News & Analysis as of September 19, 2024

Compliance › Data Protection › Department of Health and Human Services (HHS)

+ Follow

Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory violations. ... more +

Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory violations. In response to many corporate scandals evidencing rampant unethical business practices, many nations, including the United States, began passing strict regulatory frameworks aimed at curbing these abuses. Notable pieces of legislation in this area include the U.S. Foreign Corrupt Practices Act (FCPA), Sarbanes-Oxley (SOX), and the U.K. Bribery Act, to name a few. The foregoing statutes and the severe penalties often associated with them form the basis of many modern institutional compliance programs. less -

Healthcare Organizations Can Meet New HHS Cybersecurity Goals with the Help of Tabletop Exercises

Epiq on 5/7/2024

In today’s digital age, securing sensitive healthcare data is paramount. With the rise in cyber threats targeting healthcare organizations, the Department of Health and Human Services (HHS) has taken proactive steps to...more

Responding to a Third-Party Data Breach: Practical Legal and Compliance Steps

Arnall Golden Gregory LLP on 3/21/2024

Cyberattacks and data incidents are rapidly increasing, and third-party services companies are a frequent source of exposure for healthcare providers. Healthcare is a prime target for cybercriminals, with ransomware and...more

2024 Update: Regulators Use “Carrots and Sticks” to Incentivize Healthcare Sector Cybersecurity Compliance

Epstein Becker & Green on 3/15/2024

Healthcare organizations continue to be prime targets of cyberattacks. It is well-established that cyberattacks can lead to financial loss, reputational damage, and, in some cases, risks to patient care and safety. The recent...more

HHS Publishes ‘Voluntary’ Healthcare Cybersecurity Performance Goals in Record Time but Leaves Questions Unanswered

BakerHostetler on 2/9/2024

As previously reported in this blog, on Dec. 6, 2023, the Department of Health and Human Services (HHS or the Department) released a “concept paper,” which laid out its vision of future action regarding healthcare...more

‘An Unknown Individual Walked In’: Protecting Against Telehealth Risks Includes Non-IT Threats

Health Care Compliance Association (HCCA) on 2/9/2024

The HHS Office for Civil Rights (OCR) and other government agencies aren’t just worried that providers understand—and mitigate—the privacy and security risks of telehealth. In fact, in 2022, the Government Accountability...more

Privacy Briefs: November 2023

Health Care Compliance Association (HCCA) on 11/10/2023

Report on Patient Privacy 23, no. 11 (November, 2023) The American Hospital Association (AHA) is urging federal lawmakers to intervene with the HHS Office for Civil Rights (OCR) so that hospitals and health systems can...more

Privacy Briefs: October 2023

Health Care Compliance Association (HCCA) on 10/6/2023

Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more

A HIPAA Privacy Notice A Day Keeps The Doctor Away (And Out Of Trouble)

DarrowEverett LLP on 1/26/2023

The start of 2023 has brought with it significant changes to data privacy – new state laws concerning data privacy came into effect January 1 (the California Privacy Rights Act and the Virginia Consumer Data Protection Act),...more

[Virtual Event] Richmond Regional Healthcare Compliance Conference - December 9th, 8:25 am - 4:30 pm EST

Health Care Compliance Association (HCCA) on 11/9/2022

General and specialty compliance training from the comfort of your home or office! HCCA’s Regional Healthcare Compliance Conferences provide practitioners with virtual compliance training that includes updates on the...more

Get Ready for HIPAA Questions on Your Recognized Security Practices

Holland & Knight LLP on 8/31/2021

An amendment to the Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law on Jan. 5, 2021, directing U.S. Health and Human Services (HHS) to consider "recognized security practices"...more

After a Breach Is Too Late: Ensure BA, Subcontractor Compliance Now

Health Care Compliance Association (HCCA) on 3/25/2021

Report on Patient Privacy 21, no. 3 (March 2021) - Sometime during the fall, a worker for a subcontractor of Humana Inc. decided to share actual member information from medical records via a Google document with people he...more

COVID-19 and Data Protection Compliance in the US

White & Case LLP on 4/15/2020

Irrespective of your industry, the current COVID-19 pandemic poses a new and unique challenge to organizations, their employees, and their customers. The emergence of COVID-19 has prompted organizations to collect and process...more

Compliance: Top Takeaways from Foley and PYA’s Annual “Let’s Talk Compliance” Event

Foley & Lardner LLP on 2/11/2020

For the second year in a row, Foley & Lardner LLP and PYA hosted a compliance master class on various health-related compliance issues. “Let’s Talk Compliance” is an annual one-day event featuring a panel of presenters that...more

[Event] Regional Compliance & Ethics Conference - February 27th - 28th, Anchorage, AK

Society of Corporate Compliance and Ethics... on 2/6/2020

This two-day Regional Compliance and Ethics Conferences provide attendees with a forum to interact with local compliance professionals, share information about your compliance successes and challenges, and create educational...more

Alphabet Soup and Data Security

Bilzin Sumberg on 10/19/2015

In the span of two days, mobile device users learned of two data breaches that could compromise their personal data. In one, Experian (a credit reporting agency) reported that it was hacked, potentially putting 15 million...more

OCR portal designed for medical mobile app developers

Robinson+Cole Data Privacy + Security Insider on 10/16/2015

The Office for Civil Rights (OCR) of the Department of Health and Human Services has launched a web based portal so medical mobile app developers can ask their “burning” questions about HIPAA compliance....more

Privacy, Security, Risk: What You Missed At IAPP Conference

Orrick, Herrington & Sutcliffe LLP on 10/15/2015

Earlier this month, privacy and security professionals from around the globe gathered for “Privacy. Security. Risk. 2015”—the second joint conference between the International Association of Privacy Professionals and the...more

HIPAA Fine Underscores OCR’s Focus on Physician Group Compliance

BakerHostetler on 10/14/2015

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced a $750,000 fine and resolution agreement, including a Corrective Action Plan (CAP), for Cancer Care Group, P.C. (CCG), a...more

OIG Reports Insufficient Oversight Of HIPAA Compliance

King & Spalding on 10/12/2015

The HHS Office for Civil Rights (OCR) must improve its oversight and enforcement of patient information privacy and security rules by “covered entities” and their business associates under the Health Information Portability...more

Is Your HIPAA Compliance Program Ready for the FTC?

Womble Bond Dickinson on 10/12/2015

Everyone in healthcare knows that the next round of HIPAA audits is coming. Covered entities and business associates have long been advised to review and update their HIPAA security risk analyses, have business associate...more

OCR Enters into $750,000 Settlement with Physician Practice for HIPAA Violations

Seyfarth Shaw LLP on 9/17/2015

On September 2, the Department of Health and Human Services Office of Civil Rights (OCR) announced a settlement with Cancer Care Group, P.C., a thirteen-physician oncology practice in Indiana related to violations of the...more

OCR settlement reiterates importance of proactive security rule compliance

Robinson+Cole Data Privacy + Security Insider on 9/17/2015

On September 2, 2015, the U.S. Department of Health & Human Services (HHS) announced that Cancer Care Group, P.C. (CCG), a physician practice located in Indiana, agreed to pay $750,000 as part of a settlement to resolve...more

Time for a HIPAA Security Check-Up!

Davis Wright Tremaine LLP on 9/9/2015

The 2015 HIPAA Security conference held by the National Institute of Standards and Technology (“NIST”) and the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) kicked off last week with OCR’s...more

Corridors September 2015 - News for North Carolina Hospitals

Poyner Spruill LLP on 8/26/2015

This article will provide an outline of some of the most significant points for hospitals to use when confronted with a formal government investigation under the Criminal or Civil False Claims Act. As noted below, you should...more

HHS issues fact sheet on HIPAA rules and resources

Robinson+Cole Data Privacy + Security Insider on 8/7/2015

The Department of Health and Human Services (HHS) has released a fact sheet on the privacy, security, and breach notification rules of the Health Insurance Portability and Accountability Act (HIPAA). Designed to apply to...more

47 Results

/

View per page

Page: of 2

Next »