Failure to Respect Patient’s Right to Access Health Care Information Leads to HIPAA Settlement

Share

Bayfront Health – St. Petersburg (Bayfront) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) entered into a $85,000 no-fault settlement agreement and one year corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA). This settlement is the first case in HHS-OCR’s Right of Access Initiative (Initiative). The Initiative was open for public comment between December 2018 and February 2019 and received over 1,000 comments.

Continue reading

Newly-Discovered Vulnerability Highlights the Security Concerns Surrounding Bluetooth Technology

Share

A recent report by researchers at the Helmholz Center for Information Security (CISPA), Singapore University of Technology and Design, and the University of Oxford has revealed that Bluetooth technology is vulnerable to a new type of hacking which allows for an attacker to carry out data theft on a Bluetooth-enabled device without the user’s knowledge or permission so long as the cyber-criminal is within Bluetooth range of the targeted device.

Continue reading

NIST Unveils IoT Baseline of Core Cybersecurity Features for Comment

Share

In a release aptly labeled “A Starting Point for IoT Device Manufacturers” the National Institute of Standards and Technology (NIST), an arm of the Department of Commerce, recently added to the discussion with the publication. NIST sought to provide IoT device manufacturers a better understanding of appropriate cybersecurity features for the vast and constantly proliferating range of IoT devices. NIST’s fundamental purpose is to improve the securitibility of IoT devices and to identify, in general terms, the features that can be designed so that customers can better use them to manage cybersecurity risk profiles.

Continue reading

Data Privacy Exposure Hits the Public Sector: Lessons from the OPM Data Breach Class Action, Whistleblower Actions, and the GAO Cybersecurity Report

Share

Data privacy litigation and enforcement actions continue to roil the private sector, most recently with the FTC’s announcement of a $425 million settlement with Equifax in the wake of the Equifax data breach. Less discussed is the fact that data privacy and security remains a real threat in the public sector. As we recently reported, the 2019 Verizon Data Breach Investigations Report found that 16% of confirmed data breaches were in the public sector. Three recent developments highlight the breadth and scope of the threat, reflecting that federal agencies and government contractors remain vulnerable to cyberattacks and may be subject to liability for cybersecurity failures.

Continue reading

An Update on Federal Policy Regarding Chief Data Officers and Data Governance: New OMB Memo

Share

The Office of Management and Budget (OMB) has issued a recent memorandum that moves the federal government forward in embracing the importance of the “governance” of data.

Continue reading

Recent FinCEN Advisory Details Dramatic Increase in Frequency and Severity of Business Email Compromise Fraud Schemes

Share

On July 16, 2019, the U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) issued an “Updated Advisory on Email Compromise Fraud Schemes Targeting Vulnerable Business Processes” (the “Advisory”). The Advisory provides a detailed and helpful overview of trends in Business Email Compromise (“BEC”) schemes affecting U.S. financial institutions and other businesses.

Continue reading

« Older posts

© 2019 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Cookie Policy | Privacy Policy