On February 8, 2024, the Centers for Medicare and Medicaid Services (CMS) issued a memorandum entitled Texting of Patient Information and Orders for Hospitals and CAHs (the 2024 Memo), which provides updated guidance to State Survey Agency Directors.
The deadline for notifying the Office of Civil Rights (OCR) of healthcare data breaches affecting fewer than 500 individuals is early this year. Reports of small data breaches may be submitted to OCR annually, usually on March 1st, but because 2024 is a leap year, the reports are due on or before Thursday, February 29th ...
HHS and AHA alert health care sector of software vulnerablity dubbed the "Citrix Bleed" that can be exploited by bad actors to cause damage, including ransomware.
On November 28, 2022, HHS released Proposed Rule to amend Part 2 regulation on confidentiality of substance use disorder (SUD) patient records in federally assisted Part 2 Programs. The Proposed Rule would align Part 2 with HIPAA's requirements for consent, disclosure, de-identification, unsecured PHI, data breach notification, and other ...
The FTC recently took enforcement action against an online e-commerce company and its CEO for failing to implement data security policies and procedures to protect the personal information of consumers. The FTC alleged that the company’s inadequate security measures and its website Privacy Policy regarding such measures constituted unfair ...
Best practices in IT data security include the use of multi-factor authentication (MFA) but cyber threat actors are evading the data security that MFA is intended to provide. To combat this, CISA recently issued guidance and fact sheets urging the migration to phishing-resistant MFAs such as FIDO/WebAuthn and PKI-based MFA. If this is not feasible ...
CISA issues Shields Up cyber alert for every U.S. organization due to Russian government's use of cyber attacks as a pressure strategy on other governments.
CISA issues statement on critical vulnerability in products that contain log4j software library. Bad actors are exploiting the vulnerability to steal information, launch ransomware, or conduct other malicious activity. Ten major tech vendors issue statements that one or more of their products are affected by the log4j vulnerability ...
KRONOS payroll support services notifies customers of ransonware attack. A ransomware attack that compromises employee personal information could trigger data breach notification for employers under state breach notification laws.
By: Margaret Young Levi
On September 15, 2021, the Federal Trade Commission (FTC) issued a Policy Statement cautioning that health apps and connected devices that collect or use consumers’ health information must comply with the Health Breach Notification Rule and notify consumers when their health data is breached.