“My Identical Twin Sequenced our Genome”

We all assume that our genetic information is personal and private.  This may not be totally correct, but that assumption goes completely out the window when you are an identical twin.  This question is explored in an interesting article in the Journal of Genetic Counseling.  The twins were interviewed in the MIT Technology Review. More

Additional Clarification regarding HHS OCR Phishing Email Alert

More information from HHS OCR about the phishing threat:

  • On November 28, 2016, the HHS Office for Civil Rights issued a listserv announcement warning covered entities and their business associates about a phishing email that disguises itself as an official communication from the Department. The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program,…
  • More

Cybersecurity 2017 – The Year in Preview: Emerging Security Threats

Editor’s note:  This is the fourth in a continuing end-of-year series.  See our previous posts on trade secretsstate regulation and law enforcement, and HIPAA compliance.  Our last two posts will focus on the energy industry, and federal regulation and law enforcement.

In 2016, new and alarming cybersecurity threats emerged, raising concerns in government, the business world,… More

HHS OCR Alert: Phishing Email Disguised as Official OCR Audit Communication

This alert just in from HHS OCR:

“It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels. This email appears to be an official government communication, and targets employees of HIPAA covered entities and their business associates.  The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy,… More

More on HIPAA Audits for 2016 and 2017–Desk Audits and On-Site Audits

As part of the ongoing HHS OCR HIPAA audit initiative, it is conducting “HIPAA desk audits.”  These audits don’t involve auditors coming in your facility.  Instead, covered entities are being asked to submit documents on:

     (1) their risk analysis and risk management plans under the HIPAA security rule;

     (2) the content and timeliness for following the HIPAA breach notification rule; or

     (3) the notice of the entity’s privacy practices for health information and patients’… More

Cybersecurity 2017 – The Year In Preview: HIPAA Compliance

Editor’s Note:  This is the third in a continuing end-of-year series.  See our previous posts on trade secrets and state regulation and law enforcement.  Up next:  the changing threat landscape.

The year ahead promises to be a busy one for those with responsibility for HIPAA compliance, as the Office of Civil Rights (OCR), charged with enforcing HIPAA, continues to lean in to compliance initiatives and addresses new questions in the rapidly-evolving healthcare information technology environment.… More

Cybersecurity 2017 – The Year In Preview: The Changing Face of State Law and Enforcement

Editor’s Note:  This is the second in a continuing end-of-year series.  Stay tuned for our next installment, discussing HIPAA compliance.

In the patchwork of state and federal law regulating the use and maintenance of personal confidential information, states play a significant role and can often be the most important regulator and law enforcement authority.  Recent events have signaled changes in how states interpret and enforce their data privacy standards —… More

Cybersecurity 2017 – The Year In Preview: Trade Secret Theft Takes Center Stage

Editor’s Note:  This is the first of an end-of-year series of posts examining coming trends in cybersecurity.  Posts will examine trends in state regulations, federal regulatory authority, the changing nature of the threat landscape, and HIPAA.  This post discusses a shift in concern from personal consumer information toward company trade secrets.

When it comes to the issue of data privacy and security, especially among lawyers, the discussion generally concerns personally identifiable information. … More

Cybersecurity: Are You Ready for the Next Attack?

The U.S. Department of Homeland Security says that all employees need to know the signs of a cyber-attack, not just those who work in the IT field. This is increasingly important as more companies move business operations online. The Department stresses employees should make passwords complex, beware of phishing emails and report all suspicious activity to their company’s IT department.

Last week, attorney Chris Hart joined the Boston Business Journal’s Table of Experts program to provide insights into how to protect a company from a cyberattack,… More

Sharing Consumer Health Information? Look to HIPAA and the FTC Act

Does your business collect and share consumer health information? Check out these tips from the FTC for complying with HIPAA and the FTC Act.

***

HIPAA
The HIPAA Privacy Rule applies to HIPAA covered entities— a health plan, most health care providers, or a health care clearinghouse. It also applies if you are a business associate – a person or company that helps a covered entity carry out its health care activities and functions.… More