HIPAA/Health Information Privacy, Security & Breach Response

An English-Language Primer on Germany’s GDPR Implementation Statute: Part 1 of 5

September 19, 2017 By Daniel Felz

Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection Amendments and Implementation Act. The Act repeals Germany’s venerated Federal Data Protection Act (Bundesdatenschutzgesetz, or BDSG) and replaces it […]

Anthem Settles Data Breach Litigation for Record-Setting $115M

June 27, 2017 By Andrew Liebler

Health insurance giant Anthem, Inc. agreed to the largest data breach settlement to-date last week, ending multi-district consumer litigation over a 2015 data breach for $115 million. The data breach, which resulted from a hacker-orchestrated cyberattack following the theft of an employee password, exposed personally identifiable information (“PII”) and protected health information (“PHI”) of nearly […]

Advocate Health Care Network Agrees to Pay $5.55 Million to Settle Potential HIPAA Penalties

August 5, 2016 By HIPAA Privacy & Security Team

On August 4, 2016, the Office of Civil Rights (“OCR”) announced that Advocate Health Care Network (“Advocate”), Illinois’ largest fully-integrated health care system, has agreed to pay a record-breaking $5.55 million to settle claims of multiple Health Insurance Portability and Accountability Act (“HIPAA”) violations involving electronic protected health information (“ePHI”). The substantial settlement stems from […]

HHS/OCR Announces Launch of HIPAA Audit Program Phase 2

March 21, 2016 By Privacy, Cyber & Data Strategy Team

Today, the U.S. Department of Health & Human Services’s (HHS) Office for Civil Rights (OCR) announced the launch of Phase 2 of its HIPAA Compliance Audit Program. (OCR’s announcement can be accessed at Audit Phase 2 Announcement and further information about Phase 2 can be accessed at Audit Phase 2 Information.) In this phase, OCR will […]

HHS Issues HIPAA Security Rule Crosswalk with NIST Cybersecurity Framework

February 29, 2016 By Privacy, Cyber & Data Strategy Team

Last week, the HHS Office for Civil Rights (OCR) released a crosswalk between the requirements of the HIPAA Security Rule and the NIST Cybersecurity Framework. The crosswalk – which was developed in conjunction with the National Institute of Standards and Technology (NIST) and the HHS Office of the National Coordinator for Health IT – maps each […]