Health Information Security

Anthem Settles Data Breach Litigation for Record-Setting $115M

June 27, 2017 By Andrew Liebler

Health insurance giant Anthem, Inc. agreed to the largest data breach settlement to-date last week, ending multi-district consumer litigation over a 2015 data breach for $115 million. The data breach, which resulted from a hacker-orchestrated cyberattack following the theft of an employee password, exposed personally identifiable information (“PII”) and protected health information (“PHI”) of nearly […]

HHS/OCR Announces Launch of HIPAA Audit Program Phase 2

March 21, 2016 By Privacy, Cyber & Data Strategy Team

Today, the U.S. Department of Health & Human Services’s (HHS) Office for Civil Rights (OCR) announced the launch of Phase 2 of its HIPAA Compliance Audit Program. (OCR’s announcement can be accessed at Audit Phase 2 Announcement and further information about Phase 2 can be accessed at Audit Phase 2 Information.) In this phase, OCR will […]

HHS Issues HIPAA Security Rule Crosswalk with NIST Cybersecurity Framework

February 29, 2016 By Privacy, Cyber & Data Strategy Team

Last week, the HHS Office for Civil Rights (OCR) released a crosswalk between the requirements of the HIPAA Security Rule and the NIST Cybersecurity Framework. The crosswalk – which was developed in conjunction with the National Institute of Standards and Technology (NIST) and the HHS Office of the National Coordinator for Health IT – maps each […]

European Data Protection Supervisor Releases Opinion on Mobile Health

June 18, 2015 By Privacy, Cyber & Data Strategy Team

The European Data Protection Supervisor (“EDPS”), Giovanni Buttarelli, has published an opinion on Mobile Health (“mHealth”); a rapidly evolving sector that stems from the convergence of healthcare and information communication technology. mHealth includes mobile applications designed to provide health-related services through smart devices by processing personal information about an individual’s health, well-being, and lifestyle. The […]

Paula Stannard Authors Bloomberg BNA Article on Business Associates HIPAA Compliance

May 12, 2015 By HIPAA Privacy & Security Team

Paula Stannard, one of the practice leaders of the firm’s HIPAA Privacy & Security Team authored, “Business Associates’ HIPAA Compliance: Should Covered Entities Be Concerned?” in Bloomberg BNA’s Health IT Law & Industry Report. The article discusses why HIPAA covered entities (or business associates) should be concerned about the ability of their business associates (or […]