With 2025 barely three weeks old, the US Department of Health and Human Services Office for Civil Rights (OCR) has already announced six enforcement actions for the new year. Particularly significant is the advancement of...more
1/22/2025
/ Breach Notification Rule ,
Cyber Attacks ,
Data Breach ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
OCR ,
PHI ,
Phishing Scams ,
Ransomware ,
Risk Assessment ,
Risk Management ,
Training
On January 6, 2025 the U.S. Department of Health and Human Services published a Proposed Rule (90 FR 898) to strengthen the HIPAA Security Rule and afford greater cybersecurity protections for electronic protected health...more
1/7/2025
/ Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
Incident Response Plans ,
Information Technology ,
OCR ,
Risk Management ,
Subcontractors
On April 22, 2024, the Department of Health and Human Services (HHS) announced a Final Rule titled HIPAA Privacy Rule to Support Reproductive Health Care Privacy. The Final Rule strengthens the Health Insurance Portability...more
The California Privacy Protection Agency (CPPA) released initial draft regulations for cybersecurity audits (which have since been amended) and risk assessments late this summer. The agency’s board of directors addressed the...more
12/5/2023
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Genetic Testing ,
Geolocation ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Risk Assessment ,
Sensitive Personal Information