Latest Publications

Share:

Managed Care Quarterly Review: Issue 1

Tips for Managing Large Claims Disputes Part 1: Pre-Litigation Avoidance and Early Litigation Strategies - Large claims disputes brought by providers against payers are on the rise. Based on previous experience with dozens...more

A Little Help From HIPAA

HIPAA’s Security Rule requires that Covered Entities perform “periodic” Security Risk Assessments. All too often, however, this regulatory obligation is ignored altogether, performed extremely sporadically, or treated as a...more

FDA Finalizes Guidance on Interoperable Medical Devices

Recently, the U.S. Food and Drug Administration (FDA) finalized guidance summarizing its recommendations for interoperable medical devices, or devices that are connected to each other and to other technology. Noting the...more

Another Circuit Joins the Trend of Setting a “Low Bar” for Standing in Data Breach Actions

Consistent with a growing trend among courts nationwide, the D.C. Circuit Court unanimously held that a group of plaintiffs had cleared a “low bar” to establish constitutional standing for their claims in a data breach case...more

Huge Relief From eClinicalWorks Decision Not to Hold Customers Liable For Its Vendor’s Actions, But Providers Should Not Drop...

There are inherent risks in any vendor relationship. In the healthcare industry, with myriad regulatory pitfalls, the stakes can be even higher. Several customers of the cloud-based electronic health record (EHR) software...more

7/19/2017  /  CMS , EHR , HIPAA , HITECH , OCR

Increased Focus on Health Care Cybersecurity: HHS Releases Long-Awaited Report and Cyber Attack Quick-Response Checklist

The U.S. Department of Health & Human Services (HHS) issued a recent report noting that cybersecurity is a key public health concern that needs “immediate and aggressive attention.” Shortly thereafter, HHS’ Office for Civil...more

Healthcare Providers Beware: HIPAA Isn’t Your Only Concern Following a Data Breach–State Law Matters

Healthcare service provider CoPilot Support Services (“CoPilot”) recently agreed to pay a $130,000 settlement after it waited over a year to notify patients of a data breach, in violation of New York’s breach notification...more

Virginia Amends Breach Notification Law

As previously reported, the significant rise in Form W-2 phishing e-mails has prompted increased awareness surrounding these fraudulent tax schemes. Most recently, Virginia has responded to these types of attacks by amending...more

The Rising Importance of Data Privacy and Security Practices for Healthcare Entities Facing Intensified Challenges

For those in the healthcare industry, the privacy and security of information is vital to operations, but the importance and value of health information also makes the industry a prime target for threats. Studies suggest...more

ALERT: Beware of W-2 Scam!

Our Data Privacy and Security team is currently assisting multiple clients in responding to nearly identical fraudulent requests for IRS Form W-2 information. Significantly, these clients are in a number of industries and are...more

2/17/2017  /  Cybersecurity , Email , IRS , Phishing Scams , Popular , W-2

LabMD Successfully Delays FTC’s Data Security Enforcement During Appeal

In another twist in the LabMD case, LabMD has succeeded in obtaining a delay on the FTC’s enforcement action during its appeal. Of course, the substantive issues remain to be determined. In 2013, the Federal Trade...more

The Cloud Grounded: Cloud Hosts Are Business Associates Under HIPAA Security Rule

The Department of Health and Human Services Office for Civil Rights (OCR) issued long-anticipated guidance to help covered entities and their business associates — including cloud service providers (CSPs) — comply with the...more

UPDATE: Got Data? Actual Harm Not Required for FTC Enforcement Action for Lax Security Measures

As anticipated, things are getting even more exciting with the case previously covered in Password Protected. Specifically, LabMD is appealing the landmark data security case between it and the Federal Trade Commission...more

Got Data? Actual Harm Not Required for FTC Enforcement Action for Lax Security Measures

While much of Washington, D.C. is enjoying the slow and hazy days of summer, the Federal Trade Commission (FTC) is staying busy solidifying its presence as the go-to authority for data security. Most recently, on July 29,...more

HIPAA Hat Trick: Security Violations Lead to Three Major Settlements

Look no further than the last three weeks for proof that HIPAA enforcement is on the rise. Failure to maintain the security of information systems containing patient information has cost healthcare providers over $10...more

OCR Makes It Official: Ransomware Attacks Are HIPAA Breaches

Ransomware attacks appear to be increasing in frequency as well as severity. Ransomware is malicious software that encrypts data until a ransom is paid to the hacker. For healthcare providers, the inability to access...more

Just a Matter of Time: First-Ever Settlement of HIPAA Claims Against a Business Associate

On June 30, 2016, the Health and Human Services Office for Civil Rights (OCR) announced the first-ever settlement of Health Insurance Portability and Accountability Act (HIPAA) claims against a business associate. According...more

HIPAA Heats Up

Despite the issuance of the Omnibus Final Rule in 2013, HIPAA enforcement activity has remained relatively light—until recently. Indeed, compared to just a few settlements a year for the first decade that HIPAA was in force,...more

Kentucky Supreme Court Affirms Punitive Damages 386 Times Compensatory Damages; Clarifies Vicarious Liability Standards

Last month, the Kentucky Supreme Court affirmed an award of punitive damages against a hospital, under the Emergency Medical Treatment and Active Labor Act (EMTALA), that was a staggering 386 times the hospital’s share of...more

HIPAA Breach Reporting Deadline: February 29

February 29, 2016, is the deadline for providing notification to the Secretary of the Department of Health and Human Services regarding breaches of unsecured protected health information that were discovered in the 2015...more

Highlights From The 2016 OIG Work Plan

The Office of Inspector General (OIG) of the Department of Health and Human Services (HHS) has released its Work Plan for Fiscal Year 2016. The annual work plan can provide valuable insights into the OIG’s planned areas of...more

OIG Lists Cybersecurity of Medical Devices and HIPAA Among its Priorities for 2016

The Office of Inspector General’s (OIG) 2016 Work Plan, released November 3, 2015, calls for increased scrutiny of protections of electronic protected health information (“ePHI”) with respect to “networked medical devices.”...more

11/6/2015  /  Cybersecurity , EHR , HIPAA , Medical Devices , OIG

10 Million Affected by Sophisticated Cyberattack

The latest major health insurance data breach of 2015 reported by Excellus BlueCross BlueShield is considered one of the top 20 worst reported breaches of a healthcare organization. The attack affected about 7 million...more

Stolen Laptop Bag Leads to $750,000 Fine for Oncology Group

On September 2, 2015, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced a substantial settlement with an Indiana-based oncology group, Cancer Care Group, P.C. (CCG). Under the terms of...more

Hospital’s Cloud-Based Document-Sharing Practices Lead to $218,400 HIPAA Settlement

On July 10, 2015, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced a substantial settlement with St. Elizabeth’s Medical Center (SEMC). Under the terms of the settlement, the hospital...more

27 Results
/
View per page
Page: of 2

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.