News & Analysis as of

Data Breach Covered Entities

Jackson Lewis P.C.

The Broadening Data Security Mandate: SEC Incident Response Plan and Data Breach Notification Requirements

Jackson Lewis P.C. on

Virtually all organizations have an obligation to safeguard their personal data against unauthorized access or use, and, in some instances, to notify affected individuals in the event such access or use occurs. Those...more

Dechert LLP

SEC Adopts First Major Amendments to Regulation S-P Since 2000

Dechert LLP on

Incident Response Plans and Written Information Security Programs Continue to be Essential and Will Need to Be Reviewed. Most sophisticated organizations currently have in place incident response plans. Those organizations...more

Fenwick & West LLP

Change Breach Results in Notification Clarity

Fenwick & West LLP on

On May 31, 2024, more than four months after the February 2024 Change Healthcare ransomware attack, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) updated its Change Healthcare FAQs. ...more

Seward & Kissel LLP

SEC Adopts Data Privacy Rule Amendments to Regulation S-P

Seward & Kissel LLP on

Who may be interested: Investment Companies; Investment Advisers; Broker-Dealers; Transfer Agents - The SEC adopted amendments to Regulation S-P imposing new data privacy and security requirements on broker-dealers,...more

McGuireWoods LLP

Ounce of Prevention: Are You Keeping Track of Your Business Associate Agreements’ Requirements?

McGuireWoods LLP on

Applicable Provider Types: All - Is Your Entity in Compliance? The Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic and Clinical Health Act of 2009...more

Skadden, Arps, Slate, Meagher & Flom LLP

SEC Amends Reg S-P To Strengthen Data Breach Response Requirements and Protect Investor Information

On May 16, 2024, the Securities and Exchange Commission (SEC) announced the adoption of amendments to Regulation S-P (Reg S-P), which broadly track the changes originally proposed in March 2023. The revised Reg S-P requires...more

Tucker Arensberg, P.C.

Navigating HIPAA’s Breach Notification Rule Following A Breach

Tucker Arensberg, P.C. on

In light of the ongoing investigation of Change Healthcare’s ransomware attack that resulted in the improper disclosure of thousands of individuals’ PHI, now seems like a perfect time to discuss HIPAA’s requirements...more

Fisher Phillips

Insider Threats to Healthcare Data: What You Need to Know and 5 Steps You Can Take Now

Fisher Phillips on

Healthcare data breaches are occurring more frequently and on larger scales than ever before – and while you defend against cyberattacks and other external threats, make sure you do not overlook the critical role your...more

Health Care Compliance Association (HCCA)

‘I Will Not Rest’; ‘I Am All In’: Remarkable Breach Hearing Sees Pledges by UHG CEO, Sen. Wyden

United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more

Health Care Compliance Association (HCCA)

Privacy Briefs: May 2024

Kaiser Permanente is notifying 13.4 million current and former members that their personal information may have been compromised when it was transmitted to tech giants Google, Microsoft Bing and X (formerly Twitter) when...more

WilmerHale

8 Questions To Ask Before Final CISA Breach Reporting Rule

WilmerHale on

On April 4, the Cybersecurity and Infrastructure Security Agency published a notice of proposed rulemaking setting out mandatory reporting requirements for covered entities that experience cybersecurity incidents or make...more

BakerHostetler

FTC Vastly Expands Reach of the Health Breach Notification Rule

BakerHostetler on

On April 26, the Federal Trade Commission (FTC) announced its final rule (Final Rule) making changes to the Health Breach Notification Rule (HBNR)....more

BakerHostetler

Change Healthcare Incident: Update on ‘Impacted Data’ Analysis and Notification Plan

BakerHostetler on

Late on March 27, Change Healthcare (CHC)’s parent company, UnitedHealth Group (UHG), provided an update on its analysis of the extent of “impacted data” involved in the CHC incident....more

Morgan Lewis - Health Law Scan

Updates to Part 2 Finalized to Align with the HIPAA Privacy Rules

The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the Substance Abuse and Mental Health Services Administration (SAMHSA) issued long awaited updates to the regulations at 42 CFR Part 2...more

BakerHostetler

HHS OCR Provides Annual Report to Congress Detailing 2022 Enforcement Activities

BakerHostetler on

On Feb. 16, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published its 2022 Annual Report to Congress. ...more

Health Care Compliance Association (HCCA)

[Event] Healthcare Privacy Compliance Academy - July 15th - 18th, Charlotte, NC

Ideal for professionals with some compliance knowledge and experience, HCCA’s Healthcare Privacy Compliance Academy offers practitioners a deeper understanding of effective compliance management in a healthcare setting. The...more

Lathrop GPM

HIPAA Violations: What Providers Should Learn From the Failures of Others

Lathrop GPM on

The federal agency responsible for enforcing the Health Insurance Portability and Accountability Act of 1996 (HIPAA) – the Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services – recently submitted...more

Health Care Compliance Association (HCCA)

[Event] Healthcare Privacy Compliance Academy - May 6th - 9th, San Antonio, TX

Ideal for professionals with some compliance knowledge and experience, HCCA’s Healthcare Privacy Compliance Academy offers practitioners a deeper understanding of effective compliance management in a healthcare setting. The...more

McGuireWoods LLP

Office for Civil Rights Settlement May Signal Increasing Scrutiny for Ransomware Attacks

McGuireWoods LLP on

On Oct. 31, 2023, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced it had settled with Doctors’ Management Services Inc. (DMS) over a self-reported ransomware attack that occurred in...more

WilmerHale

Updates to the Safeguards Rule Will Require Non-Banking Financial Institutions to Report Data Security Breaches to the FTC

WilmerHale on

On October 27, 2023, the Federal Trade FTC (FTC) approved amendments to its version of the Standards for Safeguarding Customer Information Rule (the Safeguards Rule) to require non-banking financial institutions regulated by...more

Holland & Hart LLP

Business Associate Agreements: Requirements and Suggestions

Holland & Hart LLP on

The HIPAA Privacy and Security Rules generally require covered entities (including most healthcare providers) to execute written agreements (“business associate agreements” or “BAAs”) with their business associates before...more

Health Care Compliance Association (HCCA)

11 Years After First Disclosure, L.A. Care Pays $1.3M, Says ‘Processing Errors’ Caused Breaches

Report on Patient Privacy 23, no. 10 (October, 2023) By 2016, it should have been clear to HIPAA covered entities that a security risk analysis—and corresponding risk management plan—were compliance basics. Yet, a new...more

McGuireWoods LLP

Successive HIPAA Breaches Lead to $1.3 Million Settlement for Nation’s Largest Public Health Plan

McGuireWoods LLP on

On Sept. 11, 2023, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced that the Local Initiative Health Authority for Los Angeles County (LA Care) entered into a $1.3 million settlement...more

Seyfarth Shaw LLP

Top 5 Reasons to Remember Your Business Associate Agreements This Fall

Seyfarth Shaw LLP on

As organizations begin renewing and entering into new contractual relationships for 2024, an oft-forgotten aspect of the contracting process is determining whether a Business Associate Agreement (a “BAA”) is required. Under...more

Health Care Compliance Association (HCCA)

[Event] Healthcare Privacy Compliance Academy - February 26th - 29th, Phoenix, AZ

Ideal for professionals with some compliance knowledge and experience, HCCA’s Healthcare Privacy Compliance Academy offers practitioners a deeper understanding of effective compliance management in a healthcare setting. The...more

294 Results
 / 
View per page
Page: of 12

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide