The FTC issued a final rule to lock in changes to the Health Breach Notification Rule (HBNR) that it proposed in May 2023. While the HBNR began as a breach notification rule seemingly focused on a narrow set of applications...more
On April 27, 2023, Washington Governor Jay Inslee signed into law the My Health My Data Act (the "Act"), which will regulate the collection, use, and disclosure of "consumer health data" ("Consumer Health Data" or "CHD"). The...more
5/2/2023
/ Business Associates ,
Covered Entities ,
Data Privacy ,
Data Protection ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Patient Privacy Rights ,
PHI ,
Private Right of Action
HIPAA-covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of "small" breaches of unsecured protected health information that were discovered during calendar-year 2022 no...more
With 2023 underway, healthcare providers have a more complex patchwork of privacy laws than ever before to navigate. Five states have enacted general privacy laws: California, Colorado, Connecticut, Utah, and Virginia. These...more
It's that time of the year again: the opportunity to brush off your New Year's resolutions for privacy and security of health information. Here are some potential health information privacy and security resolutions for your...more
March 1, 2021, is the due date for HIPAA-covered entities to notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) about "small" breaches of unsecured protected health information discovered...more
To start off the New Year, here are some potential health information privacy and security resolutions. You can use these Annual, Quarterly, and Monthly lists to map out your privacy and security tasks for the year, and then...more
As a reminder that state attorneys general have enforcement authority over breach notifications, the New York Attorney General recently announced a $130,000 settlement for a failing to provide breach notification in a...more
On January 18, 2017, the Department of Health and Human Services Substance Abuse and Mental Health Services Administration (“SAMHSA”) published a final rule amending 42 C.F.R. Part 2 (“Part 2”), with an effective date that...more
The Code of Federal Regulations has recently published the 2016 version of the HIPAA regulations. This is the most up-to-date “official” version of the HIPAA regulations....more
As the health care sector further embraces the benefits of cloud computing, numerous challenges have arisen with applying HIPAA to cloud computing services....more
A stolen unencrypted USB drive led to a $2.2 million settlement and a Resolution Agreement. The Department of Health and Human Services Office for Civil Rights (OCR) announced on January 18th a settlement with MAPFRE Life...more
Covered entities and business associates can expect increased scrutiny for breaches of unsecured protected health information affecting fewer than 500 individuals. Starting August 2016, the U.S. Department of Health and Human...more
In this webinar, we will demystify the HIPAA Security Rule and how to apply the administrative, physical, and technical safeguards in a mobile environment. We will discuss key takeaways from the recently released NIST Draft...more
9/4/2015
/ Data Breach ,
Data Protection ,
Data Security ,
Electronic Medical Records ,
Health Insurance Portability and Accountability Act (HIPAA) ,
mHealth ,
Mobile Apps ,
Mobile Devices ,
NIST ,
Patient Privacy Rights ,
Popular ,
Webinars