Articles and Blogs

For years, companies in the United States have relied on a Safe Harbor to the EU Directives (the stringent privacy requirements imposed by the European Union) to qualify for the ability to transfer protected data between EU countries and the United States. Today, however, the European Court of Justice ruled that the agreement between... READ MORE

Health care data breaches are not new. The breach announced by health insurer Anthem on February 5, 2015 is notable mostly for its scope. According to Anthem’s statement, hackers utilized a very sophisticated cyber attack to gain access to the information of potentially 80 million current and former Anthem members. The information accessed included... READ MORE

This week, the Centers for Medicare & Medicaid Services (“CMS”) announced that it is extending the deadline for eligible hospitals and critical access hospitals (“CAHs”) to attest to meaningful use for the Medicare Electronic Health Record  Incentive Program for the 2014 reporting year from 11:59 PM EST on November 30, 2014 to 11:59 PM EST on December... READ MORE

On October 31, 2014, the U.S. Department of Health and Human Services Office of Inspector General (“OIG”) released the Work Plan for Fiscal Year 2015 (“Work Plan”). The Work Plan confirms OIG will continue to concentrate a great deal of their enforcement efforts on the security and vulnerabilities of protected health information (“PHI”) contained... READ MORE

Following recent news about the Heartbleed exploit, CloudFlare, a San Francisco-based security services company, challenged hackers to use Heartbleed to get private encryption keys that would unlock secure data. It reported multiple winners to its challenge. By obtaining the private key for an SSL/TLS certificate, an attacker could set up a fake website that passes... READ MORE

Health information technology solutions that are remotely hosted or cloud based are becoming more common.  In these scenarios, a health care provider  is allowing its data – often times including protected health information (“PHI”) – to flow through or be stored in the vendor’s data center.  If PHI is involved, the parties should determine... READ MORE

On February 1, 2013, the Federal Trade Commission (FTC) issued two publications recommending ways that key players in the mobile marketplace, such as operating system providers, application developers, advertising networks and analytics companies, can promote mobile privacy and security. READ MORE

In analyzing a claim under Article 4A (Electronic Funds Transfers) of the Uniform Commercial Code, the U.S. Court of Appeals for the First Circuit determined that a bank did not utilize commercially reasonable security procedures when it failed to monitor risk reports and decreased the dollar threshold which triggered use of challenge questions by... READ MORE

The public comment period regarding securing health information while using mobile devices ends on March 30, 2012. Information regarding ONC’s Mobile Device Roundtable discussion and a link to provide comments can be found here. Should you have any questions, please contact Alisa Kuehn at 317.977.1475 or akuehn@wp.hallrender.com.   READ MORE

The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced on Tuesday, March 13, 2012, that Blue Cross Blue Shield of Tennessee (“BCBST”) will pay $1,500,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  BCBST had previously notified HHS that 57 unencrypted hard drives containing protected health information, social... READ MORE