Category: Health Information Privacy

GAO Criticizes HHS In Health Information Cybersecurity Report

On Monday, the Government Accountability Office (“GAO”) released a report (the “Report”) criticizing the U.S. Department of Health and Human Services (“HHS”) security and privacy guidance and oversight in protecting electronic protected health information (“ePHI”) from cybersecurity attacks.  The Report noted that HHS does not adequately address cybersecurity elements outlined […]

FTC Announces Guidance for Developers of Mobile Health Apps

Chairwoman Edith Ramirez of the Federal Trade Commission (FTC) announced the release of new guidance directed towards developers of mobile health apps (the “Guidance”), while speaking today at the International Association of Privacy Professionals (IAPP) conference in Washington, DC.  The Guidance is a tool created in collaboration with the FTC, the […]

HHS Releases Crosswalk Between HIPAA Security Rule and NIST Framework

The U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR)  recently released a “crosswalk” developed with the National Institute of Standards and Technology (NIST) mapping  the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and the NIST Framework for Improving Critical infrastructure Cybersecurity (the Framework). […]

Hollywood Presbyterian Medial Center Was Victim of Cyber-ransom

Hollywood Presbyterian Medical Center revealed on Wednesday that is was the victim of a cyber incident resulting in the hospital paying a cyber-ransom of $17,000 in Bitcoins.  On February 5th hackers used malware that locks systems by encrypting files to infect the hospital’s computer systems, including the electronic medical record […]

FDA Issues Draft Guidance on Medical Device Cybersecurity

Recently, the U.S. Food and Drug Administration (FDA) published draft guidance entitled “Postmarket Management of Cybersecurity in Medical Devices” (the Guidance) that sets forth ways in which medical device manufacturers should monitor and address cybersecurity risks.  The Guidance is the latest manifestation of a federal agency weighing in on the continually […]

University of Washington Medicine Agrees to Settle Alleged HIPAA Breach

Last week, the University of Washington Medicine (UWM), an affiliated covered entity that includes multiple entities such as the University of Washington Medical Center, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $750,000 and implementing a substantial corrective action plan.

Lahey Hospital Agrees to Settle Alleged HIPAA Breach

Recently, Lahey Hospital and Medical Center (Lahey), a nonprofit teaching hospital located in Massachusetts, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $850,000 and adopting a robust corrective action plan.