Kimberly Gordy

Subscribe to all posts by Kimberly Gordy

OCR releases YouTube Video Addressing “Recognized Security Practices” in HIPAA Enforcement Context

Photo of Kimberly GordyPhoto of Adam CohenPhoto of Craig RobinsonBy Kimberly Gordy, Adam Cohen and Craig Robinson on Posted in HIPAA/HITECH, Marketing
As a Halloween treat for HIPAA-covered entities and business associates, on October 31, the Department of Health and Human Services Office for Civil Rights (OCR) released a new video on its YouTube channel, in which senior OCR cybersecurity advisor Nick Heesters addresses recognized security practices, or RSPs. In this video, Heesters answers a handful of questions … Continue Reading

‘Unboxing’ the New NIST Guidance: NIST Publishes Significant Update to Healthcare Cybersecurity Guide

Photo of Adam CohenPhoto of Kimberly GordyPhoto of Aleksandra VoldBy Adam Cohen, Kimberly Gordy and Aleksandra Vold on Posted in Healthcare
Without question, healthcare providers and the companies that support them operate in an elevated cybersecurity risk environment. And when a cybersecurity incident occurs, the ensuing regulatory inquiries and/or litigation often focus on whether the entity followed recognized security practices. The National Institute of Standards and Technology (NIST) Cybersecurity Framework has long been one of the … Continue Reading

HHS OCR Guidance to 60,000 Retail Pharmacies: Refusal to Fill Rx Based on Potential Pregnancy Termination Concerns Is a Civil Rights Violation, Will Be Investigated

Photo of Kimberly GordyPhoto of Aleksandra VoldBy Kimberly Gordy and Aleksandra Vold on Posted in HHS
On July 13, the Department of Health & Human Services (HHS) Office for Civil Rights (OCR) issued guidance to retail pharmacies that refusing to dispense a prescribed medication or making a determination on the suitability of that medication on the basis of the patient’s sex, pregnancy, or pregnancy-related conditions is discriminatory conduct in violation of … Continue Reading

The Room Where It Happens: The Autonomy of the Hospital Ethics Committees Post-Dobbs

Photo of Kimberly GordyBy Kimberly Gordy on Posted in Healthcare
Since the issuance of the Dobbs decision, there’s been significant discussion by lawyers, philosophers, healthcare providers and political leaders. The ruling has created uncertainty and confusion for those working in the healthcare space, and as lawyers, we are now being asked to advise our clients on myriad issues ranging from criminal culpability to the tax … Continue Reading

Sounding the Alarm: New Federal Law Will Mandate the Reporting of Cybersecurity Incidents Involving Critical Infrastructure – What Companies Need to do now to be Prepared

Photo of Sara GoldsteinPhoto of Kimberly GordyPhoto of Thomas MoranBy Sara Goldstein, Kimberly Gordy and Thomas Moran on Posted in Cybersecurity
In response to increased and persistent cybersecurity threats to American infrastructure, Congress passed the Strengthening American Cybersecurity Act (SACA), which President Joe Biden signed into law on March 15. SACA is likely the first of many steps toward a federal privacy and breach notification framework. Included in SACA is the Cyber Incident Reporting for Critical … Continue Reading

DSIR Deeper Dive: Regulatory Investigation Landscape

Photo of Lynn SessionsPhoto of Patrick H. HaggertyPhoto of Kimberly GordyBy Lynn Sessions, Patrick H. Haggerty and Kimberly Gordy on Posted in Data Security Incident Response
HIPAA-covered entity and business associate breaches continue to draw attention from the Office for Civil Rights (OCR) and other regulators. In almost every HIPAA incident we handled in 2019 involving more than 500 individuals, OCR issued a data request. While OCR investigations can be burdensome, few of them result in penalties. State attorneys general have … Continue Reading

Deeper Dive: The Landscape of Healthcare Data Breaches

Photo of Lynn SessionsPhoto of Patrick H. HaggertyPhoto of Kimberly GordyBy Lynn Sessions, Patrick H. Haggerty and Kimberly Gordy on Posted in HIPAA/HITECH, Medical Privacy
Healthcare was the industry most affected by data breaches in 2018. We worked on nearly 200 healthcare matters involving multispecialty academic medical centers, hospital systems, small and large physician practices, small and large health insurers, and biotech and pharmaceutical companies. In 2018, health information alone was just behind Social Security numbers (which can also be … Continue Reading
LexBlog