No Password Required: An FBI Special Agent's Journey from Submarines to Anti-Corruption to Cybersecurity
Life With GDPR: Episode 22- Morrisons’ and vicarious liability
This Week in FCPA-Episode 55, the Covfefe Edition
The Federal Trade Commission (FTC), at its May 18, 2023, open Commission meeting, voted unanimously to issue a Notice of Proposed Rulemaking to amend the Health Breach Notification Rule (HBNR). The FTC’s proposed amendment...more
For the first time, the Federal Trade Commission has brought an enforcement action under its 2009 Health Breach Notification Rule (HBNR). The case was brought against a digital health company, GoodRx Holdings, Inc., for...more
On September 15, 2021, the Federal Trade Commission (“FTC”) issued a Policy Statement instructing health app and connected device companies to comply with the Health Breach Notification Rule (“the Rule”). The Rule, codified...more
In a recent post, we highlighted the need for a privacy and cybersecurity training program, one not solely focused on spotting phishing attempts (although that is quite important as well). A primary reason, quite simply, is...more
In the midst of COVID-19 challenges, privacy and security matters continue to be at the forefront for federal and state legislature. In late March, the Washington D.C. (“D.C.”) legislature amended its data breach notification...more
As the health care sector further embraces the benefits of cloud computing, numerous challenges have arisen with applying HIPAA to cloud computing services....more
On March 7, 2016, the Sixth Circuit Court of Appeals ruled that security breaches of individual electronic health records (“EHRs”) do not violate the HITECH Act and cannot support False Claims Act allegations. ...more
The Office for Civil Rights (“OCR”) has selected Ashburn, Virginia-based FCi Federal to conduct the next round of HIPAA audits mandated by the HITECH Act. OCR views the audits as a compliance tool that will hopefully get out...more
Alleged HIPAA Violations Resulted from Medical Center’s Failure to Risk Assess Internet-Based Document Sharing Application and Inadequate Breach Response. The US Department of Health and Human Services (HHS) Office for...more
Last week, St. Elizabeth’s Medical Center (SEMC), a hospital located in Brighton, Massachusetts, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying...more
Washington and Oregon both recently updated laws that define data security and incident response requirements for breaches of consumers’ personal information. Details of these new requirements for each state are below. ...more