Companies that make ransomware payments, whether they be the victim of a ransomware attack or entities that facilitate such payments, should review the updated advisory issued by U.S. Department of the Treasury's Office of...more
9/28/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Economic Sanctions ,
Financial Institutions ,
Hackers ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
Risk-Based Approaches ,
SDN List
Vendors of health applications (“health apps”) and connected devices that collect or use individuals’ health information, along with their service providers, are now on notice that they must provide timely notice to consumers...more
Medicare and Medicaid certified facilities will be required to ensure that their employees are vaccinated for COVID-19, the Centers for Medicare & Medicaid Services (CMS) announced on September 9, 2021. ...more
9/14/2021
/ Biden Administration ,
Centers for Medicare & Medicaid Services (CMS) ,
Coronavirus/COVID-19 ,
Emergency Management Plans ,
Employer Liability Issues ,
Employer Mandates ,
Essential Workers ,
Health and Safety ,
Healthcare Workers ,
Infectious Diseases ,
OSHA ,
Public Health Emergency ,
Vaccinations ,
Workplace Safety
Private employers with 100 or more employees will be required to ensure their employees are either “fully vaccinated” or provide proof of a negative COVID-19 test at least once a week, under President Biden’s new six-prong...more
9/13/2021
/ Biden Administration ,
Coronavirus/COVID-19 ,
Critical Infrastructure Sectors ,
Emergency Management Plans ,
Employer Liability Issues ,
Employer Mandates ,
Essential Workers ,
Federal Contractors ,
Federal Employees ,
Health and Safety ,
Healthcare Workers ,
Infectious Diseases ,
OSHA ,
Public Health Emergency ,
Vaccinations ,
Workplace Safety
Colorado just became the third state to pass a comprehensive data privacy law, creating more challenges for businesses trying to navigate a variety of state, federal, and international privacy regimes. The Colorado Privacy...more
7/19/2021
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Controller ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Digital Service Providers ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Reform ,
Regulatory Standards
The media has widely reported that several governmental, non-profit, and private organizations, including entities in the healthcare sector, are offering a variety of incentives to encourage more individuals to take the...more
In response to a recent General Accounting Office (GAO) report recommending federal guidance to mitigate cybersecurity risks in retirement plans and to respond to ever-increasing cyber threats to plan participant data and...more
4/16/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Protection ,
Department of Labor (DOL) ,
EBSA ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Fiduciary ,
GAO ,
Investment Management ,
Popular ,
Retirement Plan ,
Risk Mitigation
The New York Department of Financial Services ("NYDFS") recently released its Cyber Insurance Risk Framework (the “Framework”), which provides best practices for managing cyber insurance risk....more
2/25/2021
/ Commercial Insurance Policies ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
Personally Identifiable Information ,
Popular ,
Risk Management
While fighting a surge of new coronavirus infections in many parts of the country, healthcare providers must also be prepared to defend against ransomware. On October 28, 2020, the FBI, the U.S. Department of Health and Human...more
10/30/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
FBI ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Ransomware ,
Vulnerability Assessments
The Court of Justice of the European Union (CJEU) recently issued a decision with global implications for data transfers from the EU in a case referred to the CJEU from the Irish Data Protection Commissioner, colloquially...more
8/5/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Internal Revenue Service (“IRS”) recently clarified that CARES Act Provider Relief Funds (“Relief Funds”) are considered taxable income for for-profit providers, including physician practices. This news comes as a...more
Healthcare providers are under siege, not only from the COVID-19 pandemic, but also from cyber criminals. Following reports of targeted email phishing attempts, the FBI issued a FLASH alert warning healthcare providers on...more
Many employers are now making plans to have their employees return to the workplace. Based on recent alerts from the FBI, part of preparing to protect workers from COVID-19 at work should include protecting the company from...more
While the CARES Act signals relief for many healthcare providers, it is important to remember that there are strings attached and reasons for providers to involve their compliance departments in the use and tracking of the...more
Once an employee has been exposed to a suspected or confirmed case of COVID-19, what do you do? Once an employee has tested positive, what do you say?...more
Hospitals will have a limited waiver of HIPAA sanctions and penalties during the COVID-19 outbreak as a result of a bulletin issued on March 16, 2020 by the U.S. Department of Health and Human Services....more
3/18/2020
/ Anti-Discrimination Policies ,
China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
HIPAA Privacy Rule ,
Infectious Diseases ,
OCR ,
Patient Privacy Rights ,
Personally Identifiable Information ,
PHI ,
Public Health ,
Relief Measures ,
Sanctions ,
Secretary of HHS
Since the California Consumer Privacy Act (CCPA) was enacted in June 2018, businesses have been waiting for the proposed regulations to provide guidance and potential clarifications. On October 10, 2019, California Attorney...more
10/18/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Private Right of Action ,
Proposed Regulation ,
Right to Delete
The latest HIPAA resolution agreement by the U.S. Department of Health and Human Services Office for Civil Rights (OCR) is a reminder that healthcare providers must take the high road when responding to unflattering online...more
10/8/2019
/ Calculation of Penalties ,
Corrective Actions ,
Data Breach ,
Disclosure Requirements ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
Notice of Privacy Practices ,
OCR ,
Online Reviews ,
Personally Identifiable Information ,
PHI ,
Policies and Procedures ,
Regulatory Violations ,
Settlement ,
Social Media
The effects of a data breach can be disastrous for any company, but especially for a nonprofit organization, not only because of the harm to the affected individuals, including those served by the organization, but also the...more
Nonprofit organizations often collect personal information from a variety of sources such as donors, employees, volunteers, and the people who benefit from their services. This information is diverse and might include credit...more
It is safe to say that there has been much fear and confusion over the European Union (EU) General Data Protection Rule, or GDPR. ...more
5/1/2018
/ Cooperative Compliance Regime ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
Based on the results of the Office for Civil Rights (OCR) Health Insurance Portability and Accountability Act of 1996 (HIPAA) Phase 2 desk audits for covered entities, small and mid-sized providers (Smaller Providers) are on...more
As has been widely reported, on May 12, 2017, organizations around the world, including Britain’s National Health Service, found their data held hostage by actors using a new variant of ransomware called WannaCry. According...more
5/15/2017
/ Cyber Attacks ,
Cyber Crimes ,
Data Breach ,
Email ,
Hackers ,
Health Care Providers ,
Hospitals ,
OCR ,
Phishing Scams ,
Ransomware ,
US-CERT
April proved to be a busy month for the U.S. Department of Health and Human Services Office for Civil Rights (OCR) under its newly appointed director, Roger Severino. OCR announced three settlements of potential HIPAA...more
5/2/2017
/ EHealth ,
Electronic Protected Health Information (ePHI) ,
FQHC ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
PHI ,
Phishing Scams ,
Risk Management ,
Settlement ,
Telehealth
Children’s Medical Center of Dallas (Children’s) was hit with a $3.2 million civil penalty from the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) for failing to take steps to properly protect...more
2/8/2017
/ Civil Monetary Penalty ,
Cyber Attacks ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Hospitals ,
OCR ,
Penalties ,
Personally Identifiable Information ,
PHI ,
Security Standards