The Office for Civil Rights (“OCR”) under the U.S. Department of Health and Human Services (“HHS”) recently issued a Notice of Proposed Rulemaking (the “Proposed Rule”) to modify the Health Insurance Portability and...more
Cyberattacks and data incidents are rapidly increasing, and third-party services companies are a frequent source of exposure for healthcare providers. Healthcare is a prime target for cybercriminals, with ransomware and...more
3/21/2024
/ Compliance ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Popular ,
Risk Management
On December 7, 2023, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced its first-ever settlement involving a phishing attack under the Health Insurance Portability and...more
Summer is in full swing, but the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) is doing anything but taking a vacation from HIPAA. In May and June, OCR issued five resolution agreements...more
Summary - On May 18, 2023, the Federal Trade Commission (“FTC”) announced a Notice of Proposed Rulemaking (the “Proposed Rule”), which both clarifies the scope of the Health Breach Notification Rule (“HBN Rule”) to include...more
Enforcement Actions -
In its first announcement of enforcement actions in 2022, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) simultaneously announced the resolution of three...more
HIPAA-covered entities should note the quickly approaching March 1, 2022 deadline for reporting breaches of unsecured protected health information that occurred in 2021 and involved fewer than 500 individuals. This article...more
1/26/2022
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Breach Notification Rule ,
Patient Privacy Rights ,
PHI ,
Reporting Requirements
In recent years, the CFPB has struck fear into the C-suites of financial services companies. The agency was extraordinarily active in rulemaking that addresses every aspect of lending, prepaid cards and arbitration clauses in...more
1/17/2018
/ Civil Investigation Demand ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Department of Labor (DOL) ,
Employer Liability Issues ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Popular ,
Sexual Harassment ,
Tax Cuts and Jobs Act ,
Tax Reform ,
Wage and Hour
With OCR’s recent announcement of its first enforcement action for lack of timely breach notification and its increased focus on small breaches, the upcoming annual reporting deadline for small breaches takes on increased...more