Stefanie Ferrari

Subscribe to all posts by Stefanie Ferrari

OCR Guidance on Use of Tracking Technologies Warrants Review of Website Tech

Photo of Aleksandra VoldPhoto of Lynn SessionsPhoto of Stefanie FerrariBy Aleksandra Vold, Lynn Sessions and Stefanie Ferrari on Posted in Information Governance, Information Security
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued guidance regarding covered entities’ and business associates’ use of tracking technologies (the Guidance). As discussed in greater detail below, the Guidance reveals OCR’s position that an IP address is not just an identifier but is itself individually identifiable health information (IIHI) … Continue Reading

2022 DSIR Deeper Dive: Vendor Incidents

Photo of Stefanie FerrariBy Stefanie Ferrari on Posted in Data Breaches, Data Security Incident Response
Vendor-caused incidents continued to surge in 2021. Nearly 20 percent of the total incidents we handled last year were caused by vendors, with more than half requiring notification. As in prior years, vendor incidents involved phishing schemes and inadvertent disclosures but primarily resulted from ransomware attacks on the vendors’ systems. These ransomware attacks often involved … Continue Reading

New HHS Rules Give Patients ‘Unprecedented’ Digital Access to Their Own Health Data but May Put Privacy at Risk

Photo of Stefanie FerrariPhoto of Sara GoldsteinBy Stefanie Ferrari and Sara Goldstein on Posted in HHS
On Monday, the U.S. Department of Health and Human Services (HHS) issued what it calls “transformative” rules that will govern how healthcare providers, insurers and technology vendors must design their systems to give patients safe and secure access to their health data. Issued by two different agencies within HHS – the Office of the National … Continue Reading
LexBlog