FTC Health Breach Notification Rule: Expanding Scope and Enforcement

by Julie Catron | Jan 15, 2022 | Podcast

In August 2009, the Federal Trade Commission (FTC) issued the Health Breach Notification Rule (Breach Rule), which requires vendors of personal health records and related entities to provide notice to consumers following a breach. After over a decade without any...

HIPAA Security Rule Compliance: A Discussion with Former OCR Director Roger Severino

by Julie Catron | Jan 8, 2022 | Podcast

In statements throughout his tenure as Director of HHS’ Office for Civil Rights from 2017-2021, Roger Severino was repeatedly critical of organizations for not performing a risk analysis or taking action to mitigate identified risks, as required by the HIPAA...

How to Make System Activity Reviews an Effective Part of Your Security Program

by admin | Dec 29, 2021 | Blog, White Papers

Introduction As a covered entity or business associate, the Health Insurance Portability and Accountability Act (HIPAA) requires your organization establish procedures and controls to secure electronic protected health information (ePHI). HIPAA’s Security Rule...

Ransomware: The Need for a Business Impact Analysis

by admin | Dec 29, 2021 | White Papers

Tools for Ensuring Appropriate Access to PHI: OCR’s Access Initiative, Enforcement Actions, and Other Considerations

by Julie Catron | Nov 8, 2021 | Podcast

Wes Morris, Managing Principal Consultant, Clearwater, speaks with Joy Easterwood, Johnson Pope Bokor Ruppel & Burns LLP, about the Office for Civil Rights (OCR)’s recently announced eighteenth settlement of an enforcement action in its HIPAA Right of Access...