Steps Your Nonprofit Can Take to Mitigate Fraud Risks - Part 2
A Third Party's Perspective on Third Party Risk
Why Time Matters: Partners Lindsay Gerdes and Michael J. Bronson on Swift Action in Government Investigations
Consumer Finance Monitor Podcast Episode: Why do Fintechs Want to Become Banks?
Privacy Issues from Third-Party Website Tags
What's the Tea in L&E? Employee Devices: What is #NSFW?
Episode 331- NAVEX State of Risk and Compliance Programs
What the Board Should Be Asking About the Compliance Program
Video: Artificial Intelligence Use in Political Campaigns
Episode 329 -- Bryn Sedlacek from Aravo on TPRM Holistic Risks and Unified Visibility
Compliance Lessons from Dating in Your 50s
The Justice Insiders Podcast - AI-Washing: Everything Old Is New Again
The AI Shakeup: New Tech Innovations and the Future of Corporate Law
Principled Podcast: S11E7 | Fortifying Ethical Frameworks: Navigating Emerging Risks in the Middle East
Managing Compliance Risk for Human Trafficking and Modern Slavery
Common Scenarios Triggering False Claims Act Violations, Part 3: Claims and Investigations
Navigating Bank-Fintech Partnerships: Avoiding Common Pitfalls — The Consumer Finance Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
Revisiting Financial Institution Incentive Compensation Rules Under Dodd-Frank — The Consumer Finance Podcast
Episode 325 -- AI and Emerging Compliance Frameworks
Report on Patient Privacy 23, no. 10 (October, 2023) By 2016, it should have been clear to HIPAA covered entities that a security risk analysis—and corresponding risk management plan—were compliance basics. Yet, a new...more
On June 28, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a settlement (resolution agreement and corrective action plan) with iHealth Solutions (also known as Advantum Health)...more
In a December 2022 bulletin published by the Office for Civil Rights at the U.S. Department of Health and Human Services (HHS), HHS made clear that the use of third-party tracking technologies by covered entities and business...more
The HHS Office for Civil Rights (OCR) recently imposed a $50,000 civil monetary penalty on a dental practice that disclosed patient-identifying information in response to a negative online review. The case is a reminder that...more
The Compliance Institute is celebrating 25 years! Join us for the Compliance Institute's 25th anniversary, April 19-22, 2021. This year, HCCA is excited to celebrate over two decades of compliance excellence with our...more
The Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services recently published its findings from audits conducted in 2016 and 2017 of covered entities’ and business associates’ compliance with...more
As detailed in a press release from the U.S. Department of Health and Human Services (HHS), "Metropolitan Community Health Services, doing business as Agape Health Services (Metro), has agreed to pay $25,000 to the U. S....more
Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more
In a noteworthy development, a sole practitioner gastroenterology practice recently agreed to pay $100,000 to the Office for Civil Rights of the Department of Health and Human Services (OCR) and adopt a two-year corrective...more
On October 23, 2019, the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS”) announced a $2,154,000 civil money penalty for numerous violations of the Health Insurance Portability and Accountability...more
Most health care providers are aware that the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its accompanying negotiations provide for the privacy and security of patients’ health care...more
In the top three of the list of highly sensitive personal data to be concerned about is our medical information. It’s so sensitive because it is so personal. It used to be that our medical information was located in paper...more
In its November newsletter, the Office for Civil Rights (OCR) made a great point that we are seeing in the industry—the risks associated with previous employees. According to its newsletter, entitled “Insider Threats and...more
HHS OCR issues checklist, iterative guidance in wake of WannaCry and Petya attacks; Anthem breach settlement provides additional lessons. Key Points: ..Healthcare organizations are particularly vulnerable to ransomware...more
Could a lost cell phone or laptop cost your organization millions of dollars? Mobile devices have enabled vast improvements in the efficiency and quality of healthcare delivery. ...more
We can learn some valuable lessons about compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) from settlements that are announced by the U.S. Department of Health and Human Services, Office...more
In a recent newsletter, the Office for Civil Rights (OCR) encourages health care organizations to review their procedures around authentication and “ensure that they have the appropriate safeguards in place.”...more
On October 7, 2016, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”), released a guidance document (the “Guidance”) on the HIPAA-compliant use of cloud computing technologies. The...more
Last month, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced the largest settlement to date for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA)....more
Phase 2 of the HIPAA audits is fully underway, and covered entities now can take a breath if they have not received a desk audit request. But we still are at the beginning of Phase 2, with more to come. ...more
Athletes at the Rio Olympics aren’t the only ones setting records this year. Hoping to send a “strong message” about the importance of safeguarding electronic protected health information (PHI) and conducting mandated risk...more
This month marked the largest HIPAA settlement to-date for a single entity. Advocate Health Care Network (“Advocate”) agreed to pay $5.5 million and adopt a corrective action plan after an investigation by the Department of...more
On August, 4, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced that Advocate Health Care Network (Advocate) agreed to pay a settlement amount of $5.55 million and adopt a...more
Advocate Health Care Network, which operates 12 hospitals and more than 200 other treatment centers in Chicago and central Illinois, has agreed to the largest settlement to date with the Office for Civil Rights (“OCR”) for...more
On Thursday, August 4, 2016, the U.S. Department of Health & Human Services, Office of Civil Rights (OCR) announced the largest settlement ever with a single entity for multiple potential Health Insurance Portability and...more