Privacy Series: HIPAA Breaches - When It Is, and When It Is Not a Breach
Compliance Perspective: What's New in Healthcare Privacy
Who will notify the potentially millions of individuals whose information might have been jeopardized by the massive cyberattack on Change Healthcare? Since the affiliate of UnitedHealth Group (UHG) first reported the...more
After months of uncertainty and multiple letters from industry associations advocating on behalf of the healthcare industry with the U.S. Department of Health and Human Service (HHS) Office for Civil Rights (OCR), covered...more
The HIPAA Privacy, Security, and Breach Notification Rules apply to healthcare providers who engage in certain electronic transactions, healthcare clearinghouses, and health plans, including employee group health plans with...more
Substance Use Disorder (SUD) programs and HIPAA-regulated entities seeking to streamline their privacy and security practices and workflows received welcome news from the U.S. Department of Health & Human Services (HHS) last...more
For healthcare providers and health systems covered by the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), a breach of unsecured protected health information (PHI)...more
If you are in the consumer health space, you have (or at least we hope you have...) figured out by now that there are health-related privacy and security laws and regulations that apply to your business. The Federal Trade...more
It has been a while since we last gathered for one of the monthly public meetings of the Federal Trade Commission (FTC or Commission). Clearly, the monthly nature of the meetings is questionable, but then again, there are...more
GoodRx Faces Million Dollar Proposed Penalty from FTC in First Enforcement Action Under the Health Breach Notification Rule - Settlement reveals views on application of unfairness authority to sharing of sensitive...more
The Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) recently submitted two annual reports to Congress setting forth a summary of complaints and breaches reported to the OCR during...more
On February 1, 2023, the Federal Trade Commission (“FTC”) announced that it filed a “first-of-its-kind proposed order” under its Health Breach Notification Rule promulgated pursuant to section 13407 of the American Recovery...more
On February 1, 2023, the FTC announced a proposed $1.5 million settlement with GoodRx Holdings, based on alleged violations of the Federal Trade Commission Act (“FTC Act”) and Health Breach Notification Rule (“HBNR”) for...more
For the first time ever, the Federal Trade Commission (FTC) is seeking enforcement under the Health Breach Notification Rule. This regulation requires certain businesses not covered by the Health Insurance Portability and...more
Last week, the Federal Trade Commission (“FTC”) released two guidance documents to aid in compliance with its Health Breach Notification Rule (“the Rule”), which requires “vendors of personal health records” or “PHR related...more
The U.S. Department of Health & Human Services (HHS) just announced increased penalty amounts for entities who violate the privacy, security, and breach notification rules under the Health Insurance Portability and...more
On September 15, 2021, the Federal Trade Commission (“FTC”) issued a Policy Statement instructing health app and connected device companies to comply with the Health Breach Notification Rule (“the Rule”). The Rule, codified...more
On November 27, 2019 the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced a $2.175 million dollar settlement with a hospital system to resolve alleged violations of HIPAA’s Breach...more
On October 23, 2019, the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) announced that it had imposed a $2,154,000 civil money penalty (CMP) against a Miami-based health system for...more
So you just discovered that protected health information (“PHI”) from your organization was improperly accessed or disclosed. Are you required to self-report the violation to the affected individual and HHS? HIPAA Breach...more
Health care organizations’ lack of compliance with the data privacy and security requirements of both state laws and the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy, Security and Breach Notification...more
Last week, the Office for Civil Rights (OCR) announced that it had reached a settlement with a contract physician group based in Florida to resolve potential HIPAA violations relating to the sharing of protected health...more
The health care industry is racing to adopt cutting-edge technology to provide patients with the best treatment possible at the lowest possible cost. ...more
The deadline to submit notice to the Department of Health and Human Services (HHS) of small HIPAA breaches (those that affected fewer than 500 individuals) discovered in calendar year 2017 is March 1, 2018....more
Covered entities, including employer sponsored health plans, should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights...more
FBI Issues Flash Alert on Apache Struts Vulnerability - The Apache Struts vulnerability has been mentioned frequently in the media over the past month, as it is believed to have been involved in one of the largest and most...more
Earlier this month, New York Attorney General Eric Schneiderman announced his state had entered into a settlement with CoPilot Provider Support Services, Inc. (CoPilot)—a settlement resulting from CoPilot’s violation of the...more