Disclaimer

This Blog/Web Site ("Blog") does not provide specific legal advice. It is for educational purposes only. Use of the Blog does not create any attorney-client relationship between you and Holland & Knight LLP or the author(s) of any posts. The Blog does not constitute legal advice and is not a substitute for competent legal advice from a licensed attorney in your state. Any links from another site to the Blog are beyond the control of Holland & Knight LLP and do not convey their approval, support or any relationship to any site or organization.

Find News & Knowledge

Cybersecurity and Privacy Topics

Data Breach    COPPA    

    Mobile    Privacy    

Cybersecurity    HIPAA

Incident Response

FTC    Legislation

  

Cybersecurity and Privacy Videos

 
How to Choose the Right
Cybersecurity Firm

Cybersecurity, Data Breach and Privacy Blog

Holland & Knight's Cybersecurity, Data Breach and Privacy Blog provides insights and analysis on privacy, information security, and information governance laws.

Showing 1-20 of 113 results
Sort By:
 
Next
Cybersecurity risks to the healthcare sector have been growing exponentially in the last five years and, over time, have come to include not only data security and privacy risks but also operational and systemic risks that could affect the health and safety of patients.
Read more »
On Dec. 28, 2018, the U.S. Department of Health and Human Services (HHS) announced the release of voluntary cybersecurity practices and tools for the healthcare industry. The documents were the result of Section 405(d) of the Cybersecurity Act of 2015 and developed by a task group of 103 members and tested by more than 120 stakeholders, including clinicians and IT professionals.
Read more »
The Department of Health and Human Services' Office for Civil Rights (OCR) has issued a Request for Information, which is scheduled for publication in the Federal Register on Dec. 14, 2018. OCR is asking the public to provide input on ways that the HIPAA privacy and security rules could be modified to improve coordinated care.
Read more »
December 12, 2018
|
Another government settlement demonstrates that not having a HIPAA compliance program can be costly. HHS's Office for Civil Rights (OCR) announced, on Dec. 4, 2018, that Advanced Care Hospitalists PL (ACH) agreed to pay a whopping $500,000 to settle allegations that it violated HIPAA. ACH, based in Florida, provides physician contractors to hospitals and nursing homes.
Read more »
December 5, 2018
|
Allergy Associates of Hartford, P.C., entered into a Resolution Agreement and agreed to pay $125,000 to the U.S. Department of Health and Human Services, Office for Civil Rights (HHS) in order to settle certain Health Insurance Portability and Accountability (HIPAA) violations relating to the impermissible disclosure of a patient's protected health information.
Read more »
November 29, 2018
|
HIPAA and several other privacy laws do not include a private right of action. This is cold comfort for healthcare providers, health plans and other members of the healthcare industry if a patient is able to demonstrate that the statutory violation caused actual harm. In an opinion filed on Nov. 9, 2018, Florida's Fifth District Court of Appeal held that a patient could bring a claim for breach of fiduciary duty and negligence relating to a physician's disclosure of medical records.
Read more »
November 15, 2018
|
The Federal Trade Commission (FTC) continues its comprehensive efforts to focus on consumer protection issues, including those around the use of Big Data, Artificial Intelligence (AI) and predictive analytics. These tools are utilized by every industry – ranging from banking/financial services, health, transportation, energy, retail, payment processors and a host of others – to meet the needs of their customers and for service delivery.
Read more »
November 13, 2018
|
The U.S. Food and Drug Administration (FDA) is moving aggressively in October to continue to raise concerns about cybersecurity risks to medical devices, with three recent updates. The FDA just released new draft guidance on these risks, indicating that it will eventually supersede the cybersecurity guidance issued in 2014.
Read more »
October 18, 2018
|
President Donald Trump on Sept. 20, 2018, unveiled a new National Cyber Strategy. This strategy follows the release of the May 2017 White House Cybersecurity Executive Order (EO) 13800. The EO addressed key issues and areas related to federal networks detailed in a prior blog as well as a focus on critical infrastructure sectors.
Read more »
September 27, 2018
|
The Trump Administration recently announced plans to establish U.S. consumer privacy standards in response to a series of high-profile privacy breaches.
Read more »
On Aug. 6, 2018, the Federal Trade Commission (FTC) announced plans to hold a series of public hearings from the fall of 2018 to January 2019 that will focus on key issues impacting the U.S. consumer. Specifically, these hearings will "examine whether broad based changes in the economy, evolving business practices, new technologies or international developments might require adjustments to competition and consumer protection law, enforcement priorities, and policy."
Read more »
August 14, 2018
|
On Tuesday, July 31, 2018, the Department of Homeland Security (DHS) hosted a National Cybersecurity Summit, featuring the nation's top homeland, national security and law enforcement officials.
Read more »
August 6, 2018
|
On June 26, Holland & Knight Senior Policy Advisors Scott Mason and Norma Krayem participated on a panel “Blockchain: Do We Need to Regulate to Innovate” in the firm's New York office. Given their knowledge on the subject and extensive engagement with federal legislators and regulators, they provided insight on how Congress and the Trump Administration's policy initiatives are evolving the use of blockchain in key sectors.
Read more »
On May 30, 2018, the White House released a key report, entitled "Assessment of Electricity Disruption Incident Response Capabilities," which was required by the May 2017 White House Cybersecurity Executive Order 13800 discussed in a prior blog. The report, written by the U.S. Departments of Homeland Security (DHS) and Energy (DOE), reviews the state of preparedness by the electricity sector and its ability to manage cybersecurity attacks, with a focus on how such respective attacks would impact other sectors.
Read more »
June 5, 2018
|
Cybersecurity risks to the health and medical device sector continue to be front and center both in Congress and the executive branch, with increasing risks coming from nation states, nonstate actors and other attackers. The health sector is one of 16 Critical Infrastructure (CI) sectors as defined by the U.S. Department of Homeland Security (DHS).
Read more »
May 21, 2018
|
On Feb. 21, 2018, the Securities and Exchange Commission (SEC) issued interpretive guidance on its expectations for corporate disclosures on cybersecurity risks.
Read more »
February 23, 2018
|
CMS issued a memo to state survey agency directors on December 28, 2017, to clarify CMS’s position on texting patient information. The memo, which indicates that it is effective “immediately,” states that CMS prohibits texting of orders by healthcare providers. Specifically, “texting orders from a provider to a member of the care team is not in compliance with the Conditions of Participation (CoPs) or Conditions of Coverage (CfCs).” In support of its position, CMS cites “§489.24(b),” which appears to be a typographical error. The rule dictating the form and retention of hospital records is 42 C.F.R. §482.24(b) .The rule states that “[m]edical records must be accurately written, promptly completed, properly filed and retained, and accessible.”
Read more »
December 29, 2017
|
The Department of Health and Human Services’ Office for Civil Rights, on July 25, 2017, announced an updated online tool that can be used to learn about breaches currently under investigation.
Read more »
Last week’s ransomware attack was one of the most widespread attacks we have seen, with (so far) more than 200,000 machines hit across more than 150 countries.
Read more »
May 15, 2017
|
On May 11, 2017, President Trump signed the long anticipated Cybersecurity Executive Order (EO), entitled "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure." The Executive Order is broken down into three sections (1) Cybersecurity of Federal Networks; (2) Cybersecurity of Critical Infrastructure; and (3) Cybersecurity for the Nation.
Read more »
May 12, 2017
|
Next