News & Analysis as of

Data Security Health Insurance Portability and Accountability Act

Lessons To Be Learned From The Breach Of Nearly 500,000 Individual Health Records Reported In September 2017

by Jackson Lewis P.C. on

A recent report indicates that nearly 500,000 individual health records were breached in September 2017. This figure is taken from the 39 healthcare data breaches involving more than 500 records that were reported to the...more

Want to Learn More About Fighting Negative CPARS Ratings, Privacy in Government Contracting, the Mandatory Disclosure Rule or Just...

The fall brings many nice things: cooler weather, beautiful leaves, and of course, the Government’s fiscal year end. To those wondering where in the world Kilpatrick’s government contracts attorneys have been (because they...more

National Association of Insurance Commissioners Issues Insurance Data Security Model Law

• NAIC recently adopted an Insurance Data Security Model Law that follows the risk assessment-based approach of the New York DFS Cybersecurity Regulation. This signals the growing influence of the New York Regulation,...more

Cybersecurity 2018 – The Year in Preview: HIPAA Compliance

Like many things in Washington, the HIPAA landscape in 2018 will be shaped by the shifting priorities of President Trump’s new administration. Early signs point to less funding for the Office of Civil Rights (“OCR”) within...more

Is it HIPAA or HIPPA? Either way, it still applies.

by Winstead PC on

I have negotiated hundreds of SaaS agreements for dozens of software companies and I always hated when the company on the other side was a healthcare provider. Invariably, they would bring up Protected Health Information...more

State Data Breach Notification Laws

by Foley & Lardner LLP on

While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more

A Little Help From HIPAA

by McGuireWoods LLP on

HIPAA’s Security Rule requires that Covered Entities perform “periodic” Security Risk Assessments. All too often, however, this regulatory obligation is ignored altogether, performed extremely sporadically, or treated as a...more

Where is your PHI Data Traveling Today?

by Dickinson Wright on

With most vendors offering and pushing cloud computing solutions and offsite data backup, or guaranteeing offsite backup of data they process for you, many HIPAA covered entities and business associates are questioning...more

NY AG Fines Healthcare Firm $130,000 for Improperly Delaying Breach Notices to Consumers Due to an FBI Investigation

by Arnall Golden Gregory LLP on

On June 15th, New York Attorney General Eric Schneiderman announced a settlement with CoPilot Provider Support Services Inc. to resolve allegations that the company improperly delayed notice to more than 220,000 consumers of...more

HHS Releases Health Care Industry Cybersecurity Task Force Report

Last week, the Department of Health and Human Services (HHS) issued its “Report on Improving Cybersecurity in the Health Care Industry,” which is the culmination of a year-long effort on behalf of the Cybersecurity Task...more

My Entity Just Experienced a Cyber-Attack! What Do We Do Now?

by Balch & Bingham LLP on

On June 9, 2017, the U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) released a cyber-attack “Quick Response” checklist (the Checklist) for the benefit of HIPAA covered entities and business...more

OCR Publishes Checklist and Infographic for Cyber Attack Response

OCR released a simple checklist and infographic last week to assist Covered Entities and Business Associates with responding to potential cyber attacks. As cybersecurity remains a pressing concern for health care entities,...more

HHS Task Force Says Healthcare Cybersecurity is in “Critical Condition”

Unbeknownst to many, Congress established the Health Care Industry Cybersecurity Task Force in 2015 to address the health care industry’s cybersecurity challenges. That Task Force–a combination of public and private...more

(Un)Protected Health Information Held for Ransom

by Snell & Wilmer on

Recent experiences of major health care companies offer a reminder of the importance of data security and following a well-written policy for compliance with the HIPAA Privacy Rule....more

Global Privacy & Cybersecurity Update Vol. 14

by Jones Day on

New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more

Over-Analyzed and Under-Protected: Cybersecurity Compliance is Actually Pretty Simple

by JD Supra Perspectives on

While certainly not easy, data security and privacy compliance is actually pretty simple....more

HIPAA spring check-up: Your obligations to safeguard third-party patient health information in medical records produced in...

You’ve had your apple a day, but you can’t keep the subpoenas away… And, if your organization is facing a request seeking records or other materials that may contain patient health information (“PHI”), it bears...more

New Mexico Enacts Data Breach Notification Law

by King & Spalding on

On April 6, 2017, New Mexico became the 48th state to enact a data breach notification law; the Data Breach Notification Act (the “Act”) will go into effect on June 16, 2017. The good news for many in the health care...more

OCR Announces First HIPAA Settlement with Wireless Health Services Provider

by Morgan Lewis on

The $2.5 million settlement reflects the agency’s focus on mobile health privacy. On April 24, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a settlement with CardioNet, a...more

Lessons from OCR HIPAA Settlements - Mobile Device Security Standards

by Ruder Ware on

In the first known case involving a wireless provider, a cardiology service provider agreed to pay a $2.5 million settlement based on the impermissible disclosure of unsecured electronic protected health information (ePHI)....more

Nutter Bank Report, April 2017

CFPB Delays the Effective Date of New Prepaid Accounts Rule - The CFPB adopted a final rule on April 20 that delays the general effective date of its rule governing prepaid accounts by six months. The rule will now take...more

Phishing Incident Leads to $400,000 HIPAA Settlement

?On April 12, 2017, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that Metro Community Provider Network (MCPN) agreed to pay HHS $400,000 to settle alleged HIPAA Security Rule...more

Gone Phishin’: Hack Leads to HIPAA Settlement

Earlier this week, the HHS Office for Civil Rights (“OCR”) announced a $400,000 settlement with Metro Community Provider Network (“MCPN”) related to a 2012 HIPAA breach caused by a phishing scam. The phishing scam, carried...more

HIPAA Guidance Issued on Man-In-The-Middle Attacks

by McGuireWoods LLP on

Last week, the Office of Civil Rights (OCR) issued guidance on securing end-to-end communications for sensitive information transmitted between parties over the internet. The OCR warns against “man-in-the-middle” (MITM)...more

Recent HIPAA Privacy and Security Settlements and Lessons Learned

by Perkins Coie on

Although the fate of the Affordable Care Act remains undecided, enforcement of the HIPAA privacy and security regulations by the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services is ongoing,...more

161 Results
|
View per page
Page: of 7
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.