Kimberly Gordy

Subscribe to all posts by Kimberly Gordy

‘Unboxing’ the New NIST Guidance: NIST Publishes Significant Update to Healthcare Cybersecurity Guide

Without question, healthcare providers and the companies that support them operate in an elevated cybersecurity risk environment. And when a cybersecurity incident occurs, the ensuing regulatory inquiries and/or litigation often focus on whether the entity followed recognized security practices. The National Institute of Standards and Technology (NIST) Cybersecurity Framework has long been one of the … Continue Reading

HHS OCR Guidance to 60,000 Retail Pharmacies: Refusal to Fill Rx Based on Potential Pregnancy Termination Concerns Is a Civil Rights Violation, Will Be Investigated

On July 13, the Department of Health & Human Services (HHS) Office for Civil Rights (OCR) issued guidance to retail pharmacies that refusing to dispense a prescribed medication or making a determination on the suitability of that medication on the basis of the patient’s sex, pregnancy, or pregnancy-related conditions is discriminatory conduct in violation of … Continue Reading

The Room Where It Happens: The Autonomy of the Hospital Ethics Committees Post-Dobbs

Since the issuance of the Dobbs decision, there’s been significant discussion by lawyers, philosophers, healthcare providers and political leaders. The ruling has created uncertainty and confusion for those working in the healthcare space, and as lawyers, we are now being asked to advise our clients on myriad issues ranging from criminal culpability to the tax … Continue Reading

Sounding the Alarm: New Federal Law Will Mandate the Reporting of Cybersecurity Incidents Involving Critical Infrastructure – What Companies Need to do now to be Prepared

In response to increased and persistent cybersecurity threats to American infrastructure, Congress passed the Strengthening American Cybersecurity Act (SACA), which President Joe Biden signed into law on March 15. SACA is likely the first of many steps toward a federal privacy and breach notification framework. Included in SACA is the Cyber Incident Reporting for Critical … Continue Reading

DSIR Deeper Dive: Regulatory Investigation Landscape

HIPAA-covered entity and business associate breaches continue to draw attention from the Office for Civil Rights (OCR) and other regulators. In almost every HIPAA incident we handled in 2019 involving more than 500 individuals, OCR issued a data request. While OCR investigations can be burdensome, few of them result in penalties. State attorneys general have … Continue Reading

Deeper Dive: The Landscape of Healthcare Data Breaches

Healthcare was the industry most affected by data breaches in 2018. We worked on nearly 200 healthcare matters involving multispecialty academic medical centers, hospital systems, small and large physician practices, small and large health insurers, and biotech and pharmaceutical companies. In 2018, health information alone was just behind Social Security numbers (which can also be … Continue Reading
LexBlog