The ability of OCR to enforce expansive portions of its controversial web tracking guidance has been severely limited. A federal district court ruled that the guidance exceeded the agency’s authority, and in particular...more
This week the U.S. Department of Health and Human Services, the agency responsible for HIPAA enforcement, announced the formation of three new divisions within the Office for Civil Rights (“OCR”). The new divisions –...more
The US Department of Health Human Services (HHS) is seeking public comments about the appropriate role of “recognized security practices” in enforcement of the HIPAA Security Rule. Congress, through an amendment to the HITECH...more
The Federal Trade Commission (FTC) recently has signaled its intent to inject new life into a longstanding but rarely triggered rule governing health breach notifications for non-HIPAA-covered health records. Specifically,...more
2/28/2022
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Popular
The COVID-19 pandemic has led to the rapid expansion and widespread adoption of telehealth/telemedicine services, significantly altering how health care providers deliver—and how consumers access—medical services around the...more
The National Institute of Standards and Technology (NIST) is seeking public comment as it prepares to update its Introductory Resource Guide on implementing the Health Insurance Portability and Accountability Act (HIPAA)...more
There has been a significant development in the ongoing debate regarding the scope of the authority of the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) to issue penalties under the Health...more
Regulators, industry experts, and researchers provided insight into health privacy and security enforcement trends, emerging threats, and new tools at a recent conference focused on the Health Insurance Portability and...more
10/22/2019
/ Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
NIST ,
OCR ,
Personally Identifiable Information ,
PHI ,
Right of Access ,
Risk Assessment
On 1 October 2019 the International Medical Device Regulators Forum (IMDRF) Medical Device Cybersecurity Working Group released a draft document titled "Principles and Practices for Medical Device Cybersecurity" (IMDRF...more
10/10/2019
/ Cybersecurity ,
Food and Drug Administration (FDA) ,
Health Care Providers ,
International Medical Device Regulators Forum (IMDRF) ,
Life Sciences ,
Manufacturers ,
Medical Devices ,
Network Security ,
Pharmaceutical Industry ,
Popular ,
Regulatory Oversight ,
Vulnerability Assessments
In a dramatic turn, the US Department of Health and Human Services (HHS) has announced that effective immediately, penalties for many HIPAA violations will be subject to substantially reduced limits. ...more
Regulators provided key insights into enforcement trends and potential changes to HIPAA regulations at the 11th Annual “Safeguarding Health Information: Building Assurance Through HIPAA Security” conference in October...more
Connected medical devices deliver numerous benefits not available before, including improved monitoring of patient welfare and a wealth of vital data. But for all the advantages available through these devices, their...more
3/12/2018
/ Best Practices ,
Connected Items ,
Cyber Attacks ,
Cybersecurity ,
Data Security ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
General Data Protection Regulation (GDPR) ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet of Things ,
Life Sciences ,
Medical Devices ,
Patient Safety ,
Personal Data ,
Pharmaceutical Industry ,
Popular ,
Regulatory Oversight ,
Risk Management ,
Security Risk Assessments ,
Training