News & Analysis as of

Risk Assessment Health Insurance Portability and Accountability Act

National Association of Insurance Commissioners Issues Insurance Data Security Model Law

• NAIC recently adopted an Insurance Data Security Model Law that follows the risk assessment-based approach of the New York DFS Cybersecurity Regulation. This signals the growing influence of the New York Regulation,...more

A Little Help From HIPAA

by McGuireWoods LLP on

HIPAA’s Security Rule requires that Covered Entities perform “periodic” Security Risk Assessments. All too often, however, this regulatory obligation is ignored altogether, performed extremely sporadically, or treated as a...more

Failing To Update Compliance Plans May Be Costly

by Roetzel & Andress on

If you are a provider of healthcare services, you need a compliance plan. A compliance plan is a written document that details your practice’s policies, procedures, and operations. While many providers are aware of the...more

Recent Events Increase the Importance of HIPAA Risk Analyses and HIPAA Policies

Recent events highlight the fact that threats to customer and patient data continue to increase. In recent months, government agencies, news outlets, and others have spent considerable time investigating and reporting on...more

OCR Settlement Lessons - Failing to Perform an Electronic Access Risk Analysis Before an Unauthorized Access Occurs

by Ruder Ware on

Failure to conduct a risk assessment before a hacking incident occurred resulted in a $400,000 settlement between the Office of Civil Rights (OCR) and a Federally Qualified Health Clinic (FQHC). The FQHC filed a breach...more

Lessons from OCR HIPAA Settlements - Mobile Device Security Standards

by Ruder Ware on

In the first known case involving a wireless provider, a cardiology service provider agreed to pay a $2.5 million settlement based on the impermissible disclosure of unsecured electronic protected health information (ePHI)....more

Two HIPAA Mistakes Lead to Fines from OCR

It was a busy April for the Office for Civil Rights (“OCR”) (see our prior post on a settlement from earlier in April). On April 20, OCR announced a Resolution Agreement with Center for Children’s Digestive Health, S.C....more

Healthcare Advisory: HHS Announces First Settlement with a Wireless Health Services Provider

by Sherman & Howard L.L.C. on

On April 24, 2017, the Department of Health and Human Services, Office of Civil Rights (“OCR”), announced its first settlement with a wireless health services provider, CardioNet, Inc., for alleged violations of the Health...more

Gone Phishin’: Hack Leads to HIPAA Settlement

Earlier this week, the HHS Office for Civil Rights (“OCR”) announced a $400,000 settlement with Metro Community Provider Network (“MCPN”) related to a 2012 HIPAA breach caused by a phishing scam. The phishing scam, carried...more

What Did They Say About Cybersecurity in 2016? 8 Proclamations from Regulators and the Courts

by Orrick - Trust Anchor on

There is no such thing as compliance with the NIST Cybersecurity Framework (FTC). In September, the FTC dispelled a commonly held misconception regarding the NIST Framework: It “is not, and isn’t intended to be, a standard or...more

Lessons Learned from Recent OCR Settlements

by Ruder Ware on

We can learn some valuable lessons about compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) from settlements that are announced by the U.S. Department of Health and Human Services, Office...more

HHS OCR Levies Significant HIPAA Penalties in a Series of Recent Settlements: Covered Entities and Business Associates Alike...

by Arnall Golden Gregory LLP on

Between June and November 2016, the Department of Health and Human Services Office of Civil Rights (HHS OCR) has announced seven high-dollar settlements to resolve alleged violations of the HIPAA privacy, security, and breach...more

OCR Stresses Importance of Authentication in Newsletter

In a recent newsletter, the Office for Civil Rights (OCR) encourages health care organizations to review their procedures around authentication and “ensure that they have the appropriate safeguards in place.”...more

HHS Designates Cloud Service Providers as Business Associates Under HIPAA

by Ballard Spahr LLP on

Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more

"Privacy & Cybersecurity Update - October 2016"

In this edition of our Privacy & Cybersecurity Update, we take a look at the FCC's new rules for broadband privacy, the FTC's new playbook for data breach response and notification, the NHTSA's voluntary guidance for...more

HIPAA Compliance – Not Just an Issue for Health Care Providers

by Dechert LLP on

Many people believe that compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) is solely an issue for health care providers and their affiliates. However, nothing could be further from the...more

Privacy & Cybersecurity Update: New York State Proposes Cybersecurity Regulation for Financial Institutions

New York state has proposed a new regulation — to go into effect January 1, 2017 — that would require banks, insurance companies and other financial services institutions regulated by the New York State Department of...more

Healthcare Compliance: Juggling Risk Mitigation Strategies

by Michael Volkov on

Healthcare organizations – ranging from physician practice groups to large, multi-state hospital systems – face a variety of risks, including fraud and abuse, as well as HIPAA privacy issues. Starting from a baseline risk...more

Record-Breaking HIPAA Settlement Sends Strong Message to Covered Entities

This month marked the largest HIPAA settlement to-date for a single entity. Advocate Health Care Network (“Advocate”) agreed to pay $5.5 million and adopt a corrective action plan after an investigation by the Department of...more

Office of Civil Rights Posts HIPAA Phase II Audit Guidance and Advocate Health Care Settlement Information

by King & Spalding on

The Office of Civil Rights (OCR) recently uploaded two items of interest: information regarding the largest penalty to date against a single entity, Advocate Health Care Network (Advocate), and HIPAA Phase II Desk Audit...more

Latest OCR HIPAA Settlement Provides Lessons for Covered Entities

Capping off a busy month of HIPAA settlements, on August 4, the Office for Civil Rights (“OCR”) announced a $5.55 million settlement with Advocate Health Care Network (“Advocate”), the largest fully-integrated healthcare...more

Client Alert: The Government Enters into Largest HIPAA Settlement to Date; What HIPAA Covered Entities and Business Associates...

Advocate Health Care Network, which operates 12 hospitals and more than 200 other treatment centers in Chicago and central Illinois, has agreed to the largest settlement to date with the Office for Civil Rights (“OCR”) for...more

OCR Director Discusses Phase 2 Audits, OCR Priorities

A representative of the U.S. Department of Health and Human Services Office of Civil Rights (OCR) recently presented at a compliance forum to provide comments regarding the roll out of OCR’s Phase 2 HIPAA audits. The...more

Top Takeaways from IAPP

by Davis Wright Tremaine LLP on

The world of privacy grows every day as more data goes through the cloud. The new trends and weekly data breaches make conferences like the Global Privacy Summit all the more relevant. Earlier this month we went to...more

Pay Attention to Business Associate Agreements!

For our HIPAA-covered entity readers, we have asked these questions before: Have you taken a business associate inventory? Have you undertaken a comprehensive risk assessment as required by HIPAA?...more

72 Results
|
View per page
Page: of 3
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.