Health Law Update

Home | Health Law Update

Editor’s Note: We recently launched a graphic illustrating our <a href="http://www.dataprivacymonitor.com/wp-content/uploads/sites/188/2014/10/Cyber-Risk-Mitigation-Services.pdf">Cyber Risk Mitigation Services</a>. Our attorneys have <a href="http://www.dataprivacymonitor.com/category/cybersecurity/">written</a> about specific examples of those services.

Healthcare is plagued by a high frequency of reported breaches. Although they are often caused by employees making mistakes, such as misdirecting a fax or losing a thumb drive, we are seeing more and more breaches caused by malware, phishing scams, and hacking. We have worked with healthcare entities in responding to data breaches, including breach analysis and notification obligations to patients, the media, and regulatory agencies.

Unlike any other industry, when a healthcare organization is dealing with a breach involving over 500 individuals, not only is the organization required to report the breach to the media, but the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) will assuredly conduct an investigation. Increasingly, our clients are also seeing inquiries from state attorneys general, who have enforcement authority under Health Insurance Portability and Accountability Act (HIPAA) as well as the state laws.  <a href="http://www.dataprivacymonitor.com/cybersecurity/managing-your-health-information-risks-should-not-begin-after-a-breach-is-reported/">Read More»»</a>

&nbsp;

Managing Your Health Information Risks Should Not Begin After a Breach Is Reported