As we reflect on the flurry of activity in the health care data privacy and security space in 2023 and look ahead to what will continue to be a busy 2024, we are seeing the early stages of federal agency movement to align the...more
1/26/2024
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Healthcare ,
HIPAA Privacy Rule ,
Information Blocking Rules ,
Mental Health ,
Notice of Proposed Rulemaking (NOPR) ,
OCR ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Reproductive Healthcare Issues ,
Request For Information ,
SAMHSA ,
Substance Abuse ,
Transparency
With a notably sharply worded opinion, the Fifth Circuit recently vacated over $4.3 million in penalties levied against the University of Texas M.D. Anderson Cancer Center (M.D. Anderson) by the Department of Health and Human...more
US hospitals and healthcare facilities struggling to maintain normal operations during the COVID-19 emergency, were warned this week by the federal Cybersecurity and Infrastructure Agency (CISA), the Federal Bureau of...more
As the decade winds down, it’s hard to believe that the HIPAA Privacy and Security Rules are almost twenty years old. It has been ten years since the U.S. Department of Health and Human Services (HHS) Office for Civil Rights...more
12/24/2019
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
Civil Monetary Penalty ,
Covered Entities ,
Data Breach ,
Data Security ,
Enforcement Actions ,
FBI ,
General Data Protection Regulation (GDPR) ,
Government Investigations ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
Patient Privacy Rights ,
PHI ,
Phishing Scams ,
Ransomware
As we look back on 2017, one message is clear: don’t be a Scrooge when it comes to HIPAA compliance. With ever-evolving security threats and unrelenting enforcement, regulated entities must maintain a spirit of compliance...more
A draft bill recently introduced in the U.S. Senate serves as a good reminder that compliance with data breach reporting requirements is critical. This bill follows significant, high-profile data breaches by Uber and Equifax,...more
Last week, the HHS Office for Civil Rights (OCR) launched an improved version of their HIPAA Breach Reporting Tool (HBRT), commonly referred to by OCR and regulated entities alike as the HIPAA “Wall of Shame.” OCR has also...more
On July 11, 2016, the Office for Civil Rights (OCR) released important new guidance on ransomware for hospitals and other healthcare providers and finally addressed the question of whether electronic protected health...more
7/12/2016
/ Breach Notification Rule ,
Covered Entities ,
Cyber Attacks ,
Data Breach ,
Employee Training ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Hospitals ,
New Guidance ,
OCR ,
PHI ,
Ransomware ,
Security Risk Assessments
The general definition of “personal information” used in the majority of statutes is: An individual’s first name or first initial and last name plus one or more of the following data elements: (i) Social Security number, (ii)...more
As the year winds down, we look back with a mixture of nostalgia and queasiness on the major Health Insurance Portability and Accountability Act (HIPAA) events that defined 2015. Incredibly large data breaches became...more
This Halloween, the scariest monsters might not be in your closet or under your bed. They may be overseas, orchestrating intrusions into your electronic medical record. Or they may be lurking in your own workforce, carrying...more
10/30/2015
/ App Developers ,
Audits ,
Business Associates ,
Corrective Actions ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
Fitbit ,
Hackers ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Health Apps ,
OCR ,
OIG ,
Patient Privacy Rights ,
Personally Identifiable Information ,
PHI ,
Security Risk Assessments ,
Wearable Technology
Exellus BlueCross BlueShield has announced that the personal information of at least 10 million members has been compromised in a “very sophisticated” cyberattack that occurred on December 23, 2013 and was discovered by the...more
9/14/2015
/ Blue Cross ,
Credit Monitoring ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Personal Data ,
Personally Identifiable Information
The U.S. Office of Personnel Management (OPM) announced that hackers have stolen the personal information of approximately 4 million current and former federal employees, including names, birthdates and social security...more
The New York State Department of Financial Services (the “Department”) recently released a “Report on Cyber Security in the Insurance Sector” (the “Report”). The Report was released on February 8, 2015, just four days after...more
Community Health Systems, Inc. (the “Company”), one of the largest hospital organizations in the country, announced via a public filing (Form 8K) made yesterday with the Securities and Exchange Commission (“Report”) that the...more
Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured...more
The general definition of “personal information” or “PI” used in the majority of statutes is: An individual’s first name or first initial and last name plus one or more of following data elements: (i) Social Security number,...more
The Office for Civil Rights (OCR) is closing out 2013 with a reminder of the importance of an effective HIPAA compliance program. On December 26, 2013, OCR announced a resolution agreement with a Massachusetts physician...more
The LA Times recently reported the firing of six workers at Cedars-Sinai Medical Center in connection with the unauthorized access to patient medical records. The firings occurred in the days following the birth of reality...more
As we have reported in this blog, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently released final regulations containing modifications to the HIPAA Privacy, Security, Enforcement, and...more
2/18/2013
/ Business Associates ,
Cloud Computing ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Employee Retirement Income Security Act (ERISA) ,
Fundraisers ,
HIPAA Omnibus Rule ,
HITECH Act ,
Marketing ,
Notice Requirements ,
OCR ,
PHI ,
Privacy Rule ,
Risk Assessment ,
Subcontractors ,
Training
Mintz Levin is pleased to provide this section-by-section analysis of the HIPAA Omnibus Rule.
The chart lists provisions of the proposed privacy, security and enforcement rules mandated by the Health Information...more
The final regulations from Department of Health and Human Services Office of Civil Rights (OCR) containing modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (Omnibus Rule) have finally...more
1/18/2013
/ Business Associates ,
Compliance ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
Notice Requirements ,
Notifications ,
OCR ,
Patient Privacy Rights ,
PHI ,
Subcontractors