Amy Leopard at Bradley Arant Boult Cummings LLP

WannaCry Global Ransomware Attack

A global ransomware attack began early last Friday and has affected businesses and government entities in 150 countries, including Britain’s national health system, FedEx, Spain’s Telefónica, and the Russian Interior...more

5/19/2017 / Cyber Attacks , Cybersecurity , Electronic Protected Health Information (ePHI) , FBI , Hackers , Health Care Providers , Malware , Personally Identifiable Information , Phishing Scams , Ransomware , Risk Management , US-CERT

Taking Measure of HIPAA Enforcement

Last month, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced the largest settlement to date for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA)....more

9/21/2016 / Breach Notification Rule , Business Associates , Covered Entities , Department of Health and Human Services (HHS) , Electronic Protected Health Information (ePHI) , Enforcement Actions , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Breach , OCR , Risk Management , Settlement Agreements

Data Breach Response Planning: Laying the Right Foundation

Part of Bradley Arant’s Privacy and Information Security Team’s seven-part Data Breach Toolkit Webinar Series, the “Data Breach Response Planning: Laying the Right Foundation” webinar, led by Paige Boshell and Amy Leopard,...more

Commonwealth of Kentucky enacts data breach notification law

On the heels of the widely publicized Target breach, states continue to enact legislation designed to provide notice to their citizens when a security breach involving personal data occurs. Kentucky is the latest state to...more

6/27/2014 / Data Breach , New Legislation , Notice Requirements , Personally Identifiable Information , Target

Regulatory double jeopardy? FTC enforcement of privacy and security in healthcare

How should health care companies strengthen their HIPAA compliance programs to manage the risk of a potential FTC investigation? While the U.S. Department of Health and Human Services (HHS) Office for Civil Rights...more

5/16/2014 / Data Protection , Department of Health and Human Services (HHS) , EHR , Federal Trade Commission (FTC) , Health Insurance Portability and Accountability Act (HIPAA) , Jurisdiction , OCR , PHI

Privacy and Security Alert: January 9th, 2014

On December 5, 2013, the Office of Inspector General (OIG) reported on the Office for Civil Rights’ (OCR) compliance as of May 2011 with oversight and enforcement of the Security Rule and compliance with federal cybersecurity...more

1/10/2014 / Centers for Medicare & Medicaid Services (CMS) , Compliance , Confidential Information , Cybersecurity , Department of Health and Human Services (HHS) , Electronic Medical Records , Health Information Technologies , Health Insurance Portability and Accountability Act (HIPAA) , HITECH Act , NIST , OCR , OIG , Patient Privacy Rights , Personally Identifiable Information , Right to Privacy , Security Audits , Security Rule

Final EHR Donation Rules Issued in Time for the New Year

On December 27, 2013, the U.S. Department of Health and Human Services’ (HHS) Office of Inspector General (OIG) and the Centers for Medicare & Medicaid Services (CMS) issued final rules revising the Stark exception (42 CFR...more

12/31/2013 / Anti-Kickback Statute , Centers for Medicare & Medicaid Services (CMS) , Department of Health and Human Services (HHS) , EHR , Electronic Medical Records , Laboratories , OIG , Physicians , Safe Harbors , Stark Law

2013 – The Health Law Year in Review

As 2013 draws to a close, we are pleased to look back on the year that was and highlight some of the key developments in the ever-changing field of health law. While a great deal of attention was focused on the implementation...more

12/30/2013 / Acquisitions , Affordable Care Act , Centers for Medicare & Medicaid Services (CMS) , Drug Compounding , Health Insurance Exchanges , Health Insurance Portability and Accountability Act (HIPAA) , Healthcare.gov , HITECH Act , Hospitals , Medicaid Expansion , Medicare Part A , Mergers , MHPAEA , Physician Payments , Physician-Owned Distributors , Stark Law

Checklist for Covered Entities and Business Associates

As the countdown to the compliance deadline for the Health Information Technology for Economic and Clinical Health (HITECH) Act Omnibus Rule begins, we offer the following as a reminder of tasks that covered entities,...more

9/2/2013 / Breach Notification Rule , Covered Entities , Data Breach , Data Protection , Health Insurance Portability and Accountability Act (HIPAA) , HITECH Act , PHI

The Sunshine Act Final Rule: CMS Sheds Light on Reporting Physician and Teaching Hospital Payments

On February 1, 2013, the Centers for Medicare & Medicaid Services (CMS) released a final rule implementing the Physician Payment Sunshine Act (the “Act”). The Act requires certain manufacturers of covered drugs, devices, and...more

2/22/2013 / Applicable Manufacturers , Biologics , Centers for Medicare & Medicaid Services (CMS) , Covered Recipients , Disclosure Requirements , Medical Devices , Medical Supplies , Payment Records , Pharmaceutical Industry , Physician Ownership , Physicians , Research Funding , Sunshine Act , Teaching Hospitals , Transfers of Value

HIPAA and HITECH Privacy and Security Rule Update: Final Omnibus Rule

The Office of Civil Rights (“OCR”) of the Department of Health and Human Services (“HHS”) published today the much anticipated final omnibus rule implementing the Health Information Technology for Economic and Clinical Health...more

1/28/2013 / Business Associates , Compliance , Covered Entities , Data Breach , Data Protection , Enforcement , Fundraisers , GINA , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Omnibus Rule , HITECH Act , Marketing , Notice Requirements , OCR , PHI , Privacy Rule

Amy Leopard

Bradley Arant Boult Cummings LLP

Popular Topics by This Author

Latest Publications