Episode 365 -- Four Sanctions Cases Everyone Should Know
UPIC Audits
Compliance Tip of the Day: The role of Compliance in Auditing AI
California Employment News: Taking Advantage of the PAGA Reform – How Employers Can Lower Their Risk of PAGA Liability
Auditing Your Hotline and Case Management System
Hospice Insights Podcast - Controlling the Narrative: A New Tactic for Auditors and ALJs
Improving Your Code of Conduct
Now Is the Time to Conduct I-9 Audits: What's the Tea in L&E?
Preparing for — and Surviving — an OFCCP Audit
Hospice Insights Podcast - Meet the New Laws, Same as the Old Laws: Overpayment Recoupment Update
AGG Talks: Home Health & Hospice Podcast - Episode 6: Navigating the Audit Maze: Insights From Northeast Georgia Health System
Hospice Insights Podcast - What's the Latest on UPICs? Highlights From Recent Audit Activity, Part II
5 Key Takeaways | 2024 Emerging Trends: Delaware Unclaimed Property VDA and Multistate Audits
Common Scenarios Triggering False Claims Act Violations, Part 3: Claims and Investigations
Compliance Tip of the Day: Machine Learning for Internal Audit
DE Under 3: OFCCP Changes Up Important Technical Details of its Audit Selection Process in First FY 2024 CSAL
Preparing for a Government Healthcare Audit
What Can A Tax Attorney Do For You? A Podcast With Janathan Allen
Navigating GSA Audits Compliance Strategies and Best Practices
DE Under 3: US DOL Inspector General’s Office Plans to Review Effectiveness of OFCCP Compliance Evaluations
This monthly report outlines key developments in China’s data protection sector for March. The following events merit special attention...more
In the high-stakes world of legal due diligence, the security and confidentiality of sensitive information are paramount. With the increasing volume of electronically stored information (ESI) and the complexity of modern...more
In the fourth in our series of new CCPA regulations from California, we look at both cybersecurity audit obligations as well as the impact of the CCPA on the insurance industry. Cybersecurity Audits The proposed rules address...more
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is required by law to perform periodic audits of covered entities and business associates to ensure their compliance with HIPAA Security Rule...more
In 2024, the U.S. Department of Health and Human Services Office of Civil Rights (“OCR”) Director Melanie Fontes Rainer announced that OCR will resume auditing Health Information Portability and Accountability Act (“HIPAA”)...more
On February 28, 2024, President Biden signed Executive Order 14117 (the EO), on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” The United...more
If you have a tendency to reuse the same password across multiple accounts, you could be leaving yourself (and your organization) exposed to risk. Credential stuffing, the stealthy technique fueling a recent explosion of...more
Healthcare organizations continue to be prime targets of cyberattacks. It is well-established that cyberattacks can lead to financial loss, reputational damage, and, in some cases, risks to patient care and safety. The recent...more
The ever-increasing privacy and security risks via third-party vendors and service providers were apparent in 2023 with news of large organizations such as MOVEit, Okta and AT&T being affected. Research has shown that 98...more
To celebrate Data Privacy Day (January 28), we present our top ten data privacy and cybersecurity predictions for 2024. 1. AI regulations to protect data privacy. Automated decision-making tools, smart cameras, wearables,...more
The California Privacy Protection Agency (“CPPA”) issued and discussed draft regulations on Cybersecurity Audits and Risk Assessments late in the summer. The CPPA Board plans to discuss the draft regulations at its upcoming...more
Global Privacy Controls, vendor management, sensitive personal information, and the use of Ad Tech; new U.S. state data protection laws introduce twists to traditional notions of American data protection law. In the U.S.,...more
California continues to forge ahead on potential new privacy, cybersecurity, and artificial intelligence (AI) obligations, including through its California Consumer Privacy Act (CCPA) rulemaking process and by launching a new...more
The five-member Board of the California Privacy Protection Agency (the “CPPA”) held a public meeting on September 8, 2023, to discuss a range of topics, most notably, draft regulations relating to risk assessments and...more
On September 8, 2023, the California Privacy Protection Agency (CPPA) will discuss the two new sets of proposed California Privacy Protection Act (CCPA) regulations. Here is a breakdown of the two new proposed regulations and...more
On August 29, 2023, the California Privacy Protection Agency (“CPPA”) released a set of draft regulations on cybersecurity audits and risk assessments. For those who recall the multiple rounds of the CPPA’s draft CCPA...more
Explore the unique issues that are pertinent to managed care professionals! This annual event dedicated to compliance management for health plan providers is returning to an in-person format for 2024. Join your peers and...more
Keypoint: Although they are only draft regulations and not part of the formal rulemaking process, the drafts demonstrate the Agency’s intent to create extensive obligations for businesses subject to these regulations. In...more
The Department of Defense Inspector General (DoDIG) recently released its “Audit of the DoD’s Implementation and Oversight of the Controlled Unclassified Information [CUI] Program” (DODIG-2023-078). The audit highlights some...more
Some states will affirmatively require annual audits of a business’s data collection and processing practices and—in some cases—to submit those audits to state regulators. With new US state data protection laws taking...more
It has been a bustling fall for the California Privacy Protection Agency (CPPA or Agency). In the spirit of the upcoming holiday season, the Agency gifted us not one but two rounds of proposed modifications to the regulations...more
Editor’s Note: On July 27, 2022, HaystackID shared an educational webcast on the topic of Committee on Foreign Investment in the United States (CFIUS) compliance. CFIUS is a U.S. government interagency committee with the...more
The Sedona Conference is a widely known institute that is focused on the study of law and policy in many areas including Information Governance (IG). The Sedona Conference Commentary on Information Governance provides 11 IG...more
FTC Warns Companies to Remediate Log4j Security Vulnerability - Log4j is a ubiquitous piece of software used to record activities in a wide range of systems found in consumer-facing products and services. Recently, a...more
In light of a new DOL audit initiative and increasing cybersecurity threats to ERISA benefit plans, ERISA plan sponsors and fiduciaries should be prepared to answer some important questions: Do the cybersecurity programs of...more