“While this is an oversimplification of all of the requirements and nuances of the forthcoming SEC rules, the SEC’s objectives are to require companies to provide meaningful and actionable information to shareholders to better understand companies’ cyber risks and how companies are managing and responding to them. From a very high level, this can be…
Category: Regulatory
Dental Practice Responses to Online Reviews Cost $23,000 Settlement with OCR for Impermissible Disclosure of PHI
On December 14, 2022, the U.S. Department of Health and Human Services Office of Civil Rights published a notice of a settlement with a dental practice over disclosures of patients’ protected health information over social media. Here is the full version reproduced below: Date: Wed, 14 Dec 2022Subject: HHS Civil Rights Office Enters Settlement with…
Please share this!
“Data is the hot potato!” — some data governance lessons from the Twitter Whistleblower Testimony
Hopefully you saw my recent post “Data is the hot potato!” and data minimization lessons from the FTC’s Drizly case and it reinforced in your mind just how important it is to focus on the data when we are talking about cyber and privacy risk management. If it didn’t, that’s ok, here’s another reminder. My…
Please share this!
OCR Releases Video Guidance on Recognized Security Practices for National Cybersecurity Awareness Month
On October 31, 2022, the U.S. Department of Health and Human Services Office of Civil Rights provided guidance titled OCR Releases New Recognized Security Practices Video. This guidance is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for all organizations — healthcare and non-healthcare…
Please share this!
“Data is the hot potato!” and data minimization lessons from the FTC’s Drizly case
Thank you, Jamie Sorley! I have a few sayings about cybersecurity and data privacy but one of my favorites is “data is the hot potato!” When doing presentations, I love to have the attendees chant over and over in unison, “Data is the hot potato! Data is the hot potato! Data is the hot potato!”…
Please share this!
OCR Guidance on HIPAA Security Rule Security Incident Procedures for National Cybersecurity Awareness Month
On October 25, 2022, the U.S. Department of Health and Human Services Office of Civil Rights in its October 2022 OCR Cybersecurity Newsletter provided guidance titled HIPAA Security Rule Security Incident Procedures. This guidance is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for…
Please share this!
Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop? (publication)
Many thanks to HealthcareITNews for publishing my recent article Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop? HHS is trying to get companies to comply with the law and, more broadly, their obligation to protect the sensitive information that people have entrusted to them. We have handled numerous cases…
Please share this!
Helpful FTC Guidance on Cybersecurity for Small and Midsize Companies
It is important for all companies — especially small and midsize companies — to have a basic understanding of what the FTC considers to be reasonable cybersecurity. The FTC is known for being one of the more aggressive regulators that are investigating and enforcing (what it views as) inadequate cybersecurity by companies doing business in the United States….
Please share this!
Allscripts EHR Ransomware Attack is Huge–How Will it Impact Healthcare Practices?
See recommendations below On January 19, 2018, cybercriminals were successful in a ransomware attack on Allscripts, an electronic healthcare record (EHR) provider for healthcare providers across the United States. The attack encrypted some of Allscripts systems and prevented those healthcare providers who use those systems for their EHRs from being able to access their patient records. Not…
Please share this!
Complimentary Webinar: Countdown to #GDPR – Compliance for Non-EU Companies
Countdown to GDPR Compliance is a complimentary webinar that I will be moderating on Thursday, December 7, 2017, at 12:00 PM Central. This is the second webinar in a three-part series sponsored by Mackrell International and will focus on Compliance for Non-EU Companies. You don’t want to miss it! Moderator: Shawn Tuma Presenter: Marta Stephanian,…
You must be logged in to post a comment.