On April 22, 2024, the Office for Civil Rights (OCR) for the United States Department of Health and Human Services issued a Final Rule amending the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA). The Final Rule, which goes into effect on June 25, 2024, promulgates
Cybersecurity
Cybersecurity a Top Priority – HHS Publishes New Cybersecurity Performance Goals
The U.S. Department of Health and Human Services (“HHS”) has expanded upon its recent Healthcare Sector Cybersecurity Concept Paper (which we covered in a prior blog post), issuing cybersecurity performance goals (“CPGs”) for the healthcare and public health (“HPH”) sector. These CPGs aim to help healthcare organizations protect against…
HHS Publishes Roadmap of New Strategy for Cybersecurity in the Healthcare Sector
The U.S. Department of Health and Human Services (HHS) recently issued a strategy paper highlighting key aspects of its plan to revamp cybersecurity requirements in the healthcare industry. Citing a 93% increase in large data breaches in healthcare from 2018 to 2022 and a rapid increase in ransomware attacks against…
Another Resolution by DOJ Pursuant to its Civil Cyber-Fraud Initiative Highlights Continued Efforts to Hold Companies Accountable for Ensuring Data are Secured
We previously wrote about the United States Department of Justice’s (“DOJ”) Civil Cyber-Fraud Initiative (“CCFI”), which “aims to hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.” In that post, we summarized DOJ’s first two False Claims Act (“FCA”) resolutions pursuant to the CCFI, which amounted to more than $9 million in recoveries.
FTC’s One-Two Punch on Data Tracking and Health Privacy
On March 2, 2023, the Federal Trade Commission (FTC) announced that it had reached a $7.8 million settlement with mental health and online counseling platform, BetterHelp, Inc. (“BetterHelp”). The FTC alleged that BetterHelp shared consumers’ sensitive health data combined with other personal information (PI) with third party advertising platforms without…
Department of Health and Human Services Issues Request for Information on Cybersecurity Standards
The Department of Health and Human Services (“HHS”) has issued a formal request for information from the public about how regulated entities are implementing industry recognized security practices. The request for information represents a chance for the private sector to contribute to HHS regulation. Interested parties have until June 6,…