The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced an $800,000 settlement with BayCare Health System for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The Wednesday settlement ends an OCR investigation into whether unauthorized access to an individual's electronic protected health information (ePHI) occurred at the Florida provider.
Three organizations called on contractors involved in the Supplemental Nutritional Assistance Program (SNAP) to reject a request from the Department of Agriculture (USDA) for access to personally identifiable information (PII) of SNAP recipients. A Monday letter from Protect Democracy, the Center for Democracy and Technology and the Electronic Privacy Information Center (EPIC) said the USDA's demand for data ignores the Federal Privacy Act, the Paperwork Reduction Act and several USDA regulations. EPIC released the letter Wednesday.
Tech companies are able to degrade product privacy protections without repercussions when "excessive regulation" insulates them from competition, the FTC said in a joint letter with DOJ on Monday.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a $600,000 settlement with California health care network PIH Health, Inc. (PIH) Wednesday over a phishing attack that allegedly exposed electronic protected health information (ePHI) of almost 200,000 individuals.
Medical device companies with ties to China should prioritize compliance with DOJ’s new Data Security Program, attorneys at Hogan Lovells said Tuesday (see 2504140047).
DOJ’s data transfer rule might require a “deeper analysis on vendors and third parties” than expected, attorneys at Baker McKenzie said Monday in an opinion piece for the IAPP.
Expect updated compliance guidance throughout the year from DOJ on its data transfer rule, Paul Hastings attorneys said Thursday.
Comments are due June 13 on a draft update to the National Institute of Standards and Technology’s privacy framework, the agency said Monday.
Expect an independent third-party assessment of a cyber incident, the Office of the Comptroller of the Currency officially announced this week.
Life sciences companies should assess whether DOJ’s data transfer rule applies to their data-handling activity, attorneys at Cooley said in a post Thursday (see 2504020022).