It Pays to be Ready: HIPAA Phase II Audits Underway Now
Written by: Patrick Powell, Esq. On March 21, 2016, the HHS Office for Civil Rights (“OCR”) officially launched Phase 2 of the HIPAA Audit Program. Covered Entities and Business Associates need to be prepared for these audits and be on th
If This Does Not Convince You Of The Importance Of HIPAA Compliance, Nothing Will
By: Richard Sheinis, Esq. Two medical providers recently paid large settlements to the Department of Health and Human Services’ Office for Civil Rights because of HIPAA violations. Both involved thefts of laptops, an issue I see with some reg
New Bill To Strengthen Georgia’s Data Breach Notification Law Introduced In State Senate
Written by: Richard Sheinis, Esq. On January 20, 2016, the “Georgia Personal Data Security Act” was introduced in the State Senate. The current Georgia breach notification law is one of the weakest in the country. It only applies to “info
FDA Issues Draft Guidance for Postmarket Management of Cybersecurity in Medical Devices
Written by: Richard Sheinis, Esq. The FDA has issued this draft guidance to add to its other guidance documents on cybersecurity and medical devices, “Cybersecurity for Networked Medical Devices Containing Off-the-Shelf (OTS) Software”, a
HHS Clarifies Patients’ Right To Health Data
Written by: Patrick Powell, Esq. Under HIPAA, patients have the right to access and obtain a copy of their health information from physicians, hospitals, and insurers. However, recent reports have concluded individuals often face barriers to
Employee Theft Gives A Lesson In Data Security
Written by: Richard Sheinis, Esq. The Georgia Court of Appeals just issued an opinion in a case that provides a good lesson on the importance of protecting data against employee theft. In Lyman v. Cellchem Int’l, LLC,1 two former employees o
Preview of the New EU General Data Protection Regulation
Written by: Richard Sheinis, Esq. Last week I posted a short blog to let everyone know that a consolidated text of the new EU General Data Protection Regulation (“GDPR”) was released by the European Parliament, and the Council of the Europe
EU Provides A Look Into The New General Data Protection Regulation
Written by: Richard Sheinis,Esq. The European Parliament and Council have issued a consolidated text of the new General Data Protection Regulation (“GDPR”). I will be reviewing the text and will provide a complete analysis in the coming d
Warning of Another Medical Device Vulnerable to Hacking
Written by: Richard Sheinis, Esq. In a precursor of things to come, earlier this month the CERT Division of the Software Engineering institute based at Carnegie Melon University has warned that the Epiphany Cardio Server is vulnerable to hackin
LabMD Defeats FTC
Written by: Richard Sheinis, Esq. In a surprising ruling, the FTC has taken a big hit to its self-appointed power to regulate the data security practices of every business in the country. On Friday, November 13, the FTC Chief Administrative Law