Cyber whistleblowing is the newest and hottest area of exposure for organizations. All government contractors and grant recipients must develop an understanding of the use of the False Claims Act (FCA) to address...more
4/15/2022
/ Biden Administration ,
Civil Monetary Penalty ,
Compliance ,
Cyber Crimes ,
Cybersecurity ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Executive Orders ,
False Claims Act (FCA) ,
Federal Contractors ,
Federal Grants ,
Popular ,
Qui Tam ,
Risk Management ,
Whistleblowers
In a show of continued emphasis on cybersecurity enforcement from U.S. government agencies in the wake of the Biden Administration's Executive Order on Improving the Nation's Cybersecurity (Exec. Order No. 14028, May 12,...more
2/17/2022
/ Biden Administration ,
Broker-Dealer ,
Cybersecurity ,
Enforcement Priorities ,
Executive Orders ,
Investment Adviser ,
Investment Companies ,
Investment Company Act of 1940 ,
Proposed Rules ,
Public Comment ,
Securities and Exchange Commission (SEC)
In a paradigm shift for cybersecurity, President Biden signed an ambitious Executive Order (the Order) on May 12 to address the increasingly sophisticated threats by malicious cyber actors to the nation's software supply...more
On Tuesday, December 8 one of the nation's leading cyber defense vendors (FireEye) announced it suffered a recent cyber-attack from a "highly sophisticated threat actor, one whose discipline, operational security lead us to...more
12/11/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Personally Identifiable Information ,
Popular ,
Risk Management
On Tuesday, September 15, the U.S. Department of Health and Human Services Office of the National Coordinator (ONC), in partnership with the Office for Civil Rights (OCR), released an update to the previously published...more
Human resources can no longer just rely on their IT and legal counsel to focus on the concerns and issues surrounding cyberattacks. As more companies re-open and unemployment rates grow, cyber criminals are continuing to...more
On April 21, 2020, the U.S. Department of Health and Human Services released a series of announcements signaling its intention to finalize and enforce certain aspects of the Office of the National Coordinator (ONC) Cures Act...more
4/30/2020
/ Blocking Statutes ,
Centers for Medicare & Medicaid Services (CMS) ,
Civil Monetary Penalty ,
Compliance ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health IT ,
OIG ,
ONC ,
Patient Access ,
Popular ,
Proposed Rules
Due to the changing and challenging economic circumstances brought on by COVID-19, companies are now having to consider furloughing employees. All companies must consider how they will handle such moves with respect to their...more
There is no question that COVID-19 has brought unprecedented change to our world. The temporary relaxation of HIPAA's requirements is one of many examples of the government's efforts to address the public's health care needs...more
3/24/2020
/ Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
OCR ,
Public Health Emergency ,
Relief Measures ,
Telehealth ,
Telemedicine ,
Waivers
On March 16 and 17, the United States Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced limited waivers of penalties and sanctions with respect to certain HIPAA requirements due to the...more
On March 9, 2020, the U.S. Department of Health and Human Services (HHS) finalized two sets of regulations that are intended to increase patients' access to health data. As explained by HHS Secretary Alex M. Azar, "These...more
As organizations prepare for certain contingency work arrangements in response to the coronavirus (COVID-19) outbreak, companies must also focus attention on ensuring appropriate cyber hygiene. ...more
2020 OCIE Priorities -
On January 7, 2020, the Securities Exchange Commission's (SEC) Office of Compliance Inspections and Examination (OCIE) released its "2020 Examination Priorities," which included a focus on...more
Cybersecurity attacks represent a real threat to our national security and the defense industrial base. To combat these threats, the Department of Defense (DoD) recently released Cybersecurity Maturity Model Certification...more
Happy Data Privacy Day! Today, January 28, is a day to raise awareness, foster dialogue, and empower companies to act to ensure proper privacy (and security) of all types of data and information....more
Health care providers should take heed of the $10,000 settlement announced on October 2, 2019 between the U.S. Department of Health and Human Service (HHS) Office for Civil Rights (OCR) and a small dental practice based on...more
11/20/2019
/ Covered Entities ,
Dentists ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Online Reviews ,
Penalties ,
PHI ,
Physicians ,
Prior Authorization ,
Settlement ,
Unauthorized Disclosure ,
Yelp
October was National Cyber Security Awareness Month and, as its parting gift, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the Office of the National Coordinator for Health...more
In early July, a global hospitality company announced in a U.S. Securities and Exchange Commission (SEC) filing that it had been fined more than $124 million (more than £99 million) by the United Kingdom's Information...more
Organizations and their legal departments continue to deal with the repercussions of email compromises. Regardless of whether your organization is considering migration of email services to Microsoft Office 365 (O365) or...more
Effective December 2018, the Federal Energy Regulatory Commission (FERC) approved supply chain risk management Reliability Standards (Order No. 850) that require all utilities to develop and implement a security controls plan...more
On Friday, December 28, 2018, the Department of Health and Human Services (HHS) released several documents, including the "Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients," an...more
On the day before the U.S. Department of Health and Human Services, Office of the National Coordinator for Health Information Technology (ONC) Annual Meeting in Washington, D.C., the ONC released its draft Strategy on...more
Does your company qualify as a "data broker"? You may be surprised by the answer and as of January 1, 2019 your company may be subject to a new Vermont law governing such entities....more
The HHS Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) released an updated Security Risk Assessment (SRA) Tool this week. All covered entities and business...more
10/19/2018
/ Business Associates ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Duty to Update ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
ONC ,
Popular ,
Risk Mitigation ,
Security Risk Assessments
After a confusing month of contradicting guidance, the Centers for Medicare & Medicaid Services (CMS) issued a memorandum clarifying its position regarding the use of text messaging with patient information between providers....more