Compliance - Information Management Today

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. See the Top Governance, Risk and Compliance (GRC) Tools.

Data Privacy

Data Privacy Compliance Privacy Security

Connecticut Tightens its Data Breach Notification Laws

Data Protection Report

OCTOBER 3, 2021

The amendment: Expands the definition of “personal information”; Shortens the notification deadline after discovery of a breach from 90 to 60 days; Removes the requirement to consult with law enforcement as part of a risk assessment; Deems compliant any person subject to and in compliance with HIPAA and HITECH; and.

Data breaches

Data breaches IT Insurance Passwords

How to Prepare for the Future of Healthcare Digital Security

Thales Cloud Protection & Licensing

MARCH 5, 2018

In this blog post, I’ll discuss how healthcare enterprises can not only meet these challenges, but go beyond compliance to best practice to secure their data and their reputations. HIPAA and the HITECH Act and Omnibus Rule stimulated the digitization and protection of patient records. Regulations.

Digital transformation

Digital transformation Security Encryption Compliance

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

HIPAA Penalty Caps to Be Reduced and Tied to Culpability Level

HL Chronicle of Data Protection

APRIL 29, 2019

In a dramatic turn, the US Department of Health and Human Services (HHS) has announced that effective immediately, penalties for many HIPAA violations will be subject to substantially reduced limits. The HITECH Act tied increased penalties to the level of culpability associated with a violation. million HIPAA penalty.

Compliance

Compliance IT Insurance Privacy

HHS Announces Pre-Audit HIPAA Surveys

Hunton Privacy

MARCH 19, 2014

The Department of Health and Human Services’ Office for Civil Rights (“OCR”) recently announced that it intends to survey up to 1,200 covered entities and business associates to determine their suitability for a more fulsome HIPAA compliance audit. Read about our prior coverage of the HIPAA audit protocol.

Compliance

Compliance Insurance Privacy Risk

OCR Director Leon Rodriguez Says Tolerance for HIPAA Non-Compliance Is Low

Hunton Privacy

JUNE 7, 2012

On June 7, 2012, at the annual Safeguarding Health Information: Building Assurance through HIPAA Security Conference hosted in Washington, D.C. On June 7, 2012, at the annual Safeguarding Health Information: Building Assurance through HIPAA Security Conference hosted in Washington, D.C.

Compliance

Compliance Privacy Security IT

OCR proposes to share HIPAA data breach settlements with victims

Data Protection Report

MAY 22, 2018

Department of Health and Human Services (HHS) Office for Civil Rights (OCR) plans to issue an advance notice of proposed rulemaking this November on potentially sharing HIPAA breach settlements with victims. This ambitious proposal would be a drastic step in HIPAA data protection but may present some hurdles for OCR in its implementation.

Data breaches

Data breaches Compliance Privacy Security

Health Insurer Reaches Privacy Settlement with New Jersey Division of Consumer Affairs

Hunton Privacy

FEBRUARY 22, 2017

The policyholder data was password protected but not encrypted, in violation of HIPAA and HITECH. 150,000 in civil penalties are suspended pending Horizon’s compliance with the terms of the settlement.

Insurance

Insurance Privacy Encryption Passwords

IAPP Hosts Webinar on Upcoming OCR Audit Program

Hunton Privacy

AUGUST 2, 2011

Susan McAndrew, the Deputy Director for Health Information Privacy at OCR, provided an overview of the audit program, noting that it stemmed from Section 13411 of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. The audits will be composed of preliminary reviews, surveys and on-site inspections.

Compliance

Compliance Privacy Risk Security

US: Virginia passes comprehensive consumer data protection law

DLA Piper Privacy Matters

MARCH 18, 2021

The VCDPA does not apply to the following types of entities: Virginia state agencies; financial institutions or data subject to Title V of GLBA; covered entities or business associates governed by HHS’s HIPAA and HITECH rules; nonprofits; or higher education institutions. Key provisions. business-to-business) or employment context.

Personal data

Personal data Sales GDPR Privacy

New HIPAA Omnibus Rule: A Compliance Guide

Hunton Privacy

JANUARY 25, 2013

On January 17, 2013, the Department of Health and Human Services’ (“HHS’”) Office for Civil Rights (“OCR”) released its long-anticipated megarule (“Omnibus Rule”) amending the HIPAA Privacy, Security, Breach Notification and Enforcement Rules. Expanded Pool of Business Associates and Enhanced Requirements.

Compliance

Compliance Communications Privacy Sales

HIPAA Final Rule: Today is Effective Date–Covered Entities and Business Associates Have 180 Days to Comply

HIPAA

MARCH 26, 2013

Here are comments from the preamble of the Final Rule pertaining to the effective and compliance dates: “The final rule is effective on March 26, 2013. However, we believe not only that providing a 180-day compliance period best comports with section 1175(b)(2) of the Social Security Act, 42 U.S.C.

Compliance

Compliance Privacy Security Access

HIPAA Final Rule: Today is Effective Date–Covered Entities and Business Associates Have 180 Days to Comply

HIPAA

MARCH 26, 2013

Here are comments from the preamble of the Final Rule pertaining to the effective and compliance dates: “The final rule is effective on March 26, 2013. However, we believe not only that providing a 180-day compliance period best comports with section 1175(b)(2) of the Social Security Act, 42 U.S.C.

Compliance

Compliance Privacy Security Access

HIPAA Final Rule: Today is Effective Date–Covered Entities and Business Associates Have 180 Days to Comply

HIPAA

MARCH 26, 2013

Here are comments from the preamble of the Final Rule pertaining to the effective and compliance dates: “The final rule is effective on March 26, 2013. However, we believe not only that providing a 180-day compliance period best comports with section 1175(b)(2) of the Social Security Act, 42 U.S.C.

Compliance

Compliance Privacy Security Access

HHS Delays Enforcement of HITECH Act Business Associate Provisions

Hunton Privacy

FEBRUARY 19, 2010

The HITECH Act’s business associate provisions require business associates to implement the information security safeguards specified by the HIPAA Security Rule, and comply with certain requirements of the HIPAA Privacy Rule. Please see our client alert on HITECH compliance for more information.

Privacy

Privacy Compliance Information Security Security

HHS Official Reports Uptick in HIPAA Security Rule Enforcement

Hunton Privacy

MAY 14, 2010

Prior to 2009, HHS divided civil enforcement responsibility for HIPAA between OCR, which enforced the HIPAA Privacy Rule, and the Centers for Medicare and Medicaid Services (“CMS”), which enforced the HIPAA Security Rule.

Security

Security CMS Compliance Privacy

Becoming HITECH: Actions Covered Entities and Business Associates Should Take Now to Comply with the Requirements of the HITECH Act

Hunton Privacy

SEPTEMBER 23, 2009

The Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), which was signed into law in February 2009 as part of the economic stimulus package, substantially impacts requirements imposed by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Insurance

Insurance Compliance Privacy Security

HHS Announces $1.5 Million HIPAA Settlement with Massachusetts Facilities

Hunton Privacy

SEPTEMBER 19, 2012

(“MEEI”) for potential violations of the HIPAA Security Rule. Following the submission of a breach report to OCR as required by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act, OCR began an investigation.

Compliance

Compliance Risk Privacy Access

HHS Settles First Breach Notification Rule Case for $1.5 Million

Hunton Privacy

MARCH 14, 2012

On March 13, 2012, the Department of Health and Human Services (“HHS”) announced that it had settled the first case related to the HITECH Act Breach Notification Rule. BlueCross Blue Shield of Tennessee (“BCBS Tennessee”) agreed to pay $1.5

Compliance

Compliance Access Risk Security

HHS Settles First HIPAA Enforcement Action Against a State Agency

Hunton Privacy

JUNE 27, 2012

million settlement with the Alaska Department of Health and Social Services (“DHSS”) for violations of the HIPAA Security Rule. This is the first HIPAA enforcement action taken by HHS against a state agency. On June 26, 2012, the Department of Health and Human Services (“HHS”) announced a resolution agreement and $1.7

Computer and Electronics

Computer and Electronics Encryption Risk Compliance

Health Care Organizations Comment on Proposed Modifications to HIPAA Privacy, Security and Enforcement Rules

Hunton Privacy

OCTOBER 4, 2010

The American Hospital Association (“AHA”) suggested that HHS should continue to require the Secretary of HHS to attempt to resolve a complaint or compliance review through informal means, instead of making the informal resolution process optional. Some highlights from the comments are outlined below. Enforcement Rule.

Privacy

Privacy Security Compliance Insurance

FTC and HHS Issue Final Breach Notification Rules

Hunton Privacy

AUGUST 28, 2009

The FTC Final Rule does not apply to covered entities or business associates as defined under regulations promulgated pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Full compliance is required by February 22, 2010.

Insurance

Insurance Compliance Encryption Information Security

Digital Health Industry Take Note: New HIPAA Comment Opportunity and Guidance Addresses Growing Risk of Cybersecurity Attacks

Data Matters

MAY 6, 2022

Digital health companies should take note of new data privacy and security developments under the Health Insurance Portability and Accountability Act (HIPAA) that can affect product planning and customer negotiations. What is Digital Health? The examples go on and on.

Risk

Risk Cybersecurity Insurance Authentication

The synergy between UEM and medical device risk management

IBM Big Data Hub

OCTOBER 9, 2023

Regulatory Compliance : Just like healthcare organizations, medical device manufacturers must adhere to strict regulatory guidelines, such as the FDA’s Quality System Regulation (QSR). Data Protection : Through UEM, sensitive data can be encrypted and protected, ensuring compliance with data privacy regulations.

Risk

Risk Cybersecurity Data breaches Compliance

New HHS Fact Sheet on Direct Liability of Business Associates under HIPAA

IG Guru

JUNE 19, 2019

The post New HHS Fact Sheet on Direct Liability of Business Associates under HIPAA appeared first on IG GURU.

Compliance

Compliance Privacy Security Records Management

CCPA Amended: Enforcement Delayed, Few Substantive Changes Made

Hunton Privacy

SEPTEMBER 1, 2018

PHI : The bill expands the category of exempted protected health information (“PHI”) governed by HIPAA and the Health Information Technology for Economic and Clinical Health Act to include PHI collected by both covered entities and business associates. CCPA §§ 1798.145(e), (f)). CCPA § 1798.145(c)(1)(B)).

Privacy

Privacy Data collection Sales Data breaches

The Next Big Thing for Physicians

Shoreline Records Management

AUGUST 3, 2020

We know and understand that the safety and security of the medical charts are important to every physician, which is why we follow the proper HIPAA and HITECH compliance that is needed to securely store any patient chart and efficiently keep track of all medical charts.

Paper

Paper Insurance Compliance Security

The Next Big Thing for Physicians

Shoreline Records Management

AUGUST 4, 2020

We know and understand that the safety and security of the medical charts are important to every physician, which is why we follow the proper HIPAA and HITECH compliance that is needed to securely store any patient chart and efficiently keep track of all medical charts.

Paper

Paper Insurance Compliance Security

GUEST ESSAY: HIPAA’s new ‘Safe Harbor’ rules promote security at healthcare firms under seige

The Last Watchdog

FEBRUARY 8, 2021

The Health Insurance Portability and Accountability Act — HIPAA — has undergone some massive changes in the past few years to minimize the burden of healthcare entities. Despite these efforts, covered-entities and business associates continue to find HIPAA to be overwhelming and extensive, to say the least.

Energy and Utilities

Energy and Utilities Security Compliance Cybersecurity

HHS To Examine Breach Notification and Risk Mitigation Plans

Hunton Privacy

MAY 24, 2010

” As previously discussed on this blog, OCR has announced an uptick in HIPAA Security Rule enforcement and issued draft guidance regarding the “risk analysis” implementation specification in the Security Rule.

Risk

Risk Data breaches Security IT

Ohio Law Recognizes Safe Harbor in Data Breach Litigation

Data Matters

NOVEMBER 1, 2018

Protect against unauthorized access to and acquisition of information that is likely to result in a material risk of identity theft or fraud. The Ohio law thus expressly recognizes and endorses the US sectoral approach to privacy regulation for certain particular industries.

Data breaches

Data breaches Cybersecurity Information Security Risk

Information Management Today

Security Compliance & Data Privacy Regulations

Connecticut Tightens its Data Breach Notification Laws

Webinars

Trending Sources

How to Prepare for the Future of Healthcare Digital Security

Webinars

HIPAA Penalty Caps to Be Reduced and Tied to Culpability Level

HHS Announces Pre-Audit HIPAA Surveys

OCR Director Leon Rodriguez Says Tolerance for HIPAA Non-Compliance Is Low

OCR proposes to share HIPAA data breach settlements with victims

Health Insurer Reaches Privacy Settlement with New Jersey Division of Consumer Affairs

IAPP Hosts Webinar on Upcoming OCR Audit Program

US: Virginia passes comprehensive consumer data protection law

New HIPAA Omnibus Rule: A Compliance Guide

HIPAA Final Rule: Today is Effective Date–Covered Entities and Business Associates Have 180 Days to Comply

HIPAA Final Rule: Today is Effective Date–Covered Entities and Business Associates Have 180 Days to Comply

HIPAA Final Rule: Today is Effective Date–Covered Entities and Business Associates Have 180 Days to Comply

HHS Delays Enforcement of HITECH Act Business Associate Provisions

HHS Official Reports Uptick in HIPAA Security Rule Enforcement

Becoming HITECH: Actions Covered Entities and Business Associates Should Take Now to Comply with the Requirements of the HITECH Act

HHS Announces $1.5 Million HIPAA Settlement with Massachusetts Facilities

HHS Settles First Breach Notification Rule Case for $1.5 Million

HHS Settles First HIPAA Enforcement Action Against a State Agency

Health Care Organizations Comment on Proposed Modifications to HIPAA Privacy, Security and Enforcement Rules

FTC and HHS Issue Final Breach Notification Rules

Digital Health Industry Take Note: New HIPAA Comment Opportunity and Guidance Addresses Growing Risk of Cybersecurity Attacks

The synergy between UEM and medical device risk management

New HHS Fact Sheet on Direct Liability of Business Associates under HIPAA

CCPA Amended: Enforcement Delayed, Few Substantive Changes Made

The Next Big Thing for Physicians

The Next Big Thing for Physicians

GUEST ESSAY: HIPAA’s new ‘Safe Harbor’ rules promote security at healthcare firms under seige

HHS To Examine Breach Notification and Risk Mitigation Plans

Ohio Law Recognizes Safe Harbor in Data Breach Litigation

Stay Connected