In one of this year’s largest HIPAA settlements, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) is set to collect $3 million from the University of Rochester Medical Center (URMC). This settlement over potential violations of the Privacy and Security Rules under HIPAA also requires URMC to follow a corrective
Latest from Password Protected - Page 13
Jackson Health System Slammed With $2.15 Million Penalty for Privacy Breaches
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has collected over $2.15 million in civil penalties from Miami-based Jackson Health System (JHS) for multiple violations of the Security and Breach Notification Rules under HIPAA. JHS is a nonprofit academic medical system that serves approximately 650,000 patients a year in six
Cybersecurity in Project Finance and M&A
Recent headlines have detailed foreign-state actors targeting utilities and independent power producers in the United States to gain access to critical infrastructure at the nation’s utilities and military installations.[1] Cybersecurity practices within the independent power industry vary widely depending on the asset type and the operator’s sophistication. Despite this risk, purchase agreements and
5 Cybersecurity Questions To Ask Your CISO
Continuing our coverage of cybersecurity issues during National Cybersecurity Awareness Month (NCSAM), we have identified 5 important cybersecurity questions and talking points you can use to start a meaningful cybersecurity conversation at your business.
Counsel and business executives take note: cybersecurity is not just an IT problem, robust cybersecurity starts with a healthy dialogue
From Yelp to YIKES! Dental Practice’s Social Media Posts Result in $10,000 HIPAA Settlement
Social media posts have become so common and reflexive that people often fire off posts without appropriately considering the consequences. This can be costly on multiple fronts. In the health care context, beyond the risk of losing patients (and the revenue they bring), inappropriate posts can result in Health Insurance Portability and Accountability Act (HIPAA)
OCR Proves it is Serious About HIPAA’s Right of Access
In 2016, the Department of Health and Human Services’ Office for Civil Rights (OCR) provided a variety of guidance to address the importance of honoring the right of patients to have access to their medical information and not to be over-charged for exercising that right.
Earlier this week, the OCR announced an enforcement action and
Mending (Geo)fencing Concerns
Although not a new practice, the application of geofencing continues to increase in sophistication and expand into personal space on an unprecedented scale, jumping beyond commercial retail advertising schemes and diving into the depths of employment, health care, law enforcement, and politics. As the growth of these applications prompt privacy and security concerns, including government
The General Data Protection Regulation’s First Birthday
The European Union’s (EU) ambitious and far-reaching regulation, the General Data Protection Regulation (GDPR), became effective on 25 May 2018. On the one-year anniversary, we reflect on some of the principal developments following the implementation of the GDPR
European privacy values: a cultural shift
Critics have derided the GDPR for placing an onerous and expensive
Facial Recognition Bill to Require Explicit Consent by Individuals
What is this bill? A new bill introduced in the U. S. Senate on March 14, 2019 would require companies to obtain explicit user consent before facial recognition data could be collected and shared. The bill is known as the Commercial Facial Recognition Privacy Act of 2019, and was introduced by Sens. Brian Schatz. D- Hawaii
Federal Cartel Office vs. Facebook: When Data Privacy and Competition Law Collide
On 7 February 2019, the German competition law regulator, the Federal Cartel Office (FCO), concluded a lengthy investigation into Facebook. It found that the company abused its dominant market position by making the use of its social network conditional on the collection of user data from multiple sources.
The FCO’s probe into Facebook is one