Share on Twitter Share by Email Share Back to top HIPAA Security Risk Analyses (SRAs) should be the foundation of every digital health company’s cybersecurity compliance. Far more than a checkbox exercise, a comprehensive SRA...more
6/19/2025
/ Acquisitions ,
Artificial Intelligence ,
Cybersecurity ,
Data Security ,
Digital Health ,
Due Diligence ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
HIPAA Security Rule ,
Mergers ,
OCR ,
PHI ,
Risk Management ,
Vendors
Editor’s Note: PYA and Foley & Lardner hosted the 7th Annual “Let’s Talk Compliance” two-day virtual conference on January 23 and 24, 2025. Panelists included Foley attorneys and PYA subject matter experts. The event was...more
3/5/2025
/ Compliance ,
Cybersecurity ,
Data Privacy ,
Department of Government Efficiency (DOGE) ,
Department of Health and Human Services (HHS) ,
Fraud ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Medicaid ,
Medicare ,
OIG ,
Risk Assessment ,
Third-Party
Material updates to the HIPAA Security Rule could be on the way — affecting all HIPAA-regulated entities — for the first time in two decades. The Department of Health and Human Services (HHS) issued a Notice of Proposed...more
1/7/2025
/ Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
Multi-Factor Authentication ,
NIST ,
Notice of Proposed Rulemaking (NOPR) ,
Policies and Procedures ,
Proposed Rules ,
Ransomware ,
Risk Management
Recognizing the increasing number of successful cyberattacks targeting health care organizations and their valuable patient data, the Office of the Inspector General (OIG) is calling for enhancements to the HIPAA audit...more
12/10/2024
/ Audits ,
Breach Notification Rule ,
Compliance ,
Cyber Attacks ,
Cybersecurity ,
Department of Justice (DOJ) ,
Enforcement ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Noncompliance ,
OCR ,
OIG ,
PHI ,
Vulnerability Assessments
Pixels, cookies, and trackers continue to be front of mind for HIPAA regulated entities seeking clarity on their ability to advertise, market, and engage with existing and prospective patients. On March 18, 2024, the U.S....more
3/21/2024
/ Cybersecurity ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Innovative Technology ,
Privacy Laws ,
Tracking Systems ,
Web Tracking ,
Websites
Editor’s Note: PYA and Foley & Lardner hosted the 6th Annual “Let’s Talk Compliance” two-day Virtual Conference on January 18 and 19, 2024. Panelists included Foley & Lardner attorneys and PYA experts. The event was hosted by...more
Recognizing the evolving landscape of care delivery and growth of telehealth, the U.S. Department of Health and Human Services (HHS) published a resource guide aimed at assisting telehealth providers in explaining the privacy...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
The National Institute of Standards and Technology (NIST) has released an initial draft of Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide (Resource...more
On April 4, 2022, the U.S. Department of Health and Human Services (HHS) released a Request for Information (RFI) seeking input from HIPAA-covered entities and business associates on how the industry understands and is...more
The Federal Trade Commission (FTC) just released a Policy Statement emphasizing how telemedicine and digital health apps can be held accountable under the Health Breach Notification Rule, even if the company is not subject to...more
On June 2, 2021, Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology, published a rare open letter to the corporate executives and business leaders of...more
6/14/2021
/ Corporate Executives ,
Cybersecurity ,
Department of Justice (DOJ) ,
Economic Sanctions ,
Embargo ,
Executive Orders ,
Hackers ,
International Emergency Economic Powers Act (IEEPA) ,
Joe Biden ,
Office of Foreign Assets Control (OFAC) ,
Popular ,
Ransomware ,
TWEA
The Department of Health and Human Services (HHS) announced on April 2 that HHS is exercising its enforcement discretion to permit business associates to use and disclose protected health information (PHI) for public health...more
4/6/2020
/ Business Associates Agreement (BAA) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Personally Identifiable Information ,
PHI ,
Risk Management
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
The National Institute of Standards and Technology (NIST) has announced proposed changes to NIST Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
The U.S. Department of Health and Human Services (DHHS) recently released Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP). DHHS states that the purpose of the HICP is to:
1. Raise...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
With the news of the newest international ransomware campaign that is currently affecting some organizations within the Health Care sector, it is important to not only educate staff on necessary precautions, but also be aware...more
Businesses have been scrambling since Friday evening when news spread that a ransomware attack named WannaCry is compromising organizations at an alarming rate. In less than 48 hours, it has compromised more than 130,000...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more