Category: Privacy and Security

New Mexico Poised to Add the ‘Data Breach Notification Act’ to the Patchwork of State-Level Data Privacy Laws

The New Mexico Legislature passed the ‘Data Breach Notification Act’ (the Act) on March 15. The Act is now with Governor Susana Martinez who has 20 days from the date the Act was passed to sign it into law. If enacted, the Act would require a person, other than a […]

Advocate Data Breaches Result in Largest HIPAA Settlement To Date

On August 8th, 2016, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) issued the largest Health Insurance Portability and Accountability Act (HIPAA) settlement to date with Advocate Health Care System (Advocate).  Advocate agreed to pay $5.55 million to settle a variety of HIPAA violations.  Advocate […]

FTC Announces Guidance for Developers of Mobile Health Apps

Chairwoman Edith Ramirez of the Federal Trade Commission (FTC) announced the release of new guidance directed towards developers of mobile health apps (the “Guidance”), while speaking today at the International Association of Privacy Professionals (IAPP) conference in Washington, DC.  The Guidance is a tool created in collaboration with the FTC, the […]

HHS Releases Crosswalk Between HIPAA Security Rule and NIST Framework

The U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR)  recently released a “crosswalk” developed with the National Institute of Standards and Technology (NIST) mapping  the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and the NIST Framework for Improving Critical infrastructure Cybersecurity (the Framework). […]

Hollywood Presbyterian Medial Center Was Victim of Cyber-ransom

Hollywood Presbyterian Medical Center revealed on Wednesday that is was the victim of a cyber incident resulting in the hospital paying a cyber-ransom of $17,000 in Bitcoins.  On February 5th hackers used malware that locks systems by encrypting files to infect the hospital’s computer systems, including the electronic medical record […]

ALJ Upholds OCR Enforcement Against Lincare, Inc. of $239,800

A U.S. Department of Health and Human Services (HHS) administrative law judge (ALJ) recently sustained an earlier HHS Office of Civil Rights (OCR)  decision to impose a civil money penalty (CMP) of $239,800 against Lincare Inc. (Lincare) in  connection with HIPAA violations discovered after a breach of patient records.  This is only the second time […]