On December 14, 2022, the U.S. Department of Health and Human Services Office of Civil Rights published a notice of a settlement with a dental practice over disclosures of patients’ protected health information over social media. Here is the full version reproduced below: Date: Wed, 14 Dec 2022Subject: HHS Civil Rights Office Enters Settlement with…
Tag: regulatory
OCR Releases Video Guidance on Recognized Security Practices for National Cybersecurity Awareness Month
On October 31, 2022, the U.S. Department of Health and Human Services Office of Civil Rights provided guidance titled OCR Releases New Recognized Security Practices Video. This guidance is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for all organizations — healthcare and non-healthcare…
OCR Guidance on HIPAA Security Rule Security Incident Procedures for National Cybersecurity Awareness Month
On October 25, 2022, the U.S. Department of Health and Human Services Office of Civil Rights in its October 2022 OCR Cybersecurity Newsletter provided guidance titled HIPAA Security Rule Security Incident Procedures. This guidance is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for…
The Home Depot / State Attorneys General Settlement – My 1st and 2nd Thoughts
The Attorneys General of 46 states reached a $17.5 million-dollar settlement with The Home Depot, which was announced on November 24, 2020. Texas Attorney General Ken Paxton announced that this settlement was led by the Connecticut, Illinois, and Texas AGs and Texas will collect $1,777,440.00. I will have more to say about this settlement in…
Texas AG: Business Must Implement and Maintain Reasonable Cybersecurity Safeguards
Go here to read: Texas Businesses Must Implement and Maintain Reasonable Cybersecurity Safeguards According to State Attorney General
Helpful FTC Guidance on Cybersecurity for Small and Midsize Companies
It is important for all companies — especially small and midsize companies — to have a basic understanding of what the FTC considers to be reasonable cybersecurity. The FTC is known for being one of the more aggressive regulators that are investigating and enforcing (what it views as) inadequate cybersecurity by companies doing business in the United States….
Complimentary Webinar: Countdown to #GDPR – Compliance for Non-EU Companies
Countdown to GDPR Compliance is a complimentary webinar that I will be moderating on Thursday, December 7, 2017, at 12:00 PM Central. This is the second webinar in a three-part series sponsored by Mackrell International and will focus on Compliance for Non-EU Companies. You don’t want to miss it! Moderator: Shawn Tuma Presenter: Marta Stephanian,…
National data breach notification law proposed by Senate Commerce Committee members (includes jail?)
Three Democratic senators introduced legislation Thursday requiring companies to notify customers of data breaches within 30 days of their discovery and imposing a five year prison sentence on organizations caught concealing data breaches. https://www.cyberscoop.com/national-data-breach-notification-law-bill-nelson-uber-equifax-hack/
Uber’s Settlement With FTC Emphasizes Companies’ Need for Cyber Risk Management Programs
The FTC and Uber have settled the enforcement action the FTC brought against the company. This action stems from Uber’s data breach of more than 100,000 individuals’ PII despite its promises that their data was “securely stored within our databases.” The FTC found this promise was misleading when compared with the actions the company was…
OCR Issues Cyberattack Response Checklist and Infographic
The United States Department of Health and Human Services’ Office for Civil Rights has just issued a checklist and infographic to aid healthcare organizations and their vendors in quickly responding to cyberattacks in compliance with HIPAA requirements.
You must be logged in to post a comment.