The Office for Civil Rights of the Department of Health and Human Services (OCR) was busy negotiating and settling enforcement actions in November and early December. Since October 31, 2024, the OCR has settled five separate...more
Privacy laws bring substantial compliance challenges for every organization that collects, processes, stores, and transfers personal data anywhere in the world. For legal departments, compliance professionals and internal...more
Looking for compliance education and networking in your area? SCCE & HCCA’s Regional Compliance & Ethics Conferences bring compliance practitioners from all disciplines together for convenient, local compliance education....more
Earlier this month, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced two (2) different settlements, one with a HIPAA business associate for $350,000 and one with a...more
SEC Chair Gensler Indicates Commission is Looking to Update SEC’s Regulation S-P - On September 28, 2022, Securities and Exchange Commission (“SEC” or the “Commission”) Chairman Gary Gensler appeared via video at the...more
Our Virtual Regional Healthcare Compliance Conferences provide updates on the latest news in regulatory requirement, compliance enforcement, and strategies to develop effective compliance programs. Watch, listen, and ask...more
Given what the healthcare industry faced in 2020, the seventh edition of our Data Security Incident Response (DSIR) Report, “Disruption and Transformation,” is aptly titled. As if fighting the COVID-19 pandemic weren’t enough...more
Nachdem die Covid-19-Pandemie seit etwa einem Jahr dazu führt, dass mehr und mehr Unternehmen den Arbeitsplatz ihrer Mitarbeiter ins Home Office verlagern bzw. Mobile Work einführen, schreiben mittlerweile auch die geltenden...more
CYBERSECURITY - GAO Report Identifies Need for DOE to Address Risks to Electrical Distribution System - The United States Government Accountability Office (GAO) recently completed and published a study on electricity...more
CYBERSECURITY - Free Ransomware Service Offered to U.S. Hospitals - The Center for Internet Security (CIS) announced last week that it has launched the Malicious Domain Blocking and Reporting (MDBR) service to assist...more
Report on Patient Privacy 21, no. 2 (February 2021) - Unless an extension is granted or the notice of proposed rulemaking (NPRM) is withdrawn, covered entities (CEs) and business associates (BAs) have until late March to...more
CYBERSECURITY - Health and Personal Information of N.C. Residents Posted Online by Ransomware Group - Becker’s Health IT reports that two batches of sensitive information of Chatham County, N.C. residents have been posted...more
Report on Patient Privacy 18, no. 1 (January 2021) - The HHS Office for Civil Rights (OCR) settled its 13th enforcement action in its Right of Access Initiative, first announced in 2019 to support individuals’ rights to...more
CYBERSECURITY - VA Alerting 46,000 Veterans of Compromise - The U.S. Department of Veterans Affairs Office of Management (VA) has announced that it is notifying approximately 46,000 veterans that their personal...more
SDNY Rejects Standing under “Increased Risk” Theory Where Data Not Targeted or Stolen - The Southern District of New York rejected a settlement that would have resolved a class action based on the unauthorized (and...more
Regulators, industry experts, and researchers provided insight into health privacy and security enforcement trends, emerging threats, and new tools at a recent conference focused on the Health Insurance Portability and...more
Federal US News - FTC Takes Action Against Companies Falsely Claiming Compliance With International Privacy Agreements - The FTC reached a settlement with a background screening company over allegations it falsely claimed...more
On June 28, 2018, California Gov. Jerry Brown signed into law the California Consumer Privacy Act (CCPA or “the Act”), which is the broadest and most comprehensive privacy law enacted in the United States to date.1 The CCPA...more