Updates to Statute 1557 that Healthcare Providers Need to Know
Privacy and Healthcare Business Associates with Isabella Porter
State Law Privacy Video Series | Healthcare Entities and Health Data
Gerry Blass on Healthcare Vendor Risk Management
AGG Talks: Technology - In the Balance: Interoperability and Security
Is Your Practice's Marketing HIPAA Compliant?
Relaxed HIPAA Restrictions For Providers Using Telehealth
Compliance Perspectives: Permissible Disclosures under HIPAA, Especially in the Time of COVID-19
Polsinelli Podcasts - Confusion to Clarity on the Future of the 340B Program
Polsinelli Podcast - HIPAA Changes Overview
In the first part of this blog post, we looked into the OCR and FTC’s focus on third-party tracking technologies. We also reviewed the AHA Lawsuit and its impact for the use of tracking technologies. In this blog post, we...more
On October 16, 2024, the New York State Department of Financial Services (NYDFS) released guidance highlighting the cybersecurity risks associated with artificial intelligence (AI) and how covered entities regulated by NYDFS...more
Keypoint: The New York Department of Financial Services (NYDFS) circulated an industry letter offering guidance to NYDFS “Covered Entities” for assessing and managing AI-related cybersecurity risks, including threats...more
On October 16, 2024, the New York State Department of Financial Services (NYDFS or the “Department”) published an industry letter (the “Guidance”) regarding the increased reliance on artificial intelligence (AI) and the...more
On October 16, 2024, the New York Department of Financial Services (NYDFS) issued an Industry Letter that discusses the cybersecurity risks associated with the use of artificial intelligence (AI) and outlines strategies to...more
Late on March 27, Change Healthcare (CHC)’s parent company, UnitedHealth Group (UHG), provided an update on its analysis of the extent of “impacted data” involved in the CHC incident....more
Hospitals care about patient privacy, but they also have to connect with the public. In the real world, people mostly connect online. Having a fully functional online presence often requires help from third parties. ...more
The SEC continued its recent onslaught of proposed cybersecurity rules in mid-March with three new proposals covering a litany of entities, including investment advisers, broker-dealers, investment companies, clearing...more
On March 15, 2023, the United States Securities and Exchange Commission (“SEC”) proposed amendments to Regulation S-P that, if finalized, would place additional burdens on covered institutions when it comes to handling...more
The use of tracking technologies on websites and mobile applications (e.g., cookies) has become largely ubiquitous in our technology-driven world. Health care providers and organizations, for example, may use tracking...more
On July 29, 2022, the New York Department of Financial Services (NYDFS) published the pre-proposed second amendment to its Cybersecurity Regulations, 23 NYCRR 500 (Part 500), that if adopted, would likely require numerous...more
Covered entities received two cybersecurity wake up calls from insurance regulators this month. As we have reported, the New York State Department of Financial Services (DFS) issued its long-awaited first cyber enforcement...more
On January 28, 2020, the Department of Health & Human Services (“HHS”) Office for Civil Rights (“OCR”) addressed a federal court’s January 23rd invalidation of certain provisions of the Health Insurance Portability and...more
In prior issues, we have reported on the various requirements imposed by the New York Department of Financial Services (the DFS) Cybersecurity Regulation (23 NYCRR 500) (the Regulation) on “Covered Entities,” which are...more
Financial institutions regulated by the New York Department of Financial Services (DFS)—referred to in this post as “Covered Entities”—should by now be well familiar with the department’s sweeping cybersecurity regulation, 23...more
On January 1st, South Carolina became the first state to adopt the model insurance data security law requiring certain insurance licensees to investigate and report cybersecurity events in the state of South Carolina. The law...more
A Florida staffing agency which provides physicians to hospitals and nursing homes, has agreed to a $500,000 settlement with the U.S. Department of Health and Human Services, Office for Civil Rights. The settlement comes...more
The New York Department of Financial Services cybersecurity regulation 23 NYCRR 500 (the “Regulation”) came into effect in March 2017 and established four staggered compliance deadlines for its various requirements. By the...more
On May 29, 2018, Colorado passed House Bill 18-1128, which requires "covered entities" to comply with new rules regarding the security and disposal of "personal identifying information" (PII). The new law also provides an...more
Colorado has enacted groundbreaking privacy and cybersecurity legislation that will require covered entities to implement and maintain reasonable security procedures, dispose of documents containing confidential information...more
New York’s Department of Financial Services Cybersecurity regulation became effective March 1. According to the press release issued with the regulation, the regulation is intended to require banks, insurance companies and...more
Effective March 1, 2017, first-in-kind regulations issued by the New York Department of Financial Services (New York DFS) will begin to affect a wide array of both depository and non-depository financial institutions. The new...more
On February 16, 2017, the New York Department of Financial Institutions (“DFS“) promulgated a regulation that requires “Covered Entities” to establish and maintain a cybersecurity program designed to protect consumers and the...more
In late December, New York State’s Department of Financial Services (“DFS”) released its revised proposed cybersecurity regulation (the “DFS Rule”). While the revisions pare back some of the DFS Rule’s original requirements...more
The New York Department of Financial Services (“DFS”) recently issued a revised version of the cybersecurity rules that it first announced in the fall of last year. The rules apply to a wide range of insurance, banking, and...more