Posted In:
Business Transactions & Corporate Counseling, Cybersecurity & Data Privacy and Health Care
Industries:
Technology, Health Care and Nurse Practitioners
Compliance Checkup & Corporate TIPS: Fifth Circuit Shines a Light on HIPAA "Encryption" and "Disclosure" Rules in M.D. Anderson Decision
on May 11, 2021
Earlier this year, the Fifth Circuit Court of Appeals handed down a decision vacating a $4.3 million penalty imposed on University of Texas's MD Anderson Cancer Center by the U.S. Department of Human Services (HHS) for self-reported HIPAA violations, including violations of the Encryption and Disclosure Rules....
Posted In:
Health Care
Industries:
Technology and Health Care
Compliance Checkup & Corporate TIPS: OCR Agrees to $1.5 Million Settlement with Orthopedic Clinic for HIPAA Breach
on September 30, 2020
Data breaches have been top of mind for a while now, and their risk to the health care sector has never been higher. On September 21, 2020, the Office of Civil Rights (OCR) settled with Athens Orthopedic Clinic PA (Athens) for $1.5 million for a cyber breach it self-reported back in 2016....
Posted In:
Health Care
Industries:
Technology and Health Care
Corporate TIPS and Compliance Checkup: CCPA v. HIPAA - CCPA Gets Tested in the Health Care Space
on April 16, 2020
The California Consumer Privacy Act (CCPA) has been in effect since January 2020, and is still the most stringent of all state laws regarding personally identifiable information (PII). The CCPA exempts some protected health information (PHI) from its requirements. Although there is no blanket exemption for health care providers, most of these providers are familiar with similar data privacy requirements under the Health Insurance Portability and Accountability Act (HIPAA). There is no private right of action for an individual under HIPAA for data breaches. The CCPA on the other hand, does provide such an action, which is why the state law is one of the more powerful privacy laws....
Posted In:
Health Care and Cybersecurity & Data Privacy
Industries:
Technology and Health Care
Compliance Checkup: Part Two: Does Your Practice Need to Comply with the General Data Protection Regulation?
on September 24, 2019
Remember earlier this month when my colleague Craig Horbus gave us a primer on the General Data Protection Regulation, or GDPR? Read on for Part II on what GDPR requires and how to comply....
Posted In:
Cybersecurity & Data Privacy and Health Care
Industries:
Technology and Health Care
Compliance Checkup: Part One: Does Your Practice Need to Comply with the General Data Protection Regulation?
on September 10, 2019
I'd like to introduce you to my colleague, Craig Horbus, a partner at Brouse McDowell. He's actually a superhero without a cape — he helps companies of all sizes and in all industries address data security issues....