BakerHostetler is closely monitoring imminent cybersecurity threats to healthcare revenue cycle management personnel and vendors.
Most recently, Change Healthcare (CHC), a healthcare technology and business management...more
2/26/2024
/ Breach Notification Rule ,
Business Associates ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
Popular ,
Technology ,
Third-Party Service Provider
The Data Security Incident Response Report features insights and metrics from 1,270+ incidents that members of the firm’s DADM Practice Group helped clients manage in 2021.
This episode gives a brief history of the Report...more
BakerHostetler is closely monitoring a Cybersecurity Advisory issued jointly by several government agencies including the United States Department of Health and Human Services (HHS) and the FBI, on October 28. ...more
10/30/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Security ,
Data Theft ,
Department of Health and Human Services (HHS) ,
FBI ,
Hackers ,
Healthcare Facilities ,
Ransomware ,
Risk Mitigation
Ransomware has hit pandemic proportions and there does not seem to be a clear end in sight. On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory regarding ransom...more
Attorneys play an important role in the incident response process. A skilled and experienced attorney can help organizations effectively respond to a security incident in a way that complies with obligations, protects key...more
Organizations across all industries, including government agencies, are facing a surge of ransomware attacks launched by cybercriminals. New types of ransomware principally causing this surge have the potential to cause...more
Cyber threats are here to stay. No company, large or small, is immune. But there are basic measures you can take to prepare for the legal and business risks associated with an attack.
Join members of BakerHostetler’s...more
Cyber threats are here to stay. No company, large or small, is immune. But there are basic measures you can take to prepare for the legal and business risks associated with an attack....more
We are excited to release our third annual BakerHostetler Data Security Incident Response Report. This report analyzes the more than 450 data security incidents we led clients through in 2016. Companies continued to...more
4/19/2017
/ Chief Compliance Officers ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Hotlines ,
Incident Response Plans ,
Ransomware
Please join BakerHostetler’s Privacy and Data Protection team for a webinar to cover the results of the 2016 BakerHostetler Data Security Incident Response Report. Trends, top causes for a security breach, and steps you can...more
The day before Thanksgiving, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the largest resolution agreement of 2015, against Lahey Hospital and Medical Center (Lahey). The...more
State breach notification statutes are being amended on almost a monthly basis. Several laws have, or will soon have, a mandatory notification deadline for notifying affected individuals after the discovery of the incident....more
9/16/2015
/ Breach Notification Rule ,
Compliance ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Homeland Security (DHS) ,
Hackers ,
Incident Response Plans ,
NIST
In our inaugural Data Security Incident Response Report (the Report), we found that regulators inquired about a company’s breach 31% of the time and multi-state state Attorneys General investigations were launched less than...more
6/2/2015
/ Business Associates ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Financial Institutions ,
Government Investigations ,
Healthcare ,
Hospitality Industry ,
Insurance Industry ,
Regulatory Agencies ,
Retailers
The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 “the year of the breach.” Most incidents are described publicly with attention-grabbing terms such as...more
Do we have any legal obligations under HIPAA? It depends on your contractual relationship with Anthem and whether the group health plan offered by your company is self-insured. If your company’s group health plan is...more
2/9/2015
/ Anthem Insurance ,
Breach Notification Rule ,
Corporate Counsel ,
Data Breach ,
Employer Group Health Plans ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personally Identifiable Information ,
PHI ,
Popular ,
Self-Insured Health Plans
Echoing guidance previously given to a nonprofit organization looking to exchange certain cybersecurity information, including exchanging actual real-time cyber threat and attack information, and others planning to exchange...more
Effective October 16, 2013, the rules governing telephone and text marketing will significantly change. Under prior Federal Communications Commission (FCC) regulations issued under the Telephone Consumer Protection Act (TCPA)...more
Natural Provisions, Inc., a Vermont health foods grocery chain, agreed to pay $30,000 to settle claims brought by the Vermont attorney general that it failed to notify consumers and the attorney general within the statutory...more
Although HIPAA does not create a private cause of action, a recent Indiana Superior Court jury verdict demonstrates that HIPAA still could play an important role in private causes of action in state court based on negligence...more
The U.S. Department of Health and Human Services (HHS) has reported a $400,000 settlement with Idaho State University (ISU) for alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)...more
The long awaited HIPAA/HITECH Final Rule became effective March 26, 2013, but covered entities, business associates and subcontractors will have until September 23, 2013, to fully comply.
...more
In This Issue:
- A Baker's Dozen of Significant Changes From the HIPAA/HITECH Rule
1. Business Associates and Subcontractors
2. Breach Notification
3. Covered Entity Organizational Structures
4. Cloud...more
3/1/2013
/ Business Associates ,
Cloud Computing ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Notice Requirements ,
OCR ,
PHI ,
Subcontractors
A tempting response to the Cybersecurity Executive Order (the "Order"), announced by President Obama at his State of the Union address, is to ignore it. It is vague in key particulars, such as which companies are part of the...more
The U.S. Department of Health and Human Services (HHS) issued, on January 17, 2013, its final omnibus rule modifying the Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy and security rules as well...more
1/29/2013
/ Business Associates ,
Covered Entities ,
Cyber Insurance ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
OCR ,
Risk Assessment ,
Risk Management
There has been a lot of discussion about the impact of Final Omnibus Rule modifying the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules as well as the breach notification rules...more