Yesterday, Department of Health and Human Services Deputy Secretary Eric Hargan announced the launch of the Deputy Secretary’s Innovation and Investment Summit (DSIIS). DSIIS follows a June 2018 request for information to “develop a workgroup to facilitate constructive, high-level dialogue between HHS leadership and those focused on innovating and investing […]
On Monday, the Government Accountability Office (“GAO”) released a report (the “Report”) criticizing the U.S. Department of Health and Human Services (“HHS”) security and privacy guidance and oversight in protecting electronic protected health information (“ePHI”) from cybersecurity attacks. The Report noted that HHS does not adequately address cybersecurity elements outlined […]
All is Well: FDA to Host Webinar on its Final Guidance for Low-Risk General Wellness Devices on September 1, 2016
The U.S. Food and Drug Administration (FDA) recently released final version of its guidance, General Wellness: Policy for Low-Risk Devices (Policy), with a webinar slated for September 1st as part of the rollout. While not much has changed from the 2015 draft guidance, the number of mobile apps and general wellness products […]
Chairwoman Edith Ramirez of the Federal Trade Commission (FTC) announced the release of new guidance directed towards developers of mobile health apps (the “Guidance”), while speaking today at the International Association of Privacy Professionals (IAPP) conference in Washington, DC. The Guidance is a tool created in collaboration with the FTC, the […]
The U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) recently released a “crosswalk” developed with the National Institute of Standards and Technology (NIST) mapping the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and the NIST Framework for Improving Critical infrastructure Cybersecurity (the Framework). […]
Hollywood Presbyterian Medical Center revealed on Wednesday that is was the victim of a cyber incident resulting in the hospital paying a cyber-ransom of $17,000 in Bitcoins. On February 5th hackers used malware that locks systems by encrypting files to infect the hospital’s computer systems, including the electronic medical record […]
Late last week, Senator Barbara Boxer (D-CA) wrote to the leaders of Johnson & Johnson, GE Healthcare, Siemens USA, Medtronic and Philips USA, to “express serious concerns” about potential cybersecurity vulnerabilities in their medical devices. From the letter, the rationale for selecting these companies is that together they “control more […]
Last week, the University of Washington Medicine (UWM), an affiliated covered entity that includes multiple entities such as the University of Washington Medical Center, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $750,000 and implementing a substantial corrective action plan.
Recently, Lahey Hospital and Medical Center (Lahey), a nonprofit teaching hospital located in Massachusetts, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $850,000 and adopting a robust corrective action plan.
Last week, the Connecticut Attorney General (the “Connecticut AG”) announced that Hartford Hospital and its subcontractor, EMC Corporation (“EMC”), agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The entities will collectively pay a $90,000 penalty and also sign an Assurance of Voluntary Compliance (an […]