Security and Privacy Controls, Covered Entities, PHI

A New Budgetary Line Item for 2025 - New York-based Hospitals Should Plan Now for the Fiscal and Operational Costs Associated with...

BakerHostetler on 12/11/2024

On October 2, the New York State Department of Health (NYSDOH) issued new cybersecurity regulations (Regulations) for all general hospitals in New York state (“hospitals”), creating a new Section 405.46 in Title 10 (Health)...more

HIPAA Tidings: A Look at OCR's Recent Enforcement Actions

Holland & Knight LLP on 12/4/2024

In addition to holiday celebrations, the month of December typically ushers in a final round of enforcement actions by the U.S. Department of Health and Human Services' (HHS) Office of Civil Rights (OCR), and 2024 is no...more

HIPAA Gets a Potential Counterpart in HISAA

Winstead PC on 11/8/2024

Americans hear about cybersecurity incidents on a frequent basis. As the adage goes, it is not a matter of “if” a breach or security hack occurs; it is a matter of “when.”...more

HHS OCR Announces Largest Civil Monetary Penalty Imposed Since 2021 for Snooping Incident

BakerHostetler on 2/13/2024

Nearly two months after settlement was reached, the Department of Health and Human Services Office for Civil Rights (HHS OCR) announced on Feb. 6 that it obtained a resolution agreement with Montefiore Medical Center over...more

A Yelp From Posting on Yelp®

White and Williams LLP on 10/8/2019

Are your employees instructed on the proper (and improper) use of social media? Does your organization have policies and provide training on the appropriate handling of sensitive information? A recent United States Department...more

HIPAA Enforcement In 2018 Hits All Time High

Harris Beach Murtha PLLC on 2/8/2019

Privacy and cybersecurity is at the forefront of everyone’s mind these days and, in 2018, the Office for Civil Rights (“OCR”) settled ten cases and prevailed in another before an Administrative Law Judge to the tune of...more

OCR Reminds Us about a Fundamental Aspect of Physical Security for PHI

Poyner Spruill LLP on 6/20/2018

In its monthly Cybersecurity Newsletter at the end of May, the Office of Civil Rights (OCR) of the United States Department of Health and Human Services pointedly reminds us of the need to be conscious of some fundamental...more

OCR Highlights Importance of Physical Safeguards to Protect PHI

Mintz - Health Care Viewpoints on 6/1/2018

The May 2018 cyber security newsletter from the U.S. Department of Health and Human Services Office for Civil Rights (OCR) focused on a topic often overlooked by covered entities and their business associates: physical...more

Another Key to HIPAA Compliance – Have Policies and Procedures and Implement Them, Too

Williams Mullen on 8/18/2017

On this blog, we have discussed the criticality of risk analyses – the assessment required by the Security Rule of the “risks and vulnerabilities” that an organization faces with respect to all of its electronic protected...more

HHS Issues Cloud Computing Guidance Which Is Helpful To All Users of Cloud Services

Jackson Lewis P.C. on 10/10/2016

Last week, the Department of Health and Human Services’ Office for Civil Rights (OCR) provided guidance for HIPAA covered entities and business associates that use or want to use cloud computing services involving protected...more

How to Develop a HIPAA Incident Response Team

BCLP on 8/29/2016

Covered entities and business associates are required to identify and report breaches of unsecured protected health information (“PHI”) and security incidents. “Breach” is defined as the acquisition, access, use, or...more

Security and Privacy Controls › Covered Entities › Protected Health Information

"My best business intelligence, in one easy email…"