News & Analysis as of

Cybersecurity Office of Civil Rights Breach Notification Rule

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk... more +
Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk management, global regulations, data protection, leaks, hacking, cyber insurance, compliance, HIPAA, and every other aspect of cybersecurity of import to corporate readers right now.   less -
Health Care Compliance Association (HCCA)

With Nod to OCR, Indiana Inks $350K Deal With Dental Firm Following Hack

Health Care Compliance Association (HCCA) on

Recent federal enforcement actions have brought home the lesson that there’s really no acceptable reason for denying a patient timely access to medical records. Last year, for example, the HHS Office for Civil Rights (OCR)...more

Foley & Lardner LLP

OCR Says HIPAA Audits Will Resume: OIG Makes Recommendations for Enhancement

Foley & Lardner LLP on

Recognizing the increasing number of successful cyberattacks targeting health care organizations and their valuable patient data, the Office of the Inspector General (OIG) is calling for enhancements to the HIPAA audit...more

ArentFox Schiff

Key Takeaways from OCR’s CY22 HIPAA Reports to Congress

ArentFox Schiff on

On February 14, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its annual reports to Congress detailing its actions to enforce the privacy, security, and breach notification...more

Saul Ewing LLP

New Cybersecurity Guide Released

Saul Ewing LLP on

On February 16, 2024, the HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published a final version of the cybersecurity resource guide (the “Guide”) with respect to the HIPAA...more

Jackson Lewis P.C.

Downstream Breaches Cause Headaches for Healthcare Providers, as State AG Seeks Law Change to Require AG Notification

Jackson Lewis P.C. on

For healthcare providers and health systems covered by the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), a breach of unsecured protected health information (PHI)...more

WilmerHale

Year in Review: The Top 10 US Data Privacy Developments From 2023

WilmerHale on

2023 marked a pivotal moment in US data privacy and cybersecurity, characterized by substantial regulatory and legislative advances at the international, federal, and state levels. The Federal Trade Commission (FTC) took a...more

Fox Rothschild LLP

FTC and OCR Issue Joint Website Tracking Warning Letter

Fox Rothschild LLP on

If you are involved with any health information, even if you are not covered by HIPAA, you should be aware of the government’s recent position that there may be serious privacy and serious risks with use of online tracking...more

Console and Associates, P.C.

Mount Desert Island Hospital Notifies 24,180 of Data Breach Involving Leaked Social Security Numbers

Console and Associates, P.C. on

On June 30, 2023, Mount Desert Island Hospital (“MDIH”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that an unauthorized party had gained...more

Health Care Compliance Association (HCCA)

Privacy Briefs: June 2023

Health Care Compliance Association (HCCA) on

Privacy Briefs: June 2023 - Long-term care pharmacy network PharMerica disclosed a breach involving more than 5.8 million patients, making it the largest breach reported to the HHS Office for Civil Rights (OCR) in the last...more

Foley & Lardner LLP

HIPAA Breaches and Compliance: Key Findings & Lessons Learned from OCR’s Reports to Congress

Foley & Lardner LLP on

The Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) recently submitted two annual reports to Congress setting forth a summary of complaints and breaches reported to the OCR during...more

Health Care Compliance Association (HCCA)

2016 Breach Costs OK State Medical Center $875K; System Initially Missed Vulnerability

Health Care Compliance Association (HCCA) on

Report on Patient Privacy 22, no. 8 (August, 2022) - Oklahoma State University Center for Health Sciences’ (OSUCHS) breach might not have seemed all that serious at the time: No data is believed to have been misused,...more

Epstein Becker & Green

Data Breaches and HIPAA Enforcement Remain Endemic Amidst the COVID-19 Pandemic

Epstein Becker & Green on

Recently, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), the agency enforcing the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach...more

Mintz - Health Care Viewpoints

HIPAA Updates: New Guidance for Business Associates and Continued Data Breaches

Mintz - Health Care Viewpoints on

The HHS Office for Civil Rights (OCR) released a new guidance document regarding which HIPAA violations business associates (BAs) can and cannot be held directly liable for. In the guidance, OCR states that BAs can be held...more

Mintz - Health Care Viewpoints

Another HIPAA Settlement for Failure to Enter Into a BAA

Mintz - Health Care Viewpoints on

Last week, the Office for Civil Rights (OCR) announced that it had reached a settlement with a contract physician group based in Florida to resolve potential HIPAA violations relating to the sharing of protected health...more

Carlton Fields

New HHS Cybersecurity Preparedness Checklist

Carlton Fields on

The Department of Health and Human Services’ Office of Civil Rights (OCR) recently published a checklist to guide HIPAA-covered entities and business associates through an appropriate response to a ransomware or cybersecurity...more

Robinson+Cole Data Privacy + Security Insider

OCR Issues Reminder on Security Incidents

Robinson+Cole Data Privacy + Security Insider on

Following the frequent and varied ransomware attacks on health care entities over the past few years, the Office for Civil Rights (OCR) published guidance last summer to the health care industry reminding it that a ransomware...more

Burr & Forman

TortSource: Ransomware: A Reportable Breach?

Burr & Forman on

In the past several years, a huge increase has occurred in the number of electronic attacks in the United States using ransomware, a form of malware that targets and encrypts critical data and systems for the purpose of...more

Davis Wright Tremaine LLP

HIPAA Small Breach Notification Due March 1: “In Like a Lion, Out Like a Lamb” if You Submit Timely

Davis Wright Tremaine LLP on

March 1, 2017 is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health information that were...more

Skadden, Arps, Slate, Meagher & Flom LLP

"Privacy & Cybersecurity Update - January 2017"

Skadden, Arps, Slate, Meagher & Flom LLP on

In this edition of our Privacy & Cybersecurity Update, we discuss how the prospect of a new chair and three new commissioners at the FTC may impact the agency's approach to cybersecurity regulation, a new Massachusetts...more

Arnall Golden Gregory LLP

Heightened Importance for March 1, 2017 HIPAA Small Breach Reporting Deadline

Arnall Golden Gregory LLP on

With OCR’s recent announcement of its first enforcement action for lack of timely breach notification and its increased focus on small breaches, the upcoming annual reporting deadline for small breaches takes on increased...more

Faegre Drinker Biddle & Reath LLP

Breach of Privacy Prompts Breach of Etiquette: DHHS Sets New Precedent in Privacy Breach Enforcement

Faegre Drinker Biddle & Reath LLP on

On January 9, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) took action against a health system for non-timely reporting of a breach of protected health information. It was the first...more

Mintz - Health Care Viewpoints

September Privacy and Security Updates

Mintz - Health Care Viewpoints on

Although National Cyber Security Month isn’t until October, September has brought plenty of privacy and security updates that health care companies need to be aware of. In this post, we review guidance from the Office for...more

Orrick, Herrington & Sutcliffe LLP

Is Ransomware a Notifiable Data Breach Event?

Orrick, Herrington & Sutcliffe LLP on

There is no doubt that companies face unprecedented volume and variation in both disruptive and intrusive cyberattacks on their networks. Among the different attack methodologies today, ransomware is quickly becoming a major...more

King & Spalding

OIG Reports Insufficient Oversight Of HIPAA Compliance

King & Spalding on

The HHS Office for Civil Rights (OCR) must improve its oversight and enforcement of patient information privacy and security rules by “covered entities” and their business associates under the Health Information Portability...more

Orrick, Herrington & Sutcliffe LLP

Don't Wait for It; Recent HIPAA Enforcement Action Signal More to Come in Phase 2 Audits

Orrick, Herrington & Sutcliffe LLP on

Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called "Phase 2 Audits" are set to commence...more

26 Results
 / 
View per page
Page: of 2
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide