Cybersecurity


New CT Cybersecurity Law Protects Against Liability for Data Breaches  
August 5, 2021 | Benjamin J. Wisher | Cybersecurity | Electronic Health Records | HIPAA | Legislation and Public Policy
Connecticut Governor Ned Lamont recently signed into law “An Act Incentivizing the Adoption of Cybersecurity Standards for Businesses” (Public Act No. 21-119). Under the Act, “covered entities” that implement certain cybersecurity measures to protect against data breaches of “personal information” and “restricted information” will be insulated against the imposition of punitive damages arising from tort …
Read More
OIG: Hospitals Need to Improve Oversight of Cybersecurity for Networked Medical Devices
June 29, 2021 | Eric D. Fader | Cybersecurity | Electronic Health Records | Hospitals | Legislation and Public Policy | Medical Devices and Wearables | Medicare and Medicaid
On June 23, the Department of Health and Human Services Office of Inspector General (OIG) posted on its website an Issue Brief entitled “Medicare Lacks Consistent Oversight of Cybersecurity for Networked Medical Devices in Hospitals.” According to the OIG, the Centers for Medicare & Medicaid Services should amend interpretative guidelines or other nonbinding guidelines, or …
Read More
Flo Health Settles with FTC Over Privacy Violations
February 17, 2021 | Eric D. Fader | Cybersecurity | Electronic Health Records | Litigation | Medical Devices and Wearables | Telehealth
Flo Health, Inc., which markets a menstrual and ovulation tracking app, recently entered into a settlement with the Federal Trade Commission (FTC) to dispose of charges that Flo improperly shared consumer data with third parties, including Facebook and Google. The disclosure of the data, which included pregnancy status and sexual history of more than 100 million …
Read More
Anthem Agrees to $48 Million Multi-State Settlements Over 2014 Data Breach
October 9, 2020 | Ada (Kozicz) Janocinska | Cybersecurity | Electronic Health Records | HIPAA | Litigation | Private Insurers
Health insurer Anthem, Inc. has finally reached a settlement with a coalition of 41 states plus the District of Columbia, and a separate settlement with California, to resolve state attorney general investigations of a data breach that occurred in 2014. Anthem has agreed to pay the states a total monetary penalty of $48.2 million. The …
Read More
Insurer Paid Second Largest HIPAA Settlement Ever
September 29, 2020 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Litigation | Private Insurers
The third HIPAA settlement to be announced by the U.S. Department of Health and Human Services within one week was a big one. On September 25, HHS announced that Premera Blue Cross agreed to pay $6.85 million to HHS’s Office for Civil Rights (OCR) to settle HIPAA violations arising out of a data breach that …
Read More
OCR Updates Mobile Health App Resources
September 25, 2020 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Legislation and Public Policy | Medical Devices and Wearables | Telehealth
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently unveiled a new website with updated guidance and resources for mobile health app developers regarding the HIPAA Privacy, Security, and Breach Notification Rules. The new Resources for Mobile Health Apps Developers site replaces OCR’s prior Health App Developer Portal. The new site’s Health …
Read More
GA Orthopedic Practice in $1.5M HIPAA Settlement
September 23, 2020 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Litigation
On September 21, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a $1.5 million agreement with Athens Orthopedic Clinic PA to settle “longstanding, systemic noncompliance” with the HIPAA Privacy and Security Rules. OCR’s investigation was triggered by a 2016 data breach that affected more than 200,000 of Athens Orthopedic’s patients. …
Read More
COVID-19 Business Briefing: Telehealth
April 7, 2020 | Rivkin Rounds Staff | Behavioral Health | COVID-19 | Cybersecurity | HIPAA | Home Health | Hospitals | Legislation and Public Policy | Private Insurers | Telehealth
On April 6, Rivkin Radler’s Eric Fader presented a COVID-19 Business Briefing on Telehealth. The Briefing covered recent developments in federal and state law and policy, and changes in private insurers’ policies, that have been aimed at encouraging the use of telehealth during the current public health emergency. This Business Briefing was the second in …
Read More
CARES Act Changes Privacy Rules for Substance Use Disorder Records
March 30, 2020 | Ashley (Osadon) Algazi | Behavioral Health | COVID-19 | Cybersecurity | Electronic Health Records | HIPAA | Legislation and Public Policy | Litigation | Telehealth
The Coronavirus Aid, Relief, and Economic Security Act (CARES Act), signed into law on March 27, made some substantial changes to the confidentiality rules for substance abuse and mental health records to bring them in line with HIPAA confidentiality rules. Among the changes, a covered entity or business associate may now use or disclose substance …
Read More
Ransomware Attacks on Healthcare Industry Ramp Up
February 26, 2020 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Hospitals | Private Insurers
A recent article in HIPAA Journal, “Ransomware Attacks Have Cost the Healthcare Industry at Least $157 Million Since 2016,” discussed a new study by Comparitech that examined ransomware attacks on the healthcare industry. In the past three years, at least 172 ransomware attacks on healthcare entities in the U.S. have affected 1,446 facilities, providers and …
Read More

Authors
show more

Get legal updates and news delivered to your inbox