FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
A Less is More Strategy for Data Risk Mitigation
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
Approach to Responsible AI
Why Privacy Matters to Your Business and What's in Store for 2025
No Password Required Podcast: Senior Security Researcher at Nokia and Guardian of Secure AI Networks
Getting Bang for Your Buck: Spend Your 2025 Privacy Budget Wisely
Constangy Clips Ep. 7- 4 New Year’s Resolutions to Keep Your Cyber Data Safe and Secure in 2025
The Privacy Insider Podcast Episode 10: 2025 Privacy Predictions: Hold My Beer, 2024
AI Talk With Juliana Neelbauer - Episode Three - Cybersecurity Insurance: Coverage Challenges and Changes
No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
Protect, Prepare, Prevail: Navigating a Complex Cybersecurity World
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Crafting an Effective Law Firm Generative AI Policy for Responsible Business Use: On Record PR
2025 Privacy Law Preview: Be Prepared
Podcast - Bowling with Bumpers: Using a Privacy Framework to Set Your Company Up for a Strike
"Monsters Inc." y el tratamiento de los datos
Unlock Privacy ROI: Why Making Cross-Functional Allies is Key
AI Discrimination and Emerging Best Practices – Part 2 - The Good Bot Podcast
The Privacy Insider Podcast Ep. 8: Privacy Over Party: Peter Swire
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) appears to have made cybersecurity its New Year’s resolution. The first few weeks of 2025 have already brought with them proposed amendments to...more
In 2024, the U.S. Department of Health and Human Services Office of Civil Rights (“OCR”) Director Melanie Fontes Rainer announced that OCR will resume auditing Health Information Portability and Accountability Act (“HIPAA”)...more
The number of large data breaches, those involving 500 or more people, exposing protected health information has increased exponentially in the last few years, and ransomware and hacking are the primary cyber threats in...more
The HHS Office for Civil Rights (OCR) and other government agencies aren’t just worried that providers understand—and mitigate—the privacy and security risks of telehealth. In fact, in 2022, the Government Accountability...more
Report on Patient Privacy 23, no. 10 (October, 2023) By 2016, it should have been clear to HIPAA covered entities that a security risk analysis—and corresponding risk management plan—were compliance basics. Yet, a new...more
Get the latest updates on government initiatives related to physicians and clinics - HCCA’s Clinical Practice Compliance Conference provides insights, updates, and strategies that are pertinent to developing and managing...more
Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more
For the second year in a row, Foley & Lardner LLP and PYA hosted a compliance master class on various health-related compliance issues. “Let’s Talk Compliance” is an annual one-day event featuring a panel of presenters that...more
This two-day Regional Compliance and Ethics Conferences provide attendees with a forum to interact with local compliance professionals, share information about your compliance successes and challenges, and create educational...more
What have you done for me lately? Now that the tune is stuck in your head, specifically, have you recently conducted a thorough and up to date risk assessment in accordance with the requirements of the Health Insurance...more
Medical Informatics Engineering, Inc. and its wholly-owned subsidiaries (MIE) and the Office for Civil Rights at the U.S. Department of Health and Human Services (HHS-OCR) entered into a $100,000 settlement and two-year...more
Your Organization’s best defense in an environment of aggressive regulators and litigious plaintiffs’ counsel is the completion of an enterprise risk assessment. Regulators and attorneys general are fining–sometimes hundreds...more
Last week at a H&H Hi-Tech Hub presentation on Cybersecurity and Privacy Law in Salt Lake City, there was some discussion about risk assessments and how they are mandated by certain statutes and regulations depending on the...more
Under the Health Information Privacy and Portability Act (HIPAA), “covered entities” (generally speaking health care providers and their business associates) must all complete a risk assessment to identify and mitigate...more
On June 18, 2018, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that an HHS Administrative Law Judge (“ALJ”) granted summary judgment to OCR in an enforcement action...more
In its most recent Cybersecurity Newsletter, OCR focuses on the intersection of HIPAA and information security. To be sure, HIPAA requires covered entities and business associates to address their organizations’ information...more
Earlier this week, I moderated a panel discussion at an event hosted by the New York chapter of the Health Information and Management Systems Society (HIMSS). The panel was comprised of private sector health information...more
Based on the results of the Office for Civil Rights (OCR) Health Insurance Portability and Accountability Act of 1996 (HIPAA) Phase 2 desk audits for covered entities, small and mid-sized providers (Smaller Providers) are on...more
Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more
Healthcare organizations – ranging from physician practice groups to large, multi-state hospital systems – face a variety of risks, including fraud and abuse, as well as HIPAA privacy issues. Starting from a baseline risk...more
The 2015 HIPAA Security conference held by the National Institute of Standards and Technology (“NIST”) and the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) kicked off last week with OCR’s...more
During 2014, the Office for Civil Rights (OCR) of the U.S. Department of Health & Human Services initiated six enforcement actions in response to security breaches reported by entities covered by the Health Insurance...more
HIPAA security risk assessment (SRA) tool was recently made available through HHS. The tool was developed as a collaborative effort between the HHS Office of the National Coordinator for Health Information Technology (ONC),...more
On March 22, 2013, Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) Director Leon Rodriguez presented the keynote address to attendees of the American Health Lawyers’ Association HIPAA/HITECH Conference in...more
A small non-profit hospice in Idaho agreed to pay $50,000 to settle allegations that it violated the HIPAA security regulations. The allegations stemmed from a report made to HHS by the hospice after a laptop containing...more