Privacy Series: HIPAA Breaches - When It Is, and When It Is Not a Breach
Compliance Perspective: What's New in Healthcare Privacy
‘Tis the season for holiday baking and the elves at the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), have been diligently crafting their own holiday treat. On December 27,...more
During the first half of this webinar, Jen Mitchell, Bryan Murray and Laura Fryan, will focus on practical tips and pointers on avoiding a HIPAA breach and what lessons you can take away from the Change Healthcare breach. ...more
The Federal Trade Commission’s (FTC) years-long effort to modernize its Health Breach Notification Rule (HBNR) in the midst of a swiftly changing technological landscape appears to be coming to an end. On Thursday, May 30,...more
In March of this year, The Office for Civil Rights of the Department of Health and Human Services issued a letter addressing the recent cybersecurity incident impacting many health care entities, primarily Change Healthcare,...more
For healthcare providers and health systems covered by the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), a breach of unsecured protected health information (PHI)...more
Data Breaches risk legal consequences—both from state and federal governments and consumers, as well as reputational harm. Last month, MCNA—a dental benefit provider—provided notice of a data breach that exposed the...more
On February 1, 2023, the FTC announced a proposed $1.5 million settlement with GoodRx Holdings, based on alleged violations of the Federal Trade Commission Act (“FTC Act”) and Health Breach Notification Rule (“HBNR”) for...more
General and specialty compliance training from the comfort of your home or office! HCCA’s Regional Healthcare Compliance Conferences provide practitioners with virtual compliance training that includes updates on the...more
HIPAA-covered entities should note the quickly approaching March 1, 2022 deadline for reporting breaches of unsecured protected health information that occurred in 2021 and involved fewer than 500 individuals. This article...more
On June 16, and then on July 6, 2021, Connecticut Governor Ned Lamont signed into law a pair of bills that together address privacy and cybersecurity in the state....more
Cyberattacks against healthcare providers accounted for 79% of all reported data breaches in 2020. (See here). The U.S. Department of Health and Human Services’ (HHS) Office of the Assistant Secretary for Preparedness and...more
CYBERSECURITY - NYDFS - Cybersecurity Certificate of Compliance Due April 15, 2021 The New York Department of Financial Services (DFS), which regulates certain covered entities and licensed persons in the financial...more
Recently the Health Care Compliance Association released the new Health Care Privacy Handbook, 3rd Edition. https://www.hcca-info.org/health-care-privacy-handbook To learn what’s new in the book and in healthcare privacy...more
Report on Patient Privacy 20, no. 12 (December 10, 2020) - Suspected North Korean hackers have tried to break into the systems of British drugmaker AstraZeneca in recent weeks as the company races to deploy its COVID-19...more
Report on Patient Privacy 20, no. 11 (November 2020) - In her 14-plus years of investigating and blogging about hacking and breaches, “Dissent” has been yelled at, threatened with lawsuits and accused of being a criminal....more
CYBERSECURITY - Patching Gets More and More Complicated but Is Critical for Managing Risk - Patching vulnerabilities has always been challenging, but these days, it is getting more and more complicated as...more
Regulatory bodies are upping the ante when it comes to settling with companies that have suffered data breaches. In addition to the below settlements, see also the settlement between the OCR and Dignity Health....more
Every year, we remind our readers that the HIPAA data breach notification regulations require covered entities to notify the Office for Civil Rights (OCR) of any reportable data breaches that involved fewer than 500...more
The Office for Civil Rights (OCR) announced that it has fined the Texas Health and Human Services Commission (TXHHS) $1.6 million for HIPAA violations. This is one of the few fines the OCR has levied against a state agency....more
EU Court Allows Class Action to Proceed, Sets Precedent for Future Data Breach Class Actions - A class action brought against Google will be allowed to move forward after the plaintiff’s appeal was permitted, allowing him to...more
Reflecting the movement to toughen data security laws on a state-by-state basis, on July 25, 2019, Governor Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (the "SHIELD Act" or the "Act"). The...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - NIST Produces Roadmap for Improving Critical Infrastructure Cybersecurity Version 1.1 - On April 25, the National Institute of Standards and Technology...more
On August 12, Mahesh Nattanmai, New York’s Chief Health Information Officer, issued a notice letter (“the notice”) on behalf of the New York State Department of Health (“Department”) requiring healthcare providers to use a...more
What have you done for me lately? Now that the tune is stuck in your head, specifically, have you recently conducted a thorough and up to date risk assessment in accordance with the requirements of the Health Insurance...more
• New York recently enacted the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which expands data breach notification requirements and imposes new data security obligations on businesses that own, license or,...more