Steps Your Nonprofit Can Take to Mitigate Fraud Risks - Part 2
A Third Party's Perspective on Third Party Risk
Implications of the SEC Cybersecurity Disclosure Rule
Privacy Issues from Third-Party Website Tags
What's the Tea in L&E? Employee Devices: What is #NSFW?
Preparing for a Government Healthcare Audit
Tackling Credit Push Fraud: Understanding Nacha's Risk Management Package (Part Two) — Payments Pros: The Payments Law Podcast
Compliance into The Weeds: The Complexity of Risk Assessments
Behavioral Health Compliance
The Importance of Assessment Areas
RegFi Episode 8: The Technological Path to Outcomes-Based Regulation with Matt Van Buskirk
What Physicians Need to Understand About Balance Billing
What Nonprofit Board Leadership Needs To Know About Internal Investigations
Taking a Behavioral Approach to Compliance
Episode 291 -- Interview of Mary Shirley on Her New Compliance Book
ChatGPT Risks for Compliance Programs
Season 2 Episode 3 - The Role of Ethics and Compliance Programs in International Business
In the Boardroom With Resnick and Fuller - Episode 4
What Non-Financial Institutions Need to Know About Gramm-Leach-Bliley
"Board-er" Patrol in Privacy and Cyberattacks - Unauthorized Access Podcast
From financial uncertainties to cybersecurity threats, regulatory changes, and everything in between, just how imperative is Enterprise Risk Management (ERM) technology in today’s business environment? According to a...more
On Monday, November 6, 2023, the U.S. Department of Health and Human Services Office of Inspector General (“OIG”) released its General Compliance Program Guidance (“GCPG”) for the general healthcare compliance community and...more
Fraud is a pervasive issue that affects businesses, organizations, and individuals across various industries. Often, an organization is surprised to find itself a victim of fraud, especially when the perpetrator is a trusted...more
FDA Warning letters can be harbinger of formal civil and criminal investigations. If your business receives such a notice of non-compliance from the FDA, you should immediately contact an experienced FDA defense attorney....more
The United States Environmental Protection Agency (“EPA”) Office of Inspector General (“OIG”) issued a September 9th report titled: EPA’s Office of Land and Emergency Management Lacked a Nationally Consistent Strategy...more
Cataloguing everything your compliance program does isn’t easy, but Susan Roberts, who recently retired from full-time corporate life after serving as Chief Compliance Officer at three different companies, did just that. And...more
The value of good risk management, both in compliance programs and even our personal lives, has never been more important. These days we find ourselves recalculating everything from the compliance risk of a new business...more
Are your employees instructed on the proper (and improper) use of social media? Does your organization have policies and provide training on the appropriate handling of sensitive information? A recent United States Department...more
Medical Informatics Engineering, Inc. (Medical Informatics) and its wholly-owned subsidiary, NoMoreClipboard, LLC, an electronic medical record and software services provider is now liable for a combined total of $1 million...more
The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) announced that it has entered into a settlement with a business associate that provides electronic medical records services to health...more
Earlier this week, I moderated a panel discussion at an event hosted by the New York chapter of the Health Information and Management Systems Society (HIMSS). The panel was comprised of private sector health information...more
On January 4, 2018, the National Health Information Sharing and Analysis Center (NH-ISAC) posted an announcement regarding the cybersecurity threats Meltdown and Spectre that were recently identified....more
MAPFRE Life Assurance Company of Puerto Rico learned the hard way about the risk of loss of patient information with portable devices like USBs, even when they are stored in the IT Department....more
Compliance officers have to avoid professional myopia. The focus of compliance these days has been on anti-corruption, antitrust, and AML, depending on your company’s industry. They fit nicely together under an...more
Recently, the International Organization for Standardization (ISO) adopted a new set of standards, designated as ISO 37001, to assist organizations in their ongoing fight against bribery. As a result of recent increases in...more
This month marked the largest HIPAA settlement to-date for a single entity. Advocate Health Care Network (“Advocate”) agreed to pay $5.5 million and adopt a corrective action plan after an investigation by the Department of...more
The Virginia Department of Environmental Quality (“DEQ”) is preparing to implement revised risk assessment protocols for many of its site cleanup programs. DEQ’s new approach is called the Virginia Unified Risk Assessment...more
The Office of Civil Rights (OCR) recently uploaded two items of interest: information regarding the largest penalty to date against a single entity, Advocate Health Care Network (Advocate), and HIPAA Phase II Desk Audit...more
The Office of Civil Rights (OCR) within the U.S. Department of Health and Human Services (DHHS) recently announced that it has initiated Phase 2 of its audit program to assess Covered Entities’ and Business Associate’s...more
For our HIPAA-covered entity readers, we have asked these questions before: Have you taken a business associate inventory? Have you undertaken a comprehensive risk assessment as required by HIPAA?...more
As we have repeatedly emphasized on this blog, HIPAA Covered Entities must ensure that they have compliant business associate agreements (“BAAs”) in place with all of their business associates and must ensure that they have...more
Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called “Phase 2 Audits” are set to commence...more
Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called "Phase 2 Audits" are set to commence...more
When buyers request that sellers warrant compliance with environmental law, sellers need to appreciate that agency interpretation or agency enforcement discretion may have played a role in the seller’s apparent ongoing...more