On Jan. 6, 2025, the U.S. Department of Health and Human Services (HHS) proposed new regulations to enhance cybersecurity protections for electronic protected health information (ePHI) under the Health Insurance Portability...more
3/20/2025
/ Business Associates ,
Comment Period ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Incident Response Plans ,
Notice of Proposed Rulemaking (NOPR) ,
NPRM ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Assessment ,
Technology Sector
In this final blog post in the Bradley series on the HIPAA Security Rule notice of proposed rulemaking (NPRM), we examine how the U.S. Department of Health and Human Services (HHS) Office for Civil Rights interprets the...more
In this week’s installment of our blog series on the U.S. Department of Health and Human Services’ (HHS) HIPAA Security Rule updates in its January 6 Notice of Proposed Rulemaking (NPRM), we are exploring the justifications...more
Bradley is launching a multipart blog series on the U.S. Department of Health and Human Services’ (HHS) proposed changes to strengthen cybersecurity protections for electronic protected health information (ePHI) regulated...more
1/16/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Employer Group Health Plans ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Notice of Proposed Rulemaking (NOPR) ,
NPRM ,
OCR ,
Risk Management
The Department of Health & Human Services (HHS) released a concept paper outlining its strategy for improving cybersecurity infrastructure within the healthcare sector. The paper calls for proposing healthcare-specific...more
On January 26, 2023, the U.S. National Institute of Standards and Technology (NIST) released the Artificial Intelligence (AI) Risk Management Framework (AI Risk Management Framework 1.0), a voluntary guidance document for...more
On January 26, 2023, the U.S. National Institute of Standards and Technology (NIST) released the Artificial Intelligence (AI) Risk Management Framework (AI Risk Management Framework 1.0), a voluntary guidance document for...more
Don’t forget that the required end-of-the-year reporting of any small breaches of unsecured protected health information (PHI) that were discovered in 2018 is coming up. Under the Health Insurance Portability and...more
2/13/2019
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Filing Deadlines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Reporting Requirements
On June 18, 2018, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that an HHS Administrative Law Judge (“ALJ”) granted summary judgment to OCR in an enforcement action...more
8/2/2018
/ Administrative Hearings ,
Administrative Law Judge (ALJ) ,
AHLA ,
Civil Monetary Penalty ,
Confidential Information ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Electronic Protected Health Information (ePHI) ,
Encryption ,
Enforcement Actions ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Patient Privacy Rights ,
Risk Assessment ,
Summary Judgment
On September 7, Equifax, one of three nationwide credit-reporting agencies that compile and evaluate the financial history of consumers, announced that it suffered a security breach in which sensitive information of...more
9/18/2017
/ Centers for Medicare & Medicaid Services (CMS) ,
Credit Reporting Agencies ,
Credit Reports ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Equifax ,
Federal Trade Commission (FTC) ,
Government Investigations ,
Hackers ,
Personally Identifiable Information ,
Popular
A global ransomware attack began early last Friday and has affected businesses and government entities in 150 countries, including Britain’s national health system, FedEx, Spain’s Telefónica, and the Russian Interior...more
5/19/2017
/ Cyber Attacks ,
Cybersecurity ,
Electronic Protected Health Information (ePHI) ,
FBI ,
Hackers ,
Health Care Providers ,
Malware ,
Personally Identifiable Information ,
Phishing Scams ,
Ransomware ,
Risk Management ,
US-CERT
Part of Bradley Arant’s Privacy and Information Security Team’s seven-part Data Breach Toolkit Webinar Series, the “Data Breach Response Planning: Laying the Right Foundation” webinar, led by Paige Boshell and Amy Leopard,...more
9/17/2015
/ Banking Sector ,
Banks ,
Breach Notification Rule ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Federal Trade Commission (FTC) ,
FFIEC ,
Financial Institutions ,
FTC v Wyndham ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Incident Response Plans ,
Information Sharing ,
NIST ,
Privacy Concerns ,
Wyndham
On December 5, 2013, the Office of Inspector General (OIG) reported on the Office for Civil Rights’ (OCR) compliance as of May 2011 with oversight and enforcement of the Security Rule and compliance with federal cybersecurity...more
1/10/2014
/ Centers for Medicare & Medicaid Services (CMS) ,
Compliance ,
Confidential Information ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
NIST ,
OCR ,
OIG ,
Patient Privacy Rights ,
Personally Identifiable Information ,
Right to Privacy ,
Security Audits ,
Security Rule