Health insurance giant Anthem, Inc. agreed to the largest data breach settlement to-date last week, ending multi-district consumer litigation over a 2015 data breach for $115 million. The data breach, which resulted from a hacker-orchestrated cyberattack following the theft of an employee password, exposed personally identifiable information (“PII”) and protected health information (“PHI”) of nearly […]
Health Information Security
HHS/OCR Announces Launch of HIPAA Audit Program Phase 2
Today, the U.S. Department of Health & Human Services’s (HHS) Office for Civil Rights (OCR) announced the launch of Phase 2 of its HIPAA Compliance Audit Program. (OCR’s announcement can be accessed at Audit Phase 2 Announcement and further information about Phase 2 can be accessed at Audit Phase 2 Information.) In this phase, OCR will […]
HHS Issues HIPAA Security Rule Crosswalk with NIST Cybersecurity Framework
Last week, the HHS Office for Civil Rights (OCR) released a crosswalk between the requirements of the HIPAA Security Rule and the NIST Cybersecurity Framework. The crosswalk – which was developed in conjunction with the National Institute of Standards and Technology (NIST) and the HHS Office of the National Coordinator for Health IT – maps each […]
European Data Protection Supervisor Releases Opinion on Mobile Health
The European Data Protection Supervisor (“EDPS”), Giovanni Buttarelli, has published an opinion on Mobile Health (“mHealth”); a rapidly evolving sector that stems from the convergence of healthcare and information communication technology. mHealth includes mobile applications designed to provide health-related services through smart devices by processing personal information about an individual’s health, well-being, and lifestyle. The […]
Paula Stannard Authors Bloomberg BNA Article on Business Associates HIPAA Compliance
Paula Stannard, one of the practice leaders of the firm’s HIPAA Privacy & Security Team authored, “Business Associates’ HIPAA Compliance: Should Covered Entities Be Concerned?” in Bloomberg BNA’s Health IT Law & Industry Report. The article discusses why HIPAA covered entities (or business associates) should be concerned about the ability of their business associates (or […]