The Privacy Insider Podcast Episode 11: Signal and Noise: The New Administration, Privacy, and Our Digital Rights with Cindy Cohn of Electronic Frontier Foundation
Digital Planning Podcast - Interview With Leeza Garber
Compliance into the Weeds-Episode 39, Disclosure of Ransomware Attacks
Your Cyber Minute: Compliance with the Proposed NYDFS Cybersecurity Regulation
Safeguards against Data Security Breaches (Part One)
Trial outcomes often hinge on witness testimony. Attorneys collect much of this testimony during a formal process called a deposition. A critical component of discovery, depositions traditionally occur in law offices or...more
The HIPAA Privacy and Security Rules require covered entities (including healthcare providers and health plans) and their business associates to protect patient information stored or transmitted electronically, including...more
In the final days of the Biden Administration, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a notice of proposed rulemaking (NPRM) to modify the Security Rule under the Health...more
“Through December 20, 2024, 575 security incidents involving unsecured protected health information affecting 500 or more individuals had been reported to Health and Human Services. Through the same date in 2023, 265...more
Citing the “alarming growth” of cyberattacks in recent years, the U.S. Department of Health and Human Services (“HHS”) has issued a Notice of Proposed Rulemaking to modify the Health Insurance Portability and Accountability...more
On December 27, 2024, the Department of Health and Human Services (HHS) issued a notice of proposed rulemaking (NPRM) related to the Security Rule under the Health Insurance Portability and Accountability Act (HIPAA). ...more
As many businesses and organizations adapt to the impact of COVID-19 on their operations, the systems and data security risks they face continue to increase and must be an area of focus in all planning for COVID-19. While...more
SDNY Rejects Standing under “Increased Risk” Theory Where Data Not Targeted or Stolen - The Southern District of New York rejected a settlement that would have resolved a class action based on the unauthorized (and...more
The University of Rochester Medical Center (URMC) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Service (HHS) entered into a $3 million no-fault settlement agreement and two year corrective...more
In one of this year’s largest HIPAA settlements, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) is set to collect $3 million from the University of Rochester Medical Center (URMC). This...more
Organizations that meet the definition of "covered entity" under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (HIPAA) must be diligent to maintain the privacy and security...more
As we approach 2019, companies will want to keep in mind the changes that are coming to various US states’ breach notice laws. On January 1, 2019 Iowa’s law, which has already been amended twice since it was passed in 2008,...more
A single, multidisciplinary entity, like a university, may include certain departments that use PHI, and other departments that do not. Such institutions are eligible to (and should) self-identify as “hybrid entities” to...more
On June 18, 2018, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that an HHS Administrative Law Judge (“ALJ”) granted summary judgment to OCR in an enforcement action...more
Healthcare organizations take note: not following your own data security rules can be costly, very costly. And the more time it takes to comply, the faster the fines stack up....more
CMS issued a memo to state survey agency directors on December 28, 2017, to clarify CMS’s position on texting patient information. The memo, which indicates that it is effective “immediately,” states that CMS prohibits...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
Last week, the Office of Civil Rights (OCR) issued guidance on securing end-to-end communications for sensitive information transmitted between parties over the internet. The OCR warns against “man-in-the-middle” (MITM)...more
The use of cloud service providers has exploded in the past several years. According to estimates from Gartner, the market for cloud services is expected to reach $204 billion in 2016. But the use of cloud service providers...more
Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more
On August 4, 2016, the U.S. Department of Health and Human Services, Office of Civil Rights (OCR) announced a record-setting settlement with Advocate Health Care Network (Advocate) for multiple potential violations of HIPAA...more
In the two decades since its original passage, complying with the federal Health Insurance Portability and Accountability Act (HIPAA) hasn’t gotten any easier. Enacted with the primary goal of protecting the confidentiality,...more
This Halloween, the scariest monsters might not be in your closet or under your bed. They may be overseas, orchestrating intrusions into your electronic medical record. Or they may be lurking in your own workforce, carrying...more
Everyone in healthcare knows that the next round of HIPAA audits is coming. Covered entities and business associates have long been advised to review and update their HIPAA security risk analyses, have business associate...more
With headlines every day announcing another release of Protected Health Information (PHI), providers are asking themselves – is there a way to protect against these breaches? Beyond improving the security of large...more