On November 27, 2019 the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced a $2.175 million dollar settlement with a hospital system to resolve alleged violations of HIPAA’s Breach...more
12/4/2019
/ Billing ,
Breach Notification Rule ,
Corrective Actions ,
Data Breach ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Privacy Rule ,
Hospitals ,
OCR ,
Personally Identifiable Information ,
PHI ,
Risk Management ,
Settlement
The Wolcott school system in Wolcott, Connecticut has been recovering for four months from a ransomware attack that hit its system at the end of the school year. Last week, it was hit with a second attack. According to...more
9/13/2019
/ Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Debt Collectors ,
Digital Assets ,
Educational Institutions ,
Enforcement Actions ,
Financial Services Industry ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Medical Records ,
Municipalities ,
NIST ,
Personally Identifiable Information ,
Ransomware ,
TCPA
On September 9, 2019, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that it had settled its first ever HIPAA enforcement action arising from alleged violations of the individual...more
9/11/2019
/ Corrective Actions ,
Data Management ,
Electronic Medical Records ,
Enforcement Actions ,
Failure to Comply ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
Personally Identifiable Information ,
PHI ,
Regulatory Standards ,
Regulatory Violations ,
Right of Access
On September 9, 2019, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that it had settled its first ever HIPAA enforcement action arising from alleged violations of the individual...more
In a development that may – understandably – have been overlooked by many heading into Memorial Day weekend, on May 24, 2019, the Health and Human Service’s (HHS) Office for Civil Rights (OCR) issued a Fact Sheet on Direct...more
According to a recent survey of cybersecurity professionals by AT&T Cybersecurity entitled “Confidence: the perception and reality of cybersecurity threats,” phishing and cloud security threats are keeping them up at...more
5/3/2019
/ Best Practices ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Drones ,
Federal Aviation Administration (FAA) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Limitation of Liability Clause ,
Phishing Scams ,
Popular ,
Unmanned Aircraft Systems
On April 26, 2019, the U.S. Department of Health and Human Services (HHS) issued a Notification of Enforcement Discretion (Notice) regarding imposition of Civil Money Penalties (CMPs) under HIPAA. ...more
4/30/2019
/ Civil Monetary Penalty ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HITECH Act ,
Personally Identifiable Information ,
PHI ,
Security Standards
According to Hiscox’s Third Cyber Readiness Report, which surveyed 5,400 firms in the U.S. and the E.U., cyber threats have “become the unavoidable cost of doing business today.” The Report notes that for the first time, “a...more
4/29/2019
/ Charitable Donations ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Personally Identifiable Information ,
Popular ,
Scams ,
Vulnerability Assessments
On April 18, 2019, the Department of Health & Human Services Office for Civil Rights (OCR) issued five new FAQs addressing the applicability of HIPAA to the use of software applications (apps) by individuals to receive health...more
The Department of Homeland Security (DHS) issued a warning on April 15, 2019 entitled “VPN Applications Insecurely Store Session Cookies” (Vulnerability Note VU#192371) stating that “[M]ultiple Virtual Private Network (VPN)...more
4/19/2019
/ Cookies ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Email ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Incident Response Plans ,
Information Technology ,
Personally Identifiable Information ,
Phishing Scams
On April 8, 2019, The University of Texas MD Anderson Cancer Center (MDA) filed a petition with the U.S. Court of Appeals for the Fifth Circuit seeking review of a decision by the Department of Health & Human Services’s (HHS)...more
According to reports, a Georgia-based physician who previously pleaded guilty to criminal violations of the Health Insurance Portability and Accountability Act (HIPAA) received six months of probation from a Massachusetts...more
For data security buffs like me, the recent McAfee® Labs Threats Report, December 2018 is, or should be, a top pick on the list. Well, maybe not for the holiday reading list. We need to be careful not to bring up the results...more
12/27/2018
/ Article III ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Driverless Cars ,
Drones ,
Experian ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
OCR ,
Public Health ,
Risk Management ,
Smart Devices ,
Standing ,
Transportation Industry ,
Vaccinations ,
Value-Based Care ,
Vulnerability Assessments
On December 14, 2018 the Department of Health & Human Services Office for Civil Rights (OCR) published a Request for Information (RFI) soliciting public input on updates to regulations promulgated under the Health Insurance...more
12/19/2018
/ Comment Period ,
Covered Entities ,
Deregulation ,
Electronic Health Record Incentives ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Reform ,
OCR ,
PHI ,
Regulatory Agenda ,
Regulatory Burden ,
Request For Information ,
Value-Based Care
On November 2, 2018, the New Jersey Attorney General announced a settlement worth up to $200,000 with a former medical transcription company responsible for a breach affecting medical records of up to 1,654 patients of a New...more
In late August, the Attorney General of the State of New York announced a $200,000 settlement with a New York-based non-profit organization that provides services to developmentally disabled individuals and their families...more
On April 30, 2018 a Massachusetts physician was convicted of a criminal violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as well as one count of obstruction of a criminal health care...more
U.S. Estimates that Cyber Hacks Cost Up to $109 Billion in 20 -
The Council for Economic Advisors (CEA) issued a report this month, entitled “The Cost of Malicious Cyber Activity to the U.S. Economy,” which concludes that...more
2/26/2018
/ Banking Sector ,
Bitcoin ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Justice (DOJ) ,
Digital Currency ,
Disclosure Requirements ,
Drones ,
Federal Agency Taskforce ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Malware ,
OCR ,
PHI ,
Publicly-Traded Companies ,
Securities and Exchange Commission (SEC) ,
TCPA ,
Virtual Currency
On February 13, 2018, the HHS Office for Civil Rights (OCR) announced a $100,000 settlement with a court-appointed receiver representing Filefax, Inc. (Filefax) arising from the 2015 discovery of medical records that...more
In a long-awaited decision concerning the confidentiality of medical records and patient privacy, the Connecticut Supreme Court recently concluded that the physician-patient relationship establishes a duty of confidentiality...more
In a long-awaited decision concerning the confidentiality of medical records and patient privacy, the Connecticut Supreme Court recently concluded that the physician-patient relationship establishes a duty of confidentiality...more
The Centers for Medicare & Medicaid Services (CMS) recently issued guidance intended to help clinicians eligible for the Merit-based Incentive Payment System (MIPS) navigate an attestation required thereunder concerning the...more
11/6/2017
/ Alternative Payment Models (APM) ,
CEHRT ,
Centers for Medicare & Medicaid Services (CMS) ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medicare Access and CHIP Reauthorization (MACRA) ,
MIPS ,
PHI ,
Physician Medicare Reimbursements ,
Quality Payment Program (QPP)
US-CERT Warns of New Ransomware: Bad Rabbit -
The U.S. Computer Emergency Readiness Team (US-CERT) is warning companies in the U.S. about a new ransomware dubbed “Bad Rabbit.” US-CERT stated it has received multiple...more
11/3/2017
/ Airspace ,
Biometric Information ,
Centers for Medicare & Medicaid Services (CMS) ,
Children's Health Insurance Program (CHIP) ,
Class Action ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Department of Transportation (DOT) ,
Drones ,
Federal Aviation Administration (FAA) ,
Federal Pilot Programs ,
Fingerprints ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hilton ,
Hospitality Industry ,
Hotels ,
Hyatt ,
Information Technology ,
Internet of Things ,
LG Electronics ,
Malware ,
Medicare Access and CHIP Reauthorization (MACRA) ,
MIPS ,
NASA ,
Personally Identifiable Information ,
Ransomware ,
Risk Management ,
Unmanned Aircraft Systems ,
US-CERT
On November 30, 2016, the U.S. House of Representatives voted strongly in favor of the 21st Century Cures Act (the Act), an expansive health bill that addresses the discovery and development of new medical therapies as well...more
12/6/2016
/ Disclosure ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Mental Health ,
OIG ,
Pending Legislation ,
PHI ,
Privacy Rule ,
Substance Abuse
On July 11, 2016, the U.S. Department of Health & Human Services (HHS) issued a Fact Sheet that provides guidance on (i) how HIPAA Security Rule compliance can assist health care organizations combat ransomware attacks, and...more
7/21/2016
/ Breach Notification Rule ,
Cyber Attacks ,
Data Breach ,
Electronically Stored Information ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
PHI ,
Popular ,
Ransomware ,
Security Risk Assessments