Steps Your Nonprofit Can Take to Mitigate Fraud Risks - Part 2
A Third Party's Perspective on Third Party Risk
Implications of the SEC Cybersecurity Disclosure Rule
Privacy Issues from Third-Party Website Tags
What's the Tea in L&E? Employee Devices: What is #NSFW?
Preparing for a Government Healthcare Audit
Tackling Credit Push Fraud: Understanding Nacha's Risk Management Package (Part Two) — Payments Pros: The Payments Law Podcast
Compliance into The Weeds: The Complexity of Risk Assessments
Behavioral Health Compliance
The Importance of Assessment Areas
RegFi Episode 8: The Technological Path to Outcomes-Based Regulation with Matt Van Buskirk
What Physicians Need to Understand About Balance Billing
What Nonprofit Board Leadership Needs To Know About Internal Investigations
Taking a Behavioral Approach to Compliance
Episode 291 -- Interview of Mary Shirley on Her New Compliance Book
ChatGPT Risks for Compliance Programs
Season 2 Episode 3 - The Role of Ethics and Compliance Programs in International Business
In the Boardroom With Resnick and Fuller - Episode 4
What Non-Financial Institutions Need to Know About Gramm-Leach-Bliley
"Board-er" Patrol in Privacy and Cyberattacks - Unauthorized Access Podcast
On April 12, Nebraska Governor Jim Pillen signed Legislative Bill 1074 into law, making Nebraska the 16th U.S. state to enact a comprehensive privacy law. The Nebraska Data Privacy Act (NEDPA) will take effect on January 1,...more
On February 28, 2024, President Biden signed Executive Order (EO) 14117 titled “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” On March 5,...more
The number of large data breaches, those involving 500 or more people, exposing protected health information has increased exponentially in the last few years, and ransomware and hacking are the primary cyber threats in...more
On February 6, the U.S. Department of Health and Human Services (HHS) announced a $4.75 million settlement with Montefiore Medical Center (MMC) for a breach of unsecured electronic protected health information (ePHI). The...more
The HHS Office for Civil Rights (OCR) and other government agencies aren’t just worried that providers understand—and mitigate—the privacy and security risks of telehealth. In fact, in 2022, the Government Accountability...more
While some of the legal requirements on your organization can seem overly burdensome, there are times when legal requirements also align nicely with what makes good business sense. Risk assessments in the healthcare industry...more
To celebrate Data Privacy Day (January 28), we present our top ten data privacy and cybersecurity predictions for 2024. 1. AI regulations to protect data privacy. Automated decision-making tools, smart cameras, wearables,...more
The California Privacy Protection Agency (CPPA) released initial draft regulations for cybersecurity audits (which have since been amended) and risk assessments late this summer. The agency’s board of directors addressed the...more
Report on Patient Privacy 23, no. 10 (October, 2023) By 2016, it should have been clear to HIPAA covered entities that a security risk analysis—and corresponding risk management plan—were compliance basics. Yet, a new...more
Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more
Throughout 2022, we continue to see regulators placing an emphasis on the importance of protecting and securing information, in particular consumer personal information, at both the federal and state levels. ...more
Get the latest updates on government initiatives related to physicians and clinics - HCCA’s Clinical Practice Compliance Conference provides insights, updates, and strategies that are pertinent to developing and managing...more
Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more
COVID-19 has challenged health care providers to change the way they offer services — from shifting to an increasingly remote workforce to diving into telehealth. These adjustments have privacy implications. The following are...more
This two-day Regional Compliance and Ethics Conferences provide attendees with a forum to interact with local compliance professionals, share information about your compliance successes and challenges, and create educational...more
HCCA's Health Care Research Compliance Academy is a three-and-a-half-day intensive training program focuses on compliance issues related solely to research. Its faculty is made up of experts in the field. With a wide range of...more
There are myriad opportunities for hospitals and health systems (HHSs) to engage in data-focused collaborations with other stakeholders in the healthcare industry. These collaborations include, to an increasing extent,...more
What have you done for me lately? Now that the tune is stuck in your head, specifically, have you recently conducted a thorough and up to date risk assessment in accordance with the requirements of the Health Insurance...more
Medical Informatics Engineering, Inc. and its wholly-owned subsidiaries (MIE) and the Office for Civil Rights at the U.S. Department of Health and Human Services (HHS-OCR) entered into a $100,000 settlement and two-year...more
Last week at a H&H Hi-Tech Hub presentation on Cybersecurity and Privacy Law in Salt Lake City, there was some discussion about risk assessments and how they are mandated by certain statutes and regulations depending on the...more
Under the Health Information Privacy and Portability Act (HIPAA), “covered entities” (generally speaking health care providers and their business associates) must all complete a risk assessment to identify and mitigate...more
On June 18, 2018, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that an HHS Administrative Law Judge (“ALJ”) granted summary judgment to OCR in an enforcement action...more
HIPAA was enacted in 1996. In the years since, most healthcare entities have adapted to the major requirements imposed by HIPAA, HITECH, and the Privacy and Security Rules. Nevertheless, the thicket of regulations still...more
Artificial Intelligence (AI) systems, including the use of algorithms and computer software to analyze complex data and perform certain decision making functions without direct human involvement, are rapidly developing in...more
In its most recent Cybersecurity Newsletter, OCR focuses on the intersection of HIPAA and information security. To be sure, HIPAA requires covered entities and business associates to address their organizations’ information...more