Tag archives: HIPAA

COVID-19 Update: U.S. and U.K. Issue Joint Alert Regarding COVID-19 Research Cyber Threat

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the U.K.’s National Cyber Security Centre issued a joint alert on Tuesday that advanced persistent threat groups “are actively targeting organizations involved in both national and international COVID-19 responses.”   This warning should be heeded by hospitals, health systems, pharmaceutical companies, and academic medical … Continue reading

COVID-19 Update: Senate Unanimously Passes Emergency Stimulus Package

The United States Senate has passed a $2 trillion phase three emergency package, the Coronavirus Aid, Relief, and Economic Security Act (CARES Act).  The Senate approved the CARES Act on a unanimous vote of 96-0, with three Senators in self-quarantine and another returning home out of an abundance of caution.  The CARES Act, assuming it … Continue reading

Republican Study Committee Releases Affordable Care Act Replacement plan

The Republican Party will soon be the party of health care. You watch. -President Donald J. Trump, March 23, 2019 Opening with the above quote from President Trump, the Republican Study Committee (RSC) released the first part of its healthcare plan entitled: A Framework for Personalized, Affordable Care. An accompanying press release from the RSC … Continue reading

Anthem to pay US$115M to settle lawsuit relating to 2015 data breach

Anthem Inc. has agreed to a US$115 million settlement to resolve a class action lawsuit relating to a 2015 cyberattack that compromised data on 79 million individuals. Anthem has denied any wrongdoing. In February of 2015, Anthem reported that hackers stole personally identifiable information from millions of current and former customers, including names, addresses, social … Continue reading

OCR proposes to share HIPAA data breach settlements with victims

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) plans to issue an advance notice of proposed rulemaking this November on potentially sharing HIPAA breach settlements with victims. The notice would solicit public opinion on creating a process for sharing a percentage of any penalty or settlement with those harmed … Continue reading

NIST releases latest version of its Cybersecurity Framework

On April 16, 2018, the National Institute of Standards and Technology (NIST) unveiled Version 1.1 of its widely known Cybersecurity Framework, which incorporates changes based on feedback collected through comments, questions, and workshops held in 2016 and 2017. The Cybersecurity Framework aims to focus on industries vital to national and economic security, including energy, banking, … Continue reading

Healthcare-related exception in FCC TCPA order upheld

On March 16, 2018, the U.S. Court of Appeals for the District of Columbia Circuit issued its decision on the Federal Communications Commission (FCC) omnibus order of 2015, relating to challenges to the FCC’s determination on healthcare calls and three other rulings relating to cell phones. The appellate court upheld an exception for certain “emergency” … Continue reading

Uber as a HIPAA business associate

Uber recently announced the launch of Uber Health, a non-emergency ride service that allows healthcare providers to schedule and pay for transportation for their patients. The stated purpose of the service is to expand medical transportation to traditionally underserved areas. Roughly 3.6 million Americans miss medical appointments each year due to lack of reliable transportation, contributing to the … Continue reading

Amended Colorado bill aims to enhance data privacy laws

As Health Law Pulse posted on January 29, 2018, lawmakers in Colorado are considering legislation that, if enacted, would significantly strengthen Colorado’s data privacy protections. On Wednesday, February 14, 2018, an amended bill passed unanimously in Colorado’s House Committee on State, Veterans and Military Affairs. The proposed bill overlaps with the Health Insurance Portability and … Continue reading

HHS OCR issues cyber extortion newsletter

This week, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published a January 2018 newsletter focusing on “cyber extortion.” Cyber extortion often involves an attacker gaining access to an organization’s computer system, stealing sensitive information, and threatening to publish the information. Healthcare and public health organizations are often the … Continue reading

South Dakota and Colorado strengthen data breach protections

Last week, South Dakota moved closer to implementing a data breach notification law, while Colorado legislators introduced a new bill requiring “reasonable security procedures,” imposing data disposal rules and shortening the time frame in which to alert authorities regarding a breach.  South Dakota and Colorado are the latest states taking steps in cybersecurity lawmaking in … Continue reading

The US Department of Labor proposes expanded access to association health plans

Pursuant to President Donald J. Trump’s October 12, 2017 Executive Order instructing the U.S. Department of Labor (DOL) to consider expanding access to association health plans (AHP), the DOL published a proposed rule on January 5, 2018 that would modify ERISA regulations to increase the availability of AHPs.  Association health plans have been defined as … Continue reading

Your money or your PHI: New guidance on ransomware

On June 12, 2016, the HHS Office of Civil Rights (OCR) released guidance, entitled “FACT SHEET: Ransomware and HIPAA,” in response to the rising number of ransomware attacks perpetrated against healthcare entities. The guidance addresses Health Insurance Portability and Accountability Act (HIPAA) issues that may arise when medical records containing Protected Health Information (PHI) are compromised … Continue reading

FTC Guidance for developers of mobile health apps

In the fall of 2015, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) released an online resource to assist mobile health application developers in determining whether they need to comply with the Health Insurance Portability and Accountability Act (“HIPAA”). This week, the Federal Trade Commission (“FTC”)  announced a new web-based tool … Continue reading

OCR launches Phase 2 of the HIPAA Audit Program

The HHS Office for Civil Rights (OCR) announced on Monday that it has launched the long-awaited Phase 2 of its HIPAA Privacy, Security, and Breach Notification Audit Program. The purpose of the Audit Program is to assess the compliance of covered entities and business associates with the HIPAA Privacy, Security and Breach Notification Rules. The … Continue reading

OCR issues guidance on HIPAA Security Rule Compliance and mobile health apps

The U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) recently published two guidance documents to aid organizations in complying with HIPAA. The Crosswalk The HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework (the “Crosswalk”), developed in connection with the National Institute of Standards and Technology (“NIST”) and the Office of the … Continue reading

HHS modifies HIPAA rules to facilitate criminal background check reporting

On January 6, 2015, the Office for Civil Rights (OCR) of the United States Department of Health and Human Services (HHS) issued a final rule modifying certain provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. The modifications grant to certain covered entities a narrowly tailored permission to disclose limited … Continue reading

The University of Washington Medicine settles alleged HIPAA breach for US$ 750,000

The University of Washington Medicine (“UWM”) has agreed to settle charges that it violated the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Security Rule for US$ 750,000, following a breach report first submitted by UWM on November 27, 2013. In addition to settlement, UWM has entered into a Resolution Agreement with the United … Continue reading

HHS offers HIPAA compliance resource for mobile app developers

On October 5, 2015, the HHS Office of Civil Rights (OCR) unveiled a new resource to provide mobile health (mHealth) developers guidance on complying with Health Information Portability and Accountability Act (HIPAA) requirements applicable to those organizations. The portal permits developers to submit questions and offer comments on existing OCR guidance regarding how mobile medical … Continue reading

HHS reports detail HIPAA breaches and compliance

On June 11, 2014, the US Department of Health and Human Services (“HHS”) issued two reports to Congress addressing Health Information Accountability and Portability Act of 1996 (“HIPAA”) compliance activities for calendar years 2011 and 2012.  The first report, relating to breaches of unsecured HIPAA-protected health information, describes the types and numbers of breaches reported … Continue reading

Two New York hospitals agree to pay $4.8M in HIPAA fines

On May 7th, two New York hospitals agreed to pay the Department of Health and Human Services (“HHS”) $4.8 million dollars to settle claims that the hospitals had failed to secure patients’ electronic protected health information, in violation of the Health Insurance Portability and Accountability Act (“HIPAA”). Specifically, Columbia University Medical Center paid $1.5 million … Continue reading