Cybersecurity


OCR Updates Mobile Health App Resources
September 25, 2020 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Legislation and Public Policy | Medical Devices and Wearables | Telehealth
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently unveiled a new website with updated guidance and resources for mobile health app developers regarding the HIPAA Privacy, Security, and Breach Notification Rules. The new Resources for Mobile Health Apps Developers site replaces OCR’s prior Health App Developer Portal. The new site’s Health …
Read More
GA Orthopedic Practice in $1.5M HIPAA Settlement
September 23, 2020 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Litigation
On September 21, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a $1.5 million agreement with Athens Orthopedic Clinic PA to settle “longstanding, systemic noncompliance” with the HIPAA Privacy and Security Rules. OCR’s investigation was triggered by a 2016 data breach that affected more than 200,000 of Athens Orthopedic’s patients. …
Read More
COVID-19 Business Briefing: Telehealth
April 7, 2020 | Rivkin Rounds Staff | Behavioral Health | Cybersecurity | HIPAA | Home Health | Hospitals | Legislation and Public Policy | Private Insurers | Telehealth
On April 6, Rivkin Radler’s Eric Fader presented a COVID-19 Business Briefing on Telehealth. The Briefing covered recent developments in federal and state law and policy, and changes in private insurers’ policies, that have been aimed at encouraging the use of telehealth during the current public health emergency. This Business Briefing was the second in …
Read More
CARES Act Changes Privacy Rules for Substance Use Disorder Records
March 30, 2020 | Ashley (Osadon) Algazi | Behavioral Health | Cybersecurity | Electronic Health Records | HIPAA | Legislation and Public Policy | Litigation | Telehealth
The Coronavirus Aid, Relief, and Economic Security Act (CARES Act), signed into law on March 27, made some substantial changes to the confidentiality rules for substance abuse and mental health records to bring them in line with HIPAA confidentiality rules. Among the changes, a covered entity or business associate may now use or disclose substance …
Read More
Ransomware Attacks on Healthcare Industry Ramp Up
February 26, 2020 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Hospitals | Private Insurers
A recent article in HIPAA Journal, “Ransomware Attacks Have Cost the Healthcare Industry at Least $157 Million Since 2016,” discussed a new study by Comparitech that examined ransomware attacks on the healthcare industry. In the past three years, at least 172 ransomware attacks on healthcare entities in the U.S. have affected 1,446 facilities, providers and …
Read More
Feb. 29 is Data Breach Reporting Deadline
February 20, 2020 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Legislation and Public Policy
The HIPAA Breach Notification Rule requires that smaller data breaches – those involving fewer than 500 patient records – must be reported to the U.S. Department of Health and Human Services (HHS) no later than 60 days after the end of the calendar year in which the breach occurred. This year, the reporting deadline is …
Read More
Alabama Health System Reeling After Ransomware Attack
January 6, 2020 | Margarita Christoforou | Cybersecurity | Electronic Health Records | HIPAA | Hospitals | Litigation
Alabama’s DCH Health System is facing a federal lawsuit filed by some former patients who allege it was negligent in discovering and responding to a ransomware attack on its computer system. In addition to negligence, the complaint accuses DCH of invasion of privacy, breach of contract and breach of fiduciary duty, among other things. The …
Read More
Fader Gives Perspective on HIPAA Enforcement for Healthcare Risk Management
December 4, 2019 | Rivkin Rounds Staff | Cybersecurity | Electronic Health Records | HIPAA | Hospitals | Legislation and Public Policy | Litigation
Eric Fader contributed to Healthcare Risk Management’s HIPAA Regulatory Alert, which appeared in the publication’s December 2019 issue. The Alert outlines the best practices that will help avoid common HIPAA violations. Eric discusses the events that might trigger a regulatory action and the kinds of violations that may affect the severity of the penalties and fines. …
Read More
Another HIPAA Penalty: $1.6 Million for Breach of ePHI
November 12, 2019 | Ada (Kozicz) Janocinska | Cybersecurity | Electronic Health Records | HIPAA | Litigation
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on November 7 that it imposed a $1.6 million monetary penalty against the Texas Health and Human Services Commission for violations of the HIPAA Privacy and Security Rules. The Commission operates several health and public need facilities and also administers many …
Read More
HHS Releases Updated HIPAA Risk Assessment Tool
November 8, 2019 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA
The U.S. Department of Health and Human Services (HHS) recently released a new version of its security risk assessment (SRA) tool that helps smaller healthcare providers conduct and document risk assessments, as required by the HIPAA Security Rule. The update incorporates new features to make the tool more user-friendly. The SRA tool, available on HHS’s …
Read More

Authors
show more

Get legal updates and news delivered to your inbox