By Matt Fisher – The risk to privacy and security of healthcare information, despite all of the headlines, does not only come from outside attackers. Inside threats are real and can go undetected for potentially longer periods of time.
Read More
By Matt Fisher – The steady stream of settlements from the Office for Civil Rights continues. The underpinning to many of the recent settlements is notification following the occurrence of a data breach, often from some form of a cyber attack.
By Dr. Scott Schell – As cyber threats become increasingly sophisticated, proposed updates to federal healthcare cybersecurity standards have reignited debate across the industry. Introduced in December 2024, these regulations represent the first significant update to the HIPAA Security Rule, aiming to address the advent of AI, quantum computing, and virtual reality.
By Matt Fisher – Whenever an entity subject to HIPAA experiences a data breach, notification must be given to the Office for Civil Rights. Once OCR receives notification of a breach, an investigation will typically follow. That combination is a sure way for broader issues to be uncovered. That is the scenario that played out in the most recent settlement announced by OCR.
By Matt Fisher – Ambient listening technology is growing in many areas and being incorporated into a lot of different applications. What does the ambient listening do? It automatically picks up conversations and other sounds around it to be processed for one purpose or another.
By Matt Fisher – Apparently the Office for Civil Rights does still have older resolved HIPAA concerns in its hopper to release. The latest release about a civil monetary penalty continues the ongoing enforcement focus on the right of access.
By Zac Amos – Telehealth has revolutionized health care, offering convenience and accessibility for providers and patients. However, with the shift to virtual care comes a critical responsibility — ensuring the security and privacy of patient information.
By Matt Fisher – The Office for Civil Rights announced another cyber incident driven HIPAA civil monetary penalty on February 20, 2025. The settlement broke a one month lull in HIPAA enforcement announcements, though looking at the dates in the documents (all go back to the last quarter or so of 2024), it may not necessarily be an indication that enforcement of HIPAA remains an ongoing immediate priority.
By Matt Fisher – Prior to the changeover of the administration, the HHS Office for Civil Rights went on a bit of a HIPAA settlement bender. The fast pace of announced settlements felt a bit like a clearing of the decks. The various settlements continued recent trends around the issues being selected by OCR for settlement along with the still random amount of settlements.