the Gramm Leach Bliley Act (GLBA). ...more
Health care organizations’ lack of compliance with the data privacy and security requirements of both state laws and the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy, Security and Breach Notification...more
Following the recent Equifax data breach wherein millions of consumers’ private information may have been compromised, it is increasingly clear that consumer-interfacing businesses need to, and in some cases are required to,...more
The Risks of Overpromising and Underperforming - Demonstrating its authority over all things cybersecurity, the Federal Trade Commission (FTC) announced that it has entered into a proposed consent order with Uber for the...more
As ISPs continue to absorb the scope of the FCC’s recent Privacy Order (the “Order”), one immediate question presents itself: what steps must ISPs take to begin implementing the data security and breach notification...more
As we previewed last week, the Federal Communications Commission (FCC) has adopted new privacy rules that govern Internet service providers’ (ISPs) handling of broadband customer information. Though the Wireline Competition...more
On February 16, 2016, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced that it had entered into an agreement with Complete P.T., Pool & Land Physical Therapy, Inc. (CPT), a physical...more
The Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 and the regulations promulgated thereunder (“HIPAA”) should be now well-known to health care providers and health plans. Under HIPAA’s...more
In September 2015, a U.S. Department of Health and Human Services (HHS), Office of the Inspector General (OIG), report found that the Office of Civil Rights (OCR), the agency charged with ensuring compliance with the Health...more
On September 29, it was revealed that the HHS Office for Civil Rights (OCR) will commence Phase 2 of its HIPAA audit program in “early 2016.” OCR’s revelation regarding the Phase 2 audits, which had been the subject of...more
On September 29, 2015, the Office of Inspector General (OIG) released two reports that reviewed the Office of Civil Rights’ (OCR) enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The...more
Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called "Phase 2 Audits" are set to commence...more
On September 2, 2015, the U.S. Department of Health & Human Services (HHS) announced that Cancer Care Group, P.C. (CCG), a physician practice located in Indiana, agreed to pay $750,000 as part of a settlement to resolve...more
The next time you walk by your office copier or fax machine, plug a flash drive into a universal serial bus port on your computer, or pull your smartphone out of your pocket, consider the amount of data that has crossed...more
On January 25, 2013, the Department of Health and Human Services (HHS) published final regulations that modify the Privacy, Security, Enforcement and Breach Notification Rules issued pursuant to the Health Insurance...more
On January 25, 2013, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) published a final rule (Final Rule) containing modifications to the privacy standards (Privacy Rule), security...more
As we have reported in this blog, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently released final regulations containing modifications to the HIPAA Privacy, Security, Enforcement, and...more
In this information technology era, it is little wonder that the Obama Administration has made enforcement of data security and privacy protections a top priority. The enforcement emphasis reflects public opinion favoring...more
Originally posted in Hartford Business Journal on February 11th, 2013. Attention all medical providers, hospitals and any other covered entity or business associate under HIPAA. On Jan. 17, the U.S. Department of Health...more
Changes to the HIPAA Enforcement Rule - Background: On October 30, 2009, HHS issued an interim final rule revising the Enforcement Rule to incorporate provisions of the HITECH Act. The NPRM then proposed a number of...more