Skip to main content
Keeping you afloat amidst the rising sea of regulations

The Internal Threat: Cyber Security and Medical Devices

A recent blog post in the IEEE Spectrum, “Hackers Invade Hospital Networks Through Insecure Medical Equipment,” focused attention on something known for a while: medical devices can open a door to hospital networks, wreaking all sorts of havoc.

Hospitalized Medical Staff Members: Reconciling Peer Review and HIPAA

Last week, Health Care partner Lowell C. Brown and associate Jade M. Kelly published an article in Bloomberg BNA’s Health Law Report that examines what hospital and medical staff leaders should do when a staff member is hospitalized with signs of impairment.

eHealth – FTC Study Weighs in on Privacy and Security Concerns with its ‘Internet of Things’ Report

One of the more exciting and innovating changes to health care lies in the development of devices that expand the ability of patients to better manage their health and communicate with care providers who can monitor and potentially diagnose and treat patients remotely with the aide of special devices. Those devices which allow automated communications between machines are considered part of the Internet of Things (IoT), which was the subject of a report just released by the Federal Trade Commission (FTC).

Webinar on the Importance of Protecting Your Health Care Organization Against a Cybercrime Attack!

Health care organizations are increasingly under attack from cybercriminals seeking to gain access to confidential data and to Internet connected medical devices. Health care cybercrime is a reality. Are you prepared?

Privacy Breaches: Not Just About Health Information

Our colleagues who represent retailers, technology, and media companies recently wrote that high profile data breaches have resulted in legislative and commercial industry initiatives to better protect consumers’ financial information from data theft.We want to note that those in the health care industry need to pay attention to these developments as well. To read our colleagues’ article, click here.

No Harm, No Foul: California Court Denies Class Action Bid Seeking $4 Billion from Provider

On July 22, 2014, the California Court of Appeal, Third Appellate District, found that patients whose confidential health information had been stolen could not sustain a class action absent an allegation that the information was actually viewed by unauthorized third parties.

New York-Presbyterian and Columbia Hospitals to Pay Record HIPAA Settlement

On May 7, 2014, the US Department of Health and Human Services Office of Civil Rights (OCR) announced settlements with two New York-based hospitals totaling $4.8 million for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules. The settlements related to the hospitals’ failure to secure the electronic protected health information (ePHI) of thousands of patients held on their networks and are the latest example of OCR’s increased enforcement action.

Tales from the Unencrypted: DHHS Steps Up Enforcement of Unsecured Electronic Devices

On April 22, 2014, the US Department of Health and Human Services Office of Civil Rights (OCR) announced settlements of close to $2 million with two health care entities for violations of the Privacy and Security Rules promulgated under the Heath Insurance Portability and Accountability Act (collectively HIPAA) related to the theft of unencrypted laptops.