HIPAA

Insider Risks

By Matt Fisher – The risk to privacy and security of healthcare information, despite all of the headlines, does not only come from outside attackers. Inside threats are real and can go undetected for potentially longer periods of time.

Read More

Healthcare’s Cybersecurity Overhaul

By Dr. Scott Schell – As cyber threats become increasingly sophisticated, proposed updates to federal healthcare cybersecurity standards have reignited debate across the industry. Introduced in December 2024, these regulations represent the first significant update to the HIPAA Security Rule, aiming to address the advent of AI, quantum computing, and virtual reality.


Breach Report Begets Settlement

By Matt Fisher – Whenever an entity subject to HIPAA experiences a data breach, notification must be given to the Office for Civil Rights. Once OCR receives notification of a breach, an investigation will typically follow. That combination is a sure way for broader issues to be uncovered. That is the scenario that played out in the most recent settlement announced by OCR.


Always Listening, Always Leaking?

By Matt Fisher – Ambient listening technology is growing in many areas and being incorporated into a lot of different applications. What does the ambient listening do? It automatically picks up conversations and other sounds around it to be processed for one purpose or another.




HIPAA Enforcement Marches On (?)

By Matt Fisher – The Office for Civil Rights announced another cyber incident driven HIPAA civil monetary penalty on February 20, 2025. The settlement broke a one month lull in HIPAA enforcement announcements, though looking at the dates in the documents (all go back to the last quarter or so of 2024), it may not necessarily be an indication that enforcement of HIPAA remains an ongoing immediate priority.


Not 1, Not 2, but 6 Settlements

By Matt Fisher – Prior to the changeover of the administration, the HHS Office for Civil Rights went on a bit of a HIPAA settlement bender. The fast pace of announced settlements felt a bit like a clearing of the decks. The various settlements continued recent trends around the issues being selected by OCR for settlement along with the still random amount of settlements.