Paul Otto

Paul Otto

Hogan Lovells

Contact
View Bio
RSS

Latest Posts › Health Insurance Portability and Accountability Act (HIPAA)

Share:

Slew of OCR activity underscores agency’s focus on security and AI

Recent enforcement actions, audit activity, proposed rulemakings, and guidance issued by the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) highlight the agency’s focus on health data...more

1/17/2025  /  Artificial Intelligence , Audits , Compliance , Cyber Attacks , Cybersecurity , Data Privacy , Data Security , Enforcement Actions , Health Insurance Portability and Accountability Act (HIPAA) , OCR , Ransomware , Risk Management

Federal court strikes blow to expansive OCR web tracking position

The ability of OCR to enforce expansive portions of its controversial web tracking guidance has been severely limited. A federal district court ruled that the guidance exceeded the agency’s authority, and in particular...more

6/25/2024  /  American Hospital Association , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , OCR , Popular , Tracking Systems , Web Tracking

HHS OCR creates new HIPAA enforcement arm and enhances focus on cybersecurity and privacy oversight

This week the U.S. Department of Health and Human Services, the agency responsible for HIPAA enforcement, announced the formation of three new divisions within the Office for Civil Rights (“OCR”). The new divisions –...more

3/2/2023  /  Cybersecurity , Data Breach , Data Privacy , Data Security , Department of Health and Human Services (HHS) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , OCR

HHS seeks comment by June 6 on recognized security practices as mitigating factor in HIPAA enforcement

The US Department of Health Human Services (HHS) is seeking public comments about the appropriate role of “recognized security practices” in enforcement of the HIPAA Security Rule. Congress, through an amendment to the HITECH...more

4/19/2022  /  Cybersecurity , Department of Health and Human Services (HHS) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , HITECH Act , NIST , OCR , Public Comment , Request For Information

FTC emphasizes expectations around the health breach notification rule

The Federal Trade Commission (FTC) recently has signaled its intent to inject new life into a longstanding but rarely triggered rule governing health breach notifications for non-HIPAA-covered health records. Specifically,...more

2/28/2022  /  Breach Notification Rule , Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Digital Health , Federal Trade Commission (FTC) , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , Popular

Hold the punitive damages: Connecticut is latest to incentivize implementing cybersecurity frameworks

Connecticut’s new cybersecurity standards law, which goes into effect on October 1, 2021, protects companies from punitive damages in certain data breach actions where an organization has a cybersecurity program that conforms...more

10/1/2021  /  Affirmative Defenses , Cybersecurity , Data Breach , Data Privacy , Data Protection , Data Security , Federal Information Security Modernization Act (FISMA) , Gramm-Leach-Blilely Act , Health Insurance Portability and Accountability Act (HIPAA) , NIST , Popular , Safe Harbors , State Data Breach Notification Statutes

NIST seeks public comment to inform updates to HIPAA Security Rule guidance

The National Institute of Standards and Technology (NIST) is seeking public comment as it prepares to update its Introductory Resource Guide on implementing the Health Insurance Portability and Accountability Act (HIPAA)...more

5/17/2021  /  Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Security Rule , NIST , Public Comment

Fifth Circuit Vacates $4.3M Penalty Against MD Anderson Related to Data Losses - Challenge to Civil Money Penalties Imposed by HHS...

There has been a significant development in the ongoing debate regarding the scope of the authority of the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) to issue penalties under the Health...more

2/2/2021  /  Data Breach , Data Security , Department of Health and Human Services (HHS) , Electronic Protected Health Information (ePHI) , Enforcement Actions , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Privacy Rule , OCR , Patient Privacy Rights

OCR Provides Insight into Enforcement Priorities and Breach Trends

Regulators, industry experts, and researchers provided insight into health privacy and security enforcement trends, emerging threats, and new tools at a recent conference focused on the Health Insurance Portability and...more

10/22/2019  /  Cyber Attacks , Cybersecurity , Cybersecurity Framework , Data Breach , Department of Health and Human Services (HHS) , Electronic Medical Records , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Breach , Information Technology , NIST , OCR , Personally Identifiable Information , PHI , Right of Access , Risk Assessment

HIPAA Penalty Caps to Be Reduced and Tied to Culpability Level

In a dramatic turn, the US Department of Health and Human Services (HHS) has announced that effective immediately, penalties for many HIPAA violations will be subject to substantially reduced limits. ...more

4/30/2019  /  Data Breach , Department of Health and Human Services (HHS) , Electronic Medical Records , Electronic Protected Health Information (ePHI) , Enforcement Actions , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Breach , HITECH Act , Penalties

Recap of the OCR/NIST Conference on Safeguarding Health Information

Regulators provided key insights into enforcement trends and potential changes to HIPAA regulations at the 11th Annual “Safeguarding Health Information: Building Assurance Through HIPAA Security” conference in October...more

11/19/2018  /  Cybersecurity , Data Protection , Electronic Medical Records , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , NIST , OCR , Personally Identifiable Information , PHI , Security Risk Assessments

Best practices for managing cybersecurity risks related to IoT-connected medical devices

Connected medical devices deliver numerous benefits not available before, including improved monitoring of patient welfare and a wealth of vital data. But for all the advantages available through these devices, their...more

3/12/2018  /  Best Practices , Connected Items , Cyber Attacks , Cybersecurity , Data Security , Federal Trade Commission (FTC) , Food and Drug Administration (FDA) , General Data Protection Regulation (GDPR) , Hackers , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , Internet of Things , Life Sciences , Medical Devices , Patient Safety , Personal Data , Pharmaceutical Industry , Popular , Regulatory Oversight , Risk Management , Security Risk Assessments , Training
12 Results
 / 
View per page
Page: of 1

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide