The HIPAA Security Rule was originally promulgated over 20 years ago.
While it historically provided an important regulatory floor for securing electronic protected health information, the Security Rule’s lack of...more
1/31/2025
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
NIST ,
Patient Privacy Rights ,
PHI ,
Proposed Rules ,
Risk Management
On August 5, 2024, the Office of the National Coordinator for Health Information Technology— now known as the Assistant Secretary for Technology Policy/Office of the National Coordinator for Health IT (“ASTP/ONC”) within the...more
New York Governor, Kathy Hochul, recently announced proposed cybersecurity rules for New York hospitals, which are due to be imminently published in the State Register on December 6, 2023, subject to approval by the Public...more
11/30/2023
/ Cybersecurity ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Healthcare ,
New York ,
Patient Privacy Rights ,
PHI ,
Popular ,
Proposed Rules ,
Regulatory Agenda ,
Regulatory Reform
On June 16, 2023, Nevada enacted Senate Bill 370 (“SB 370”), which imposes broad restrictions on the collection, use, and sale of consumer health data. This law is set to go into effect on March 31, 2024....more
On May 18, 2023, the Federal Trade Commission (FTC) filed a Notice of Proposed Rulemaking and Request for Public Comment (“NPRM”) seeking to amend the Health Breach Notification Rule (“HBNR”). We previously wrote about the...more
How does the U.S. Department of Justice (DOJ) intend to leverage its enforcement authority under the False Claims Act to advance DOJ’s recently announced Civil Cyber-Fraud Initiative?
In this episode of Diagnosing Health...more
Although the COVID-19 pandemic exposed cybersecurity vulnerabilities across sectors, it has particularly challenged the resilience of information systems for health care and life sciences companies. Because ransomware attacks...more
Recently, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), the agency enforcing the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach...more
10/19/2020
/ Breach Notification Rule ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
NIST ,
OCR ,
Popular
As consumerism in healthcare increases, companies and the individuals they serve are increasingly sharing data with third-party application developers that provide innovative ways to manage health and wellness, among numerous...more