On Jan. 6, 2025, the U.S. Department of Health and Human Services (HHS) proposed new regulations to enhance cybersecurity protections for electronic protected health information (ePHI) under the Health Insurance Portability...more
3/20/2025
/ Business Associates ,
Comment Period ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Incident Response Plans ,
Notice of Proposed Rulemaking (NOPR) ,
NPRM ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Requirements ,
Risk Assessment ,
Technology Sector
In this week’s installment of our blog series on the U.S. Department of Health and Human Services’ (HHS) HIPAA Security Rule updates in its January 6 Notice of Proposed Rulemaking (NPRM), we are exploring the proposed updates...more
In this week’s installment of our blog series on the U.S. Department of Health and Human Services’ (HHS) HIPAA Security Rule updates in its January 6 Notice of Proposed Rulemaking (NPRM), we are exploring the proposed updates...more
2/13/2025
/ Cybersecurity ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
NPRM ,
Popular ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management
In this week’s installment of our blog series on the U.S. Department of Health and Human Services’ (HHS) HIPAA Security Rule updates in its January 6 Notice of Proposed Rulemaking (NPRM), we are tackling the proposed updates...more
2/7/2025
/ Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Multi-Factor Authentication ,
NPRM ,
Regulatory Requirements ,
Technology
Bradley is launching a multipart blog series on the U.S. Department of Health and Human Services’ (HHS) proposed changes to strengthen cybersecurity protections for electronic protected health information (ePHI) regulated...more
1/16/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Employer Group Health Plans ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Notice of Proposed Rulemaking (NOPR) ,
NPRM ,
OCR ,
Risk Management
On October 11, 2024, the United States Department of Defense (DOD) published a final rule implementing its Cybersecurity Maturity Model Certification (CMMC) program, which is designed to verify that defense contractors are...more
11/12/2024
/ Certification Requirements ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
Federal Contractors ,
National Security ,
NIST ,
Pentagon ,
Popular ,
Regulatory Agenda
The Intelligence Authorization Act for Fiscal Year 2025 (S.4443) is a bold legislative step in addressing ransomware as a critical threat. The act’s provisions, from elevating ransomware to a national intelligence priority to...more
As discussed in our previous blog post, the Cybersecurity and Infrastructure Security Agency (CISA) is proposing a significant new rule to bolster the nation’s cyber defenses through mandatory incident reporting. While...more
7/22/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Security ,
Healthcare ,
Hospitals ,
Manufacturers ,
NAM ,
Proposed Rules ,
Reporting Requirements
The healthcare sector is increasingly facing cyber-threats with ransomware and hacking at the forefront. In the last five years, there has been a staggering 256% rise in significant hacking-related breaches and a 264% surge...more
A recently introduced bill in the Florida Legislature would provide businesses operating in Florida, including health care providers, with a legal defense to data breach lawsuits if they maintain robust cybersecurity measures...more
1/25/2024
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Florida ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Legislative Agendas ,
New Legislation ,
New Regulations ,
NIST ,
Regulatory Agenda ,
Risk Management ,
Safe Harbors ,
State and Local Government ,
State Legislatures
The Department of Health & Human Services (HHS) released a concept paper outlining its strategy for improving cybersecurity infrastructure within the healthcare sector. The paper calls for proposing healthcare-specific...more
On October 10, 2023, California Gov. Gavin Newsom signed SB 362 into law. The “Delete Act” is a key piece of privacy legislation designed to further protect consumer online privacy rights and place further obligations on data...more
10/24/2023
/ California ,
California Consumer Privacy Act (CCPA) ,
Compliance ,
Consumer Privacy Rights ,
Data Brokers ,
Data Deletion ,
Governor Newsom ,
Legislative Agendas ,
New Legislation ,
Personal Information ,
Regulatory Requirements
In July 2023, the Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services Office of Civil Rights (OCR) sent a joint letter to approximately 130 hospital systems and telehealth providers raising...more
8/29/2023
/ Cybersecurity ,
Disclosure ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach Notification Rule ,
OCR ,
Risk Management ,
Technology Sector ,
Telehealth ,
Tracking Systems
In an age where digital connectivity is rapidly advancing, cybersecurity has become an inescapable concern for organizations across industries. With cyber threats ranging from data breaches to ransomware attacks, it is...more
8/15/2023
/ Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Health Information Technologies ,
Healthcare ,
Long Term Care Facilities ,
Long-Term Care ,
Patient Privacy Rights ,
PHI ,
Risk Management
As cyber threats have evolved and expanded, cybersecurity has emerged as a threat to organizations across sectors, and there is more urgency than ever for companies to remain vigilant and prepared. Cybersecurity incidents can...more
In an era where our lives are ever more intertwined with technology, the security of digital platforms is a matter of national concern. A recent large-scale cyberattack affecting several U.S. federal agencies and numerous...more
6/19/2023
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Transfers ,
Digital Platforms ,
International Data Transfers ,
National Security ,
Popular ,
Ransomware ,
Software ,
Technology Sector
Tennessee has joined the growing number of states that have enacted comprehensive data privacy laws. On the final day of this year’s legislative session, the Tennessee legislature passed the Tennessee Information Protection...more
5/16/2023
/ Carve Out Provisions ,
Consumer Privacy Rights ,
Covered Entities ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Protection ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
Privacy Laws ,
State and Local Government ,
State Privacy Laws ,
Tennessee
Two years ago, the U.S. Department of Health and Human Services (HHS) Office of the National Coordinator (ONC) issued regulations under the 21st Century Cures Act advancing the interoperability of electronic health...more