On October 23-24, 2024, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) Information Technology Laboratory hosted the Safeguarding...more
11/13/2024
/ Business Associates ,
Compliance ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
NIST ,
NPRM ,
OCR ,
PHI ,
Professional Conferences ,
Right of Access ,
Risk Assessment ,
Risk Management
Late on March 27, Change Healthcare (CHC)’s parent company, UnitedHealth Group (UHG), provided an update on its analysis of the extent of “impacted data” involved in the CHC incident....more
BakerHostetler is closely monitoring imminent cybersecurity threats to healthcare revenue cycle management personnel and vendors.
Most recently, Change Healthcare (CHC), a healthcare technology and business management...more
2/26/2024
/ Breach Notification Rule ,
Business Associates ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Health Technology ,
Popular ,
Technology ,
Third-Party Service Provider
2023 is going to bring big changes to Pennsylvania’s Breach of Personal Information Notification Act. Although the revisions to the law do not go into effect until May 2, 2023, now is the time for Pennsylvania entities to...more
In response to increased and persistent cybersecurity threats to American infrastructure, Congress passed the Strengthening American Cybersecurity Act (SACA), which President Joe Biden signed into law on March 15. SACA is...more
More than eight months into the Biden administration, the U.S. Department of Health & Human Services (HHS) announced the appointment of Lisa J. Pino as the new director of the Office for Civil Rights (OCR) on Sept. 27, 2021....more
As reflected in our 2021 Data Security Incident Response Report 2020 saw a sharp spike in the number of incidents involving vendors, which amounted to over 25 percent of the total incidents handled in 2020, and the trend is...more
In response to recent highly publicized cybersecurity incidents, President Biden signed an Executive Order on May 12, 2021, that contains eight key initiatives aimed at modernizing the federal government’s response to...more
The United States Court of Appeals for the Fifth Circuit recently found that the United States Department of Health and Human Services (HHS) lacked a lawful basis for a $4.3 million civil money penalty order that it issued to...more
On January 5, 2021, H.R. 7898 was signed into law with little fanfare, thereby amending the Health Information Technology for Economic and Clinical Health Act. As the healthcare industry continues to serve as one of the top...more
On Oct. 28, a joint cybersecurity advisory was published by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Department of Health & Human Services. The advisory warned of an imminent cybercrime...more
Although it was widely reported that several ransomware threat actor groups have pledged to not target healthcare providers until the COVID-19 pandemic is over, BakerHostetler’s Digital Assets and Data Management Practice...more
On Monday, the U.S. Department of Health and Human Services (HHS) issued what it calls “transformative” rules that will govern how healthcare providers, insurers and technology vendors must design their systems to give...more
In what is being seen as a strong rebuke to years of regulatory overreach, the United States District Court for the District of Columbia entered an order on January 23, 2020 that invalidates provisions of the 2013 Omnibus...more
Last week, the attorneys general (AGs) of 43 states and the District of Columbia announced they reached a $1.5 million settlement with Neiman Marcus Group LLC to resolve an investigation of a 2013 data breach that involved...more
On Jan. 1, 2019, a new Vermont law intended to protect consumers by imposing new requirements on “data brokers,” companies that aggregate and sell consumer information, and credit reporting agencies took effect....more
With the announcement last week of its new lawsuit against several tech companies for violating Children’s Online Privacy Protection Act (“COPPA”), the FTC Act, and New Mexico’s Unfair Practices Act (“UPA”), the State of New...more
Despite several failed attempts in recent years, there is a new effort underway to enact a federal data privacy law, and it’s being led by a somewhat unlikely source – the tech industry....more
The Office of the New Jersey Attorney General (AG’s Office) recently announced that it will be creating a new civil enforcement unit, known as the Data Privacy & Cybersecurity Section (DPC Section), to investigate data...more
Several weeks ago, South Dakota and Alabama became the final two states to enact data breach notification laws. The Alabama Data Breach Notification Act of 2018 takes effect on May 1, 2018, and imposes information security,...more
One of two remaining states without a data breach notification law has finally enacted one of its own. On March 21, 2018, South Dakota Governor Dennis Daugaard signed South Dakota Senate Bill 62 into law, creating the newest...more
Two digital advertising companies, Adbrain and Exponential Interactive, were cited in recent decisions by the Better Business Bureau’s Online Interest-Based Advertising Accountability Program (OIBAAP) for not complying with...more