For more than 20 years, the HIPAA Security Rule has been virtually unchanged other than extending its scope beyond covered entities to also include business associates. During that time, technology has changed, cybersecurity...more
1/9/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
HIPAA Security Rule ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
Proposed Rules ,
Risk Management ,
Trump Administration
The FTC issued a final rule to lock in changes to the Health Breach Notification Rule (HBNR) that it proposed in May 2023. While the HBNR began as a breach notification rule seemingly focused on a narrow set of applications...more
Changes to guidance are unlikely to mitigate widespread concerns -
On March 18, 2024, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) revised its controversial guidance on how HIPAA applies...more
The U.S. Department of Health and Human Services ("HHS") issued a concept paper describing its overarching strategy to address healthcare cybersecurity. The concept paper builds on the Biden-Harris Administration's National...more
12/18/2023
/ Cybersecurity ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Medicare ,
OCR ,
Popular
Digital healthcare platforms using third-party tracking pixels should be on alert in light of the recent post issued by the Federal Trade Commission's new Office of Technology and the FTC's latest enforcement actions against...more
HIPAA-covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of "small" breaches of unsecured protected health information that were discovered during calendar-year 2022 no...more
With 2023 underway, healthcare providers have a more complex patchwork of privacy laws than ever before to navigate. Five states have enacted general privacy laws: California, Colorado, Connecticut, Utah, and Virginia. These...more
Consistent with the Administration’s broader effort to reduce regulatory burdens within the healthcare industry, the Sprint Regulations include proposals designed to remove barriers to the widespread adoption of cybersecurity...more
To start off the New Year, here are some potential health information privacy and security resolutions. You can use these Annual, Quarterly, and Monthly lists to map out your privacy and security tasks for the year, and then...more
The Code of Federal Regulations has recently published the 2017 version of the HIPAA regulations. This is the most up-to-date “official” version of the HIPAA regulations. We have created a version that includes PDF bookmarks...more
The Code of Federal Regulations has recently published the 2016 version of the HIPAA regulations. This is the most up-to-date “official” version of the HIPAA regulations....more
To start off the New Year, here are some potential health information privacy and security resolutions. You can use these Annual, Quarterly, and Monthly lists to map out your privacy and security tasks for the year, and then...more
What’s worse than receiving an email indicating that you have been selected for an audit by your favorite government regulator? Clicking on a link in the email and discovering that it is a phishing attack that has just...more
Recent amendments to the State’s data breach statute give a hard deadline for a business to provide consumer notice, removes encryption safe harbor, exempts entities that are subject to the Health Insurance Portability and...more
4/21/2016
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Encryption ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Incident Response Plans ,
New Legislation ,
Notification Requirements ,
Personally Identifiable Information ,
Safe Harbors
On Feb. 4, 2015, Anthem announced a data breach involving the personal information of more than 80 million individuals resulting from what it characterized as a sophisticated, targeted cyber-attack. Group health plans may be...more