On February 21, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement and corrective action plan with Green Ridge Behavioral Health LLC. This marks the second such settlement with a HIPAA-regulated entity for violations that were discovered following a ransomware attack, according to HHS.
Continue Reading HHS Targets Small Behavioral Health Clinic for HIPAA Violations Following Ransomware Investigation
HIPAA
HHS Office for Civil Rights Publishes Cybersecurity Resource for HIPAA Implementation
On February 16, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) and the National Institute of Standards and Technology (“NIST”) published a final version of Special Publication 800-66 Revision 2, “Implementing the Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule: A Cybersecurity Resource Guide.” The publication features guidance…
HHS Announces First HIPAA Settlement Agreement Involving Ransomware Attack
On October 31, 2023, the Department of Health and Human Services announced the issuance of a settlement agreement with Doctors’ Management Services, a Massachusetts-based medical management company, related to alleged violations of the Health Insurance Portability and Accountability Act’s Privacy and Security Rules. …
Continue Reading HHS Announces First HIPAA Settlement Agreement Involving Ransomware Attack
FTC and HHS Update Consumer Health Data Privacy and Security Guide
On September 15, 2023, the Federal Trade Commission and the Department of Health and Human Services published an updated version of the two agencies’ joint publication, entitled “Collecting, Using, or Sharing Consumer Health Information? Look to HIPAA, the FTC Act, and the Health Breach Notification Rule.” …
Continue Reading FTC and HHS Update Consumer Health Data Privacy and Security Guide
ONC and HHS OCR Release Updated HIPAA Security Risk Assessment Tool
On September 13, 2023, the National Coordinator for Health Information Technology and the Office for Civil Rights at the U.S. Department of Health and Human Services released version 3.4 of the Security Risk Assessment Tool under the Health Insurance Portability and Accountability Act Security Rule.
Continue Reading ONC and HHS OCR Release Updated HIPAA Security Risk Assessment Tool
Delaware Could Become the 13th State to Enact a Comprehensive State Privacy Law
On June 30, 2023, the Delaware House of Representatives passed the Delaware Personal Data Privacy Act (H.B. 154), a day after the Delaware Senate passed the legislation. The DPDPA heads to Governor John Carney for a final signature. …
Continue Reading Delaware Could Become the 13th State to Enact a Comprehensive State Privacy Law
Oregon Consumer Privacy Act
On June 22, 2023, the Oregon House of Representatives passed the Oregon Consumer Privacy Act (S.B. 619), which was previously passed by the Oregon Senate on June 20, 2023. The OCPA has been sent to the Oregon governor’s desk for signature. If signed, the OCPA would make Oregon the 12th state to have enacted comprehensive privacy legislation.
Continue Reading Oregon Consumer Privacy Act
Texas Passes Bill Requiring Digital Service Providers to Get Parental Consent for Create Minors’ Accounts
On June 13, 2023, Texas Governor Greg Abbott signed H.B. 18, or the Securing Children Online through Parental Empowerment (“SCOPE”) Act that would require digital service providers to get parental consent to create an account with minors younger than 18 years of age. Continue Reading Texas Passes Bill Requiring Digital Service Providers to Get Parental Consent for Create Minors’ Accounts
Texas Passes Bill Imposes Obligations on Digital Service Providers to Protect Minors
On June 13, 2023, Texas Governor Greg Abbott signed H.B. 18, or the Securing Children Online through Parental Empowerment (“SCOPE”) Act that would impose obligations on digital service providers to protect minors.Continue Reading Texas Passes Bill Imposes Obligations on Digital Service Providers to Protect Minors
FTC Proposes Amendments to Health Breach Notification Rule
n May 18, 2023, the Federal Trade Commission announced it is seeking comment to proposed changes to the Health Breach Notification Rule. …
Continue Reading FTC Proposes Amendments to Health Breach Notification Rule