Archives: Healthcare

What’s Old Is New Again: OCR Announces $300,000 Settlement Related to Improper Disposal of Physical PHI

By Aleksandra Vold on September 13, 2022 Posted in Healthcare

After a long stretch of breach enforcement actions and settlements arising out of alleged technology gaps, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced that it settled a case that involved improper disposal of physical protected health information (PHI). This case unusual for its quick resolution, but that is … Continue Reading

‘Unboxing’ the New NIST Guidance: NIST Publishes Significant Update to Healthcare Cybersecurity Guide

By Adam Cohen, Kimberly Gordy and Aleksandra Vold on August 5, 2022 Posted in Healthcare

Without question, healthcare providers and the companies that support them operate in an elevated cybersecurity risk environment. And when a cybersecurity incident occurs, the ensuing regulatory inquiries and/or litigation often focus on whether the entity followed recognized security practices. The National Institute of Standards and Technology (NIST) Cybersecurity Framework has long been one of the … Continue Reading

The Room Where It Happens: The Autonomy of the Hospital Ethics Committees Post-Dobbs

By Kimberly Gordy on July 14, 2022 Posted in Healthcare

Since the issuance of the Dobbs decision, there’s been significant discussion by lawyers, philosophers, healthcare providers and political leaders. The ruling has created uncertainty and confusion for those working in the healthcare space, and as lawyers, we are now being asked to advise our clients on myriad issues ranging from criminal culpability to the tax … Continue Reading

Office for Civil Rights Provides Guidance: HIPAA Privacy Rule on Disclosures of Information Relating to Reproductive Healthcare

By Aleksandra Vold on July 1, 2022 Posted in Data Privacy, Healthcare, HIPAA/HITECH

On June 29, in response to the U.S. Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization, the U.S. Department of Health & Human Services Office for Civil Rights (HHS OCR) issued guidance on when entities covered by the Health Insurance Portability and Accountability Act (HIPAA) are permitted to share protected health information (PHI) … Continue Reading

Dobbs Triggers Significant Healthcare and Privacy Law Concerns and Confusion

By Aleksandra Vold and Amy Fouts on July 1, 2022 Posted in Data Privacy, Healthcare, HIPAA/HITECH

To help guide entities through the significant confusion and changes that will be evolving for the next several years, BakerHostetler has assembled the Dobbs Decision Task Force (DDTF), led by attorneys in five major areas (healthcare/health tech, privacy, labor and employment, employee benefits, and white collar). Like many others, healthcare entities are facing immediate uncertainty … Continue Reading

OCR Announces Four Enforcement Actions

By Aleksandra Vold and Courtney Litchfield on April 20, 2022 Posted in Healthcare

On March 28, 2022, Health and Human Services, Office for Civil Rights (OCR) announced the resolution of four enforcement actions, three resolved in 2021 and one resolved in 2022. There are some interesting aspects of this group of covered entities. Three of the actions pertained to dental practices. One of those dental practices took the … Continue Reading

New Director of HHS Office for Civil Rights Announced: What could Lisa J. Pino’s appointment mean for future HIPAA enforcement?

By Sara Goldstein on September 28, 2021 Posted in Cybersecurity, Enforcement, Healthcare, HHS, HIPAA/HITECH

More than eight months into the Biden administration, the U.S. Department of Health & Human Services (HHS) announced the appointment of Lisa J. Pino as the new director of the Office for Civil Rights (OCR) on Sept. 27, 2021. As the new director of the OCR, Pino will be responsible for enforcing the Health Insurance … Continue Reading

Ransomware, COVID-19 and Regulations: Healthcare Entities Confront a Triple Threat

By Eric A. Packel, Vimala Devassy and Courtney Litchfield on July 1, 2021 Posted in Healthcare

Given what the healthcare industry faced in 2020, the seventh edition of our Data Security Incident Response (DSIR) Report, “Disruption and Transformation,” is aptly titled. As if fighting the COVID-19 pandemic weren’t enough for the industry to tackle, it also faced a surge of ransomware attacks, evolving legal/regulatory considerations, and novel and complex issues presented … Continue Reading

Compliance and Cybersecurity Best Practices Rewarded with HIPAA Safe Harbor

By Vimala Devassy, Sara Goldstein and Kyle Gregory on January 13, 2021 Posted in Healthcare, HIPAA/HITECH

On January 5, 2021, H.R. 7898 was signed into law with little fanfare, thereby amending the Health Information Technology for Economic and Clinical Health Act.[1] As the healthcare industry continues to serve as one of the top targets for cybersecurity threat actors, the amendment creates a “HIPAA safe harbor” that should hopefully provide some much-needed relief to those … Continue Reading

CISA Updates Advisory on Large-Scale Impending and Credible Ransomware Threat to Healthcare to Include Additional IOCs

By Aleksandra Vold and Sara Goldstein on October 30, 2020 Posted in Healthcare, HHS

On Oct. 28, a joint cybersecurity advisory was published by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Department of Health & Human Services. The advisory warned of an imminent cybercrime threat to U.S. hospitals and healthcare providers – specifically that a large-scale ransomware attack may be on the very near horizon. BakerHostetler’s coverage … Continue Reading

ONC Announces Delay of Information Blocking Provisions

By Vimala Devassy on October 29, 2020 Posted in Healthcare, HHS

The Department of Health and Human Services’ (HHS)’ Office of the National Coordinator (ONC) published an interim final rule today delaying several key compliance deadlines in the ONC 21st Century Cures Act final rule – including that of the information blocking provisions, which were slated to become effective on November 2, 2020 – until April 5, … Continue Reading

Warning of Cybersecurity Threat to Healthcare Sector – Imminent Threat of Ransomware

By Eric A. Packel on October 29, 2020 Posted in Healthcare

BakerHostetler is closely monitoring a Cybersecurity Advisory issued jointly by several government agencies including the United States Department of Health and Human Services (HHS) and the FBI, on October 28. The Advisory warns of an imminent cybercrime threat to U.S. hospitals and healthcare providers with the purpose of infecting systems with Ryuk ransomware for financial … Continue Reading

CARES Act Significantly Revises Part 2 Rules to Better Align with HIPAA

By Kyle Gregory and Vimala Devassy on April 2, 2020 Posted in Healthcare, HIPAA/HITECH

On March 27, 2020, President Trump signed the Coronavirus Aid, Relief, and Economic Security Act (the “CARES Act”) into law. While the focus of the CARES Act has been on direct financial aid to Americans, the Act also contains a number of material revisions to the Federal privacy provisions that govern the confidentiality of substance-use … Continue Reading

CCPA Class Actions: Can They Include a Blast From the Past?

By Casie Collignon on March 13, 2020 Posted in CCPA, Healthcare

Our Digital Assets and Data Management teams have been tracking all aspects of the CCPA, so when Fuentes v. Sunshine Behavioral Health Group, LLC (Case No. 8:20-cv-00487, Central District of California) was filed on March 10, 2020, alleging a direct claim for violation of the CCPA, we were interested to see how CCPA allegations are … Continue Reading

Powerful Protection: The Healthcare Privacy and Compliance Team

By Lynn Sessions on February 13, 2020 Posted in Healthcare

The following story is one in a six-part series devoted to the pioneering teams that comprise the firm’s new Digital Asset and Data Management Practice Group. A prime example of BakerHostetler’s preeminence in the legal industry is on display in its latest Practice Group, Digital Asset and Data Management (DADM), which offers holistic, enterprise-wide risk … Continue Reading