News & Analysis as of May 6, 2025

Healthcare

+ Follow

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk... more +

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk management, global regulations, data protection, leaks, hacking, cyber insurance, compliance, HIPAA, and every other aspect of cybersecurity of import to corporate readers right now. less -

$1.5M Warby Parker Fine a Holdover; OCR Focuses On Men in Sports, Antisemitism, ‘Biological Truth’

Health Care Compliance Association (HCCA) on 3/12/2025

Nearly six years to the day that Warby Parker reported a breach affecting nearly 200,000 individuals, the HHS Office for Civil Rights (OCR) imposed a $1.5 million fine on the eyewear giant. Investigated by OCR under the Biden...more

Recent Developments in Health Care Cybersecurity and Oversight: 2024 Wrap Up and 2025 Outlook

Epstein Becker & Green on 1/16/2025

As Cyberattacks targeting the health care sector have continued to intensify over the past year, including ransomware attacks that have resulted in major data breaches impacting health care organizations, the protection of...more

OIG Recommends Changes to HIPAA Audit Program to Strengthen Data Protections, Implications for Regulated Entities

Brooks Pierce on 12/5/2024

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is required by law to perform periodic audits of covered entities and business associates to ensure their compliance with HIPAA Security Rule...more

‘I Will Not Rest’; ‘I Am All In’: Remarkable Breach Hearing Sees Pledges by UHG CEO, Sen. Wyden

Health Care Compliance Association (HCCA) on 5/13/2024

United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more

Privacy Briefs: May 2024

Health Care Compliance Association (HCCA) on 5/13/2024

Kaiser Permanente is notifying 13.4 million current and former members that their personal information may have been compromised when it was transmitted to tech giants Google, Microsoft Bing and X (formerly Twitter) when...more

Operational Implications of the New Bulk Sensitive Data Executive Order

Ankura on 5/7/2024

On February 28, 2024, President Biden signed Executive Order 14117 (the EO), on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” The United...more

11 Years After First Disclosure, L.A. Care Pays $1.3M, Says ‘Processing Errors’ Caused Breaches

Health Care Compliance Association (HCCA) on 10/6/2023

Report on Patient Privacy 23, no. 10 (October, 2023) By 2016, it should have been clear to HIPAA covered entities that a security risk analysis—and corresponding risk management plan—were compliance basics. Yet, a new...more

Cyber Incident Reporting Requirements To Be Implemented Under the Cyber Incident Reporting for Critical Infrastructure Act of 2022...

Lowenstein Sandler LLP on 9/12/2023

Background: In March 2022, President Joe Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) into law, ushering in a new era of enhanced cybersecurity measures. This legislation...more

OCR Alerts Listservs About Fake Phishing Email to Covered Entities and Business Associates

Robinson+Cole Data Privacy + Security Insider on 12/2/2016

On November 28, 2016, the Office for Civil Rights (OCR) issued an Alert to its listservs that a phishing email is being circulated on “mock HHS Departmental letterhead under the signature of OCR”s Director, Jocelyn Samuels”...more

OCR Stresses Importance of Authentication in Newsletter

Robinson+Cole Data Privacy + Security Insider on 11/21/2016

In a recent newsletter, the Office for Civil Rights (OCR) encourages health care organizations to review their procedures around authentication and “ensure that they have the appropriate safeguards in place.”...more

HHS Publishes New Guidance on HIPAA and Cloud Computing

Stinson LLP on 10/27/2016

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued a new guidance regarding HIPAA compliance and the use of cloud computing solutions. The guidance is intended to assist covered entities...more

OCR Releases HIPAA Guidance on Cloud Computing

Robinson+Cole Data Privacy + Security Insider on 10/11/2016

On October 6, 2016, the Department of Health and Human Services Office for Civil Rights (OCR) released HIPAA guidance on cloud computing (Guidance). The Guidance is intended to help covered entities and business associates...more

GAO Study Slams HHS For Lack of Guidance to Covered Entities

Robinson+Cole Data Privacy + Security Insider on 10/10/2016

We watch closely for any guidance to HIPAA covered entities and business associates from the Department of Health and Human Services Office for Civil Rights (HHS/OCR). Why? Because there is so little of it. Lately, the only...more

Alphabet Soup and Data Security

Bilzin Sumberg on 10/19/2015

In the span of two days, mobile device users learned of two data breaches that could compromise their personal data. In one, Experian (a credit reporting agency) reported that it was hacked, potentially putting 15 million...more

Privacy, Security, Risk: What You Missed At IAPP Conference

Orrick, Herrington & Sutcliffe LLP on 10/15/2015

Earlier this month, privacy and security professionals from around the globe gathered for “Privacy. Security. Risk. 2015”—the second joint conference between the International Association of Privacy Professionals and the...more

Don't Wait for It; Recent HIPAA Enforcement Action Signal More to Come in Phase 2 Audits

Orrick, Herrington & Sutcliffe LLP on 9/21/2015

Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called "Phase 2 Audits" are set to commence...more

$750,000 Settlement Agreement Reiterates Importance of HIPAA Security Rule Compliance

Saul Ewing LLP on 9/4/2015

On September 2, 2015, the U.S. Department of Health and Human Services ("HHS") announced that it had entered into a Settlement Agreement with an Indiana-based medical practice for alleged violations of the Health Insurance...more

Pharmacies: Watch Out for Future HHS Crackdowns on Security Rule Violations

Baker Donelson on 4/7/2015

As we all know by now, HIPAA required the Secretary of the U.S. Department of Health and Human Services (HHS) to adopt regulations protecting the privacy of "protected health information" (PHI). HHS responded to that...more

It’s No Surprise: Health Care Data Breaches Are on the Rise and So Is Government Enforcement

Polsinelli on 7/29/2014

In This Issue: - The Take-Aways for Covered Entities and Business Associates - For More Information - Excerpt from The Take-Aways for Covered Entities and Business Associates: As a majority of the...more

How To Catch-Up in a Revised HIPAA World

Smith Anderson on 1/6/2014

The HIPAA final omnibus rule (Omnibus Rule) made sweeping changes to the HIPAA Privacy, Security, Breach Notification and Enforcement Rules earlier this year. Although the compliance deadline of September 23, 2013 has come...more

20 Results

View per page

Page: of 1

Cybersecurity › Covered Entities › Healthcare

"My best business intelligence, in one easy email…"