As the healthcare sector continues to be a top target for cyber criminals, the Office for Civil Rights (OCR) issued proposed updates to the HIPAA Security Rule (scheduled to be published in the Federal Register January 6). It...more
1/2/2025
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Plan Sponsors ,
HITECH Act ,
Incident Response Plans ,
Malware ,
OCR ,
PHI ,
Policies and Procedures ,
Risk Assessment ,
Risk Management
Announcing its fourth ransomware cybersecurity investigation and settlement, the Office for Civil Rights (OCR) also observed there has been a 264% increase in large ransomware breaches since 2018....more
9/30/2024
/ Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Multi-Factor Authentication ,
OCR ,
PHI ,
Policies and Procedures ,
Ransomware ,
Risk Assessment ,
Risk Management
If there is one thing artificial intelligence (AI) systems need is data and lots of it as training AI is essential for achieving success for a given use case. A recent investigation by Australia’s privacy regulator into the...more
9/26/2024
/ Artificial Intelligence ,
Australia ,
Consent ,
Cybersecurity ,
De-Identification ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Office of Australian Information Commissioner (OAIC) ,
PHI ,
Training
On April 22, 2024, the federal Department of Health and Human Services’ Office for Civil Rights (OCR) announced a final rule enhancing privacy protections relating to reproductive health care. Specifically, the final rule...more
The explosion of generative AI has spawned a wide range of personal and professional tools and applications. One noteworthy (no pun intended) example of those tools and applications is notetakers that can capture, transcribe,...more
For healthcare providers and health systems covered by the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), a breach of unsecured protected health information (PHI)...more
1/29/2024
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Mining ,
Data Protection ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
PHI ,
Subcontractors ,
Vendors
Recently, things may have sped up a little in your doctor’s office. The notes for your recent visit may have been organized and filed a little more quickly. You might have received assistance sooner than expected with a...more
The Department of Health and Human Services and the Federal Trade Commission have sent a joint letter to approximately 130 hospital systems and telehealth providers to emphasize the risks and concerns about the use of...more
7/21/2023
/ Data Privacy ,
Department of Health and Human Services (HHS) ,
Facebook ,
Federal Trade Commission (FTC) ,
Google ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
OCR ,
PHI ,
Technology ,
Telehealth ,
Web Tracking
On June 26, 2023, the Governor of Connecticut signed Senate Bill (SB) 3 which set forth new requirements related to consumer health data and protections for minors online.
As Connecticut’s comprehensive consumer privacy...more
On June 7, 2023, Montana’s Governor signed Senate Bill (SB) 351 which revises the state’s privacy law pertaining to genetic information.
This legislation takes effect on October 1, 2023.
Covered Entity-
Businesses...more
Unhappy consumers, including patients, are free to express dissatisfaction with services they receive from providers on popular social media or online review platforms, such as Yelp and Google. At least in the healthcare...more
6/6/2023
/ Corrective Action Plans (CAPs) ,
Department of Health and Human Services (HHS) ,
Google ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mental Health ,
New Jersey ,
OCR ,
Online Reviews ,
PHI ,
Yelp
We have written several times about U.S. Department of Health and Human Services Office for Civil Rights’ “HIPAA Right of Access Initiative.” In its most recent enforcement action under the Initiative, the 44th such...more
Since the privacy and security regulations were issued under the federal Health Insurance Portability and Accountability Act (HIPAA), critics pointed to the limitations on the reach of those rules. A critical limitation...more
Last month, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a bulletin with guidance concerning the use of online tracking technologies by covered entities and business associates...more
As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our Top 10 most popular posts of 2022:.....more
12/23/2022
/ Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Cyber Insurance ,
Dashcams ,
Data Breach ,
Data Collection ,
Environmental Social & Governance (ESG) ,
Greenwashing ,
OCR ,
Online Reviews ,
PHI ,
SHIELD Act ,
Tracking Systems ,
Web Tracking
We have been quite busy this October, which happens to be National Cybersecurity Awareness Month. But, we did not want to let the month go by without some recognition; and we are grateful to the HHS Office for Civil Rights...more
A $300,640 settlement announced yesterday by the Office for Civil Rights (OCR) provides important reminders about HIPAA Privacy Rule and data privacy practices generally: robust data disposal practices are critical and...more
It can be cathartic responding to a negative online review. It can also backfire, as can failing to cooperate with an OCR investigation as required under HIPAA.
The Office for Civil Rights (OCR) recently announced four...more
The Federal Trade Commission (“FTC”) recently issued an important policy statement to health apps and other connected devices that collect or use consumers’ health information. The FTC’s policy statement effectively...more
When use or disclosure of an individual’s health information or medical records is at issue, the assumption seems to be, much more often than not, that the HIPAA privacy and security rules apply. This has certainly been the...more
10/1/2021
/ Americans with Disabilities Act (ADA) ,
Anti-Discrimination Policies ,
Coronavirus/COVID-19 ,
Disclosure ,
Employment Records ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Medical Records ,
OCR ,
OSHA ,
Personal Information ,
PHI ,
Physicians ,
Vaccinations
Since the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule became effective in 2003, it generally required covered entities to provide patients timely access to their medical records. Of...more
7/23/2021
/ 21st Century Cures Act ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Information Blocking Rules ,
OCR ,
OIG ,
PHI ,
Right-To-Access
A small New Jersey plastic surgery practice, Village Plastic Surgery (“VPS”), has become the eighteenth HIPAA covered entity to face an enforcement action under the Office for Civil Right’s HIPAA Right of Access Initiative....more
On April 3, the Office for Civil Rights (OCR) issued an alert to covered entities and business associates. Evidently, one or more individuals are posing as OCR Investigators and contacting HIPAA covered entities and business...more
The Office for Civil Rights (OCR) has been moving swiftly to provide guidance on addressing key regulatory issues to aid in the fight to contain and defeat COVID-19. Some of the latest developments include exercising its...more
With first responders on the front lines of helping to fight the coronavirus, sharing information about potential exposure to COVID-19 is critical to protecting them and preventing further spread. In these situations, the...more