News & Analysis as of

Health Care Providers Office of Civil Rights Data Protection

Health Care Compliance Association (HCCA)

Seven Years After Worldwide NotPetya Attacks, OCR Singles Out PA System, Collects Nearly $1M

Unleashed on June 27, 2017, NotPetya caused an estimated $10 billion in damages globally, among the costliest ransomware attacks in history. In 2018, the Trump administration—in tandem with the British government—blamed...more

Clark Hill PLC

HHS Bulletin on Online Tracking Technologies Declared Unlawful: What Covered Entities and Business Associates Need to Know About...

Clark Hill PLC on

Online tracking technologies are used by healthcare and hospital systems throughout the United States to analyze their website traffic, personalize content, and provide relevant information to website visitors, some of whom...more

Wilson Sonsini Goodrich & Rosati

Texas District Court Vacates OCR's HIPAA Bulletin on Online Tracking Technologies, But Issues Mixed Decision

On June 20, 2024, the United States District Court for the Northern District of Texas ordered the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) to vacate its guidance that had restricted...more

Health Care Compliance Association (HCCA)

‘I Will Not Rest’; ‘I Am All In’: Remarkable Breach Hearing Sees Pledges by UHG CEO, Sen. Wyden

United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more

Health Care Compliance Association (HCCA)

Privacy Briefs: May 2024

Kaiser Permanente is notifying 13.4 million current and former members that their personal information may have been compromised when it was transmitted to tech giants Google, Microsoft Bing and X (formerly Twitter) when...more

Orrick, Herrington & Sutcliffe LLP

Biden Administration Updates HIPAA to Protect the Privacy of Reproductive Health Care

The Department of Health and Human Services (HHS), through the Office for Civil Rights (OCR), has issued a final rule updating the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule in an effort to...more

K&L Gates LLP

Health System Cybersecurity Risks: Part One

K&L Gates LLP on

In this two-part Triage series, Gina Bertolini, Sarah Carlins, and Jianne McDonald analyze two recent HHS initiatives that address cybersecurity risks to hospitals and health systems nationwide. Cybersecurity events involving...more

Arnall Golden Gregory LLP

Healthcare Authority Newsletter - March 2024 #3

News Briefs - New HHS Task Force Aims to Oversee AI in Healthcare - Details are emerging on a new HHS task force faced with a monumental task: creating a regulatory structure to oversee utilization of artificial intelligence...more

Wilson Sonsini Goodrich & Rosati

OCR at HHS Updates Guidance on Use of Online Tracking Technology by HIPAA-Regulated Entities

On March 18, 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) updated its guidance on the use of online tracking technology by covered entities regulated by the Health...more

Manatt, Phelps & Phillips, LLP

HIPAA Enforcer Updates Guidelines on Online Tracking Amid Calls for Clarity: Key Takeaways

On March 18, 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) updated its December 2022 guidance for HIPAA-regulated entities regarding the use of online tracking technologies...more

Katten Muchin Rosenman LLP

OCR Updates Guidance on Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates

On March 18, the Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) updated its guidance on the use of online tracking technologies by covered entities and business associates (regulated...more

Arnall Golden Gregory LLP

Responding to a Third-Party Data Breach: Practical Legal and Compliance Steps

Cyberattacks and data incidents are rapidly increasing, and third-party services companies are a frequent source of exposure for healthcare providers. Healthcare is a prime target for cybercriminals, with ransomware and...more

Hogan Lovells

Updated OCR guidance does not solve HIPAA’s tracker uncertainty

Hogan Lovells on

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) updated its guidance concerning compliance obligations for HIPAA covered entities and business associates using online tracking...more

Epstein Becker & Green

2024 Update: Regulators Use “Carrots and Sticks” to Incentivize Healthcare Sector Cybersecurity Compliance

Epstein Becker & Green on

Healthcare organizations continue to be prime targets of cyberattacks. It is well-established that cyberattacks can lead to financial loss, reputational damage, and, in some cases, risks to patient care and safety. The recent...more

Dickinson Wright

How Did They Get My Protected Health Information?

Dickinson Wright on

It is no secret that protected health information (or “PHI”) is more and more at risk for cybersecurity attacks. In 2022 (the most recent year this statistic is available), the Department for Health and Human Services Office...more

BakerHostetler

HHS Publishes ‘Voluntary’ Healthcare Cybersecurity Performance Goals in Record Time but Leaves Questions Unanswered

BakerHostetler on

As previously reported in this blog, on Dec. 6, 2023, the Department of Health and Human Services (HHS or the Department) released a “concept paper,” which laid out its vision of future action regarding healthcare...more

Health Care Compliance Association (HCCA)

‘An Unknown Individual Walked In’: Protecting Against Telehealth Risks Includes Non-IT Threats

The HHS Office for Civil Rights (OCR) and other government agencies aren’t just worried that providers understand—and mitigate—the privacy and security risks of telehealth. In fact, in 2022, the Government Accountability...more

Jackson Lewis P.C.

Downstream Breaches Cause Headaches for Healthcare Providers, as State AG Seeks Law Change to Require AG Notification

Jackson Lewis P.C. on

For healthcare providers and health systems covered by the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), a breach of unsecured protected health information (PHI)...more

Seyfarth Shaw LLP

Cyber Strategy: HHS Weighs in on Cybersecurity in the Healthcare Industry

Seyfarth Shaw LLP on

Seyfarth Synopsis: The health care sector faces escalating cybersecurity risks given its size, technological dependence and the sensitive nature of data used therein. According to the U.S. Department of Health and Human...more

BakerHostetler

HHS ‘Concept Paper’ Forecasts Stormy Cybersecurity Compliance Weather: New Cybersecurity Requirements and Increased Enforcement to...

BakerHostetler on

On Dec. 6, the Department of Health and Human Services (HHS or the Department) released what it is calling a “concept paper” on its role in cybersecurity for the healthcare sector (the HHS paper). The HHS paper is sweeping in...more

Akerman LLP - Health Law Rx

OCR Will Focus on You if You Don’t Focus on Cybersecurity

With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity...more

Brooks Pierce

Business Associate Victim of Ransomware Attack Pays $100,000 to HHS OCR

Brooks Pierce on

Is your organization a business associate? You could be subject to enforcement action if you fail to protect health information within your control from ransomware attacks. In October, for the first time, the U.S....more

Health Care Compliance Association (HCCA)

BA Depicted by OCR as Example of Ransomware Dangers Recovered Quickly, Didn’t Expect Fine

Report on Patient Privacy 23, no. 11 (November, 2023) Tim DiBona clearly remembers Christmas Eve 2018 when the staff of his small firm—Doctors’ Management Service (DMS)—arrived at their West Bridgewater, Mass., office to...more

Health Care Compliance Association (HCCA)

Privacy Briefs: November 2023

Report on Patient Privacy 23, no. 11 (November, 2023) The American Hospital Association (AHA) is urging federal lawmakers to intervene with the HHS Office for Civil Rights (OCR) so that hospitals and health systems can...more

Holland & Knight LLP

Podcast - Data Privacy and Tracking Technology Compliance

Holland & Knight LLP on

In this episode of "Counsel That Cares," data security and privacy attorney Paul Bond is joined by Antonio Rega, managing director at J.S. Held, to discuss the latest developments regarding lawsuits involving the use of...more

138 Results
 / 
View per page
Page: of 6

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide