Madison Pool on Data Protection

OCR Issues Proposed Rule to Strengthen Cybersecurity for ePHI

The Office for Civil Rights (“OCR”) under the U.S. Department of Health and Human Services (“HHS”) recently issued a Notice of Proposed Rulemaking (the “Proposed Rule”) to modify the Health Insurance Portability and...more

1/17/2025 / Cybersecurity , Data Privacy , Data Protection , Department of Health and Human Services (HHS) , Electronic Protected Health Information (ePHI) , Encryption , HIPAA Security Rule , Multi-Factor Authentication , Risk Management

Responding to a Third-Party Data Breach: Practical Legal and Compliance Steps

Cyberattacks and data incidents are rapidly increasing, and third-party services companies are a frequent source of exposure for healthcare providers. Healthcare is a prime target for cybercriminals, with ransomware and...more

3/21/2024 / Compliance , Cyber Threats , Cybersecurity , Data Breach , Data Protection , Department of Health and Human Services (HHS) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , OCR , Popular , Risk Management

Comment Deadline Approaching: Health Breach Notification Rule

Summary - On May 18, 2023, the Federal Trade Commission (“FTC”) announced a Notice of Proposed Rulemaking (the “Proposed Rule”), which both clarifies the scope of the Health Breach Notification Rule (“HBN Rule”) to include...more

7/21/2023 / Breach Notification Rule , Cybersecurity , Data Breach , Data Protection , Digital Health , Federal Trade Commission (FTC) , Mobile Apps , Notification Requirements , Personally Identifiable Information

Recent OCR HIPAA Enforcement Actions and Request for Information on HITECH Implementation

Enforcement Actions - In its first announcement of enforcement actions in 2022, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) simultaneously announced the resolution of three...more

4/20/2022 / Business Associates , Covered Entities , Cybersecurity , Data Protection , Electronic Protected Health Information (ePHI) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Security Rule , HITECH Act , OCR

Upcoming Annual Deadline for HIPAA Small Breach Reporting: March 1, 2022

HIPAA-covered entities should note the quickly approaching March 1, 2022 deadline for reporting breaches of unsecured protected health information that occurred in 2021 and involved fewer than 500 individuals. This article...more

1/26/2022 / Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Department of Health and Human Services (HHS) , Electronic Protected Health Information (ePHI) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Breach , HIPAA Breach Notification Rule , Patient Privacy Rights , PHI , Reporting Requirements

HIPAA Compliance: Highlights from 2020 and Focus Areas for 2021

2020 was an active year for HIPAA regulatory activity by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). In this article, we take a look at some of the HIPAA highlights from 2020 and...more

1/27/2021 / Data Privacy , Data Protection , Department of Health and Human Services (HHS) , Electronic Protected Health Information (ePHI) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , Medical Records , OCR , PHI , Right of Access

HIPAA Compliance for 2019: Enforcement Trends and Lessons Learned from 2018

After a relatively slow first six months, 2018 turned into an active year for HIPAA enforcement, with the Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) announcing the largest-ever HIPAA...more

2/27/2019 / Business Associates , Covered Entities , Data Breach , Data Protection , Department of Health and Human Services (HHS) , Health Insurance Portability and Accountability Act (HIPAA) , OCR , PHI

Madison Pool

Arnall Golden Gregory LLP

Popular Topics by This Author

Latest Posts › Data Protection