Taking the Pulse, A Health Care and Life Sciences Video Podcast | Episode 243: HIPAA Compliance and Potential Changes with Shannon Lipham of Maynard Nexsen
The Trend of Threatening Physicians for Personal Gain
Navigating Legal Strategies for Covering GLP-1s in Self-Insured Medical Plans — Employee Benefits and Executive Compensation Podcast
Podcast: Addressing Patient Complaints About Privacy Violations
Podcast - What Healthcare Providers Should Be Telling Students and Interns About HIPAA and Snooping
Top Healthcare Compliance Priorities for 2025
Podcast - Who Owns Your DNA? Lessons Learned from 23andMe
Building a Solid HR Foundation in Healthcare Practices
New Developments in Health Information Policy
New HIPAA Final Rule: Key Changes to Reproductive Health Care Privacy - Thought Leaders in Health Law®
Healthcare Document Retention
Taking the Pulse, A Health Care and Life Sciences Video Podcast | Episode 192: Business Issues for Healthcare with Ira Bedenbaugh and Randi Branham of Elliott Davis
Business Better Podcast Episode: Cyber Adviser – Your Data, My Headache: Consumer Health Data Laws
Conducting Healthcare Compliance Investigations
The FTC's Health Privacy Enforcement Actions
Web-based Tracking Technology and AI: HIPAA Compliance Issues for Health Care Practices
Podcast: Discussing the Implications of Healthcare Privacy Violations
Podcast: Keeping an Eye on HIPAA Trends with Shannon Hartsfield
Podcast - Artificial Intelligence in Healthcare and How to Comply with HIPAA & State Privacy Laws
Meeting Cancer Reporting Requirements
Health care remains one of the most targeted and vulnerable sectors when it comes to cyberattacks. In fact, a recent breach at a major health care analytics firm exposed the data of 5.4 million U.S. patients, making it one of...more
The FBI issued a warning on June 27, 2025, that criminals impersonating healthcare insurers and fraud investigators are sending text messages and emails to healthcare providers and patients to trick them into providing...more
With 2025 barely three weeks old, the US Department of Health and Human Services Office for Civil Rights (OCR) has already announced six enforcement actions for the new year. Particularly significant is the advancement of...more
With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity...more
On December 7, 2023, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced its first-ever settlement involving a phishing attack under the Health Insurance Portability and...more
On October 18, 2023, the Department of Health and Human Services (DHHS) through the Office for Civil Rights (OCR) issued an update1 containing two resource documents to help educate patients regarding privacy and security...more
Data breaches come in many different forms, sizes, and levels of complexity, but they tend to share certain key facts: A third-party bad actor—whether through a phishing attack, a ransomware attack, exploitation of a zero-day...more
The State Attorneys General in New York and New Jersey recently settled with four companies over alleged HIPAA noncompliance following phishing attacks. The New Jersey settlements were brought against three NJ-based cancer...more
In a recent Press Release dated December 15, 2021, the Office of the Attorney General for the State of New Jersey (the “N.J. Attorney General’s Office”) announced the settlement, via consent order, of alleged HIPAA violations...more
When can a data breach get worse? When the process of notifying victims creates a second breach. Take the example of a cancer treatment center that recently paid $425,000 to settle allegations that included a faulty...more
One of the challenging things about HIPAA (Health Insurance Portability and Accountability Act) enforcement is the fact that both the Office for Civil Rights and State AGs have jurisdiction to assess fines and penalties for...more
CYBERSECURITY - Greater Baltimore Medical Center Hit with Ransomware - The Greater Baltimore Medical Center (GBMC) was hit with a ransomware attack over the weekend (December 5-6) that potentially delayed procedures planned...more
The OCR has announced a surprising number of HIPAA settlements in the past few months with penalties ranging from $10,000 to $6.5 million. Here are some of the key takeaways for healthcare providers: 1. Protect against...more
The third HIPAA settlement to be announced by the U.S. Department of Health and Human Services within one week was a big one. On September 25, HHS announced that Premera Blue Cross agreed to pay $6.85 million to HHS’s Office...more
Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more
Report on Patient Privacy 20, no. 6 (June 2020): A divided Indiana Court of Appeals has reinstated a patient’s claim that a hospital is vicariously liable for the actions of a medical assistant who accessed the patient’s...more
Report on Patient Privacy 20, no 5. (May 2020) - Ambry Genetics, based in Aliso Viejo, California, has reported a data breach involving nearly 233,000 people. In its statement, the company said it identified “unauthorized...more
As the decade winds down, it’s hard to believe that the HIPAA Privacy and Security Rules are almost twenty years old. It has been ten years since the U.S. Department of Health and Human Services (HHS) Office for Civil Rights...more
July 2019 was the worst month in history for health care data breaches, with a total of 50 breaches that affected a total of more than 500 records reported to the Office for Civil Rights (OCR) according to HIPAA Journal. ...more
Organizations that meet the definition of "covered entity" under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (HIPAA) must be diligent to maintain the privacy and security...more
The Department of Homeland Security (DHS) issued a warning on April 15, 2019 entitled “VPN Applications Insecurely Store Session Cookies” (Vulnerability Note VU#192371) stating that “[M]ultiple Virtual Private Network (VPN)...more
• The U.S. Department of Health and Human Services on Dec. 28, 2018, announced the release of the "Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients" that provides a "Call to Action" to make...more
Phishing attacks continue to hit health care providers and experts say the attacks will become even more frequent in 2019. ...more
On October 15, 2018, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced that Anthem, Inc. will pay $16 million to settle OCR’s investigation of its potential violations of the Health...more
The recent ransomware attack on the City of Atlanta highlights the fact that the threat of ransomware affects all organizations, regardless of the nature of their industry, business, or operations, and that political...more