When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
A few months ago on this blog, I wrote about using Artificial Intelligence (AI) to keep up with the “alphabet soup” of compliance. An important area to address from a compliance standpoint is health data and at least two of...more
LitLand is a monthly feature that reviews developments in litigation as they relate to privacy matters and highlight any past, current, and future cases about which you should know....more
From the 2015 PLUS Medical PL Symposium session “Technology in Healthcare: EHRs & PHI,” moderator Patricia Marzella-Graubert (Swiss Re American Holdings Corporation) and panelist Alexander Grijalva (New York Presbyterian...more
Ebola has recently been the source of much concern, and health care providers and hospitals are taking steps to prepare themselves for the possibility of treating patients with Ebola. In addition to all of the medical...more
In the wake of the recent Ebola cases, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has issued a new bulletin reminding HIPAA-covered entities and their business associates that the...more
The Connecticut Supreme Court held that the federal Health Insurance Portability and Accountability Act (HIPAA) does not bar individuals from bringing negligence and emotional distress claims under state common law for breach...more
Last Friday, the Centers for Medicare & Medicaid Services (CMS) published a final rule with comment period addressing, among other issues, changes to the reporting and data collection requirements imposed upon “applicable...more
The Health Information Technology for Economic and Clinical Health Act (HITECH Act) and subsequent regulations have changed several aspects of compliance with HIPAA, including the way covered entities should think about...more
This week, the Privacy and Security Workgroup within the Health IT Policy Committee was tasked by the U.S. Department of Health and Human Services (“HHS”) to discuss certain patient data protections. Specifically, they were...more
A company named SLC Security, LLC (“SLC”), recently announced that it will begin notifying individuals if it believes it has identified a security breach or vulnerability of a company and it has not received a satisfactory...more
The United States Court of Appeals for the Eleventh Circuit recently concluded that the Health Insurance Portability and Accountability Act of 1996 (HIPAA) does not prevent the application of a Florida law requiring...more
12,915 complaints were reported in 2013 to the Department of Health and Human Services Office of Civil Rights (“OCR”) according to Illiana L. Peters, Senior Adviser for HIPAA Compliance and Enforcement. Cozen O’Connor...more
Recent Trends in HIPAA Liability - Since the passage of the 2013 HIPAA Omnibus Rule, there has been a substantial increase in HIPAA enforcement actions brought by the Department of Health and Human Services, including...more
A recent court decision found that the Federal Trade Commission (FTC) has authority to enforce the requirements for security of Protected Health Information, or PHI, as defined under the Health Information Portability and...more
Community Health Systems Inc. (“CHS”), a Tennessee-based hospital provider, has reported it was the target of data hackers who were able to obtain identification information belonging to approximately 4.5 million CHS...more
On August 18, 2014, Community Health Systems, Inc. (CHS) publicly confirmed, in a filing with the Securities and Exchange Commission (CHS filing), that its computer network was attacked between April and June 2014 by hackers...more
Community Health Systems announced yesterday, August 18th, that hackers broke into its computers and stole data on 4.5 million patients. ...more
On July 23, 2014, the Massachusetts Attorney General announced a consent judgment with an out-of-state Rhode Island hospital, Women & Infants Hospital of Rhode Island (“WIH” or the “Hospital”), resolving a lawsuit against WIH...more
On July 23, 2014, the Massachusetts attorney general announced a settlement with Women & Infants Hospital of Rhode Island (WIH) over the loss of unencrypted backup tapes. WIH agreed to pay $150,000 and undertake numerous...more
The California Court of Appeal recently held that in order to recover under California’s Confidentiality of Medical Information Act (CMIA), Civ. Code §§ 56 et seq., a plaintiff must plead and prove that the “stolen medical...more
Recap of popular updates covering latest developments in the European Union....more
While OCR enforcement activity has focused on a covered entity’s safeguarding of ePHI, organizations cannot forget about PHI in non-electronic form. To settle potential violations of the HIPAA Privacy Rule, Parkview Health...more
Removing Regulatory Barriers to Accelerate EHR Adoption - Recognizing the potential long-term value of EHRs for improving care and reducing costs, many hospitals considered offering physicians financial support to...more
Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured...more
Starting in 2015, eligible physicians and hospitals participating in the Medicare Electronic Health Records Incentive Program who do not adopt "meaningful" use" certified electronic health record (EHR) technology will no...more