A New York public accounting firm settled with the Department of Health and Human Services for $175,000 over claims it violated the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, the Office for Civil Rights announced Monday following a ransomware attack investigation.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently added a new FAQ explaining permitted disclosures of protected health information (PHI) to value-based care arrangements. OCR also updated older guidance regarding the types of personal health information that individuals can request access to.
It’s important for organizations to “actively stay up to date” on DOJ’s sensitive data rule even though enforcement began on July 9, blogged Constangy Brooks lawyers on Thursday.
Identity risk management is a “team sport,” blogged the National Institute of Standards and Technology as it published a fourth revision of NIST digital identity guidelines on Friday. The 2025 revision is meant to “respond to the changing digital landscape that has emerged since the last major revision … in 2017,” NIST wrote.
Comments are due Sept. 12 on the National Institute of Standards and Technology’s draft guidelines for developing secure software and testing for vulnerabilities, the agency said Wednesday.
The Trump administration has attempted to “dramatically expand” federal access to sensitive data traditionally held by state agencies, a group of consumer advocates said Monday in a privacy-related report.
The U.S. Department of Agriculture (USDA) has tried to justify collecting personal data of millions of Supplemental Nutrition Assistance Program (SNAP) recipients, but its efforts have fallen short, the Electronic Privacy Information Center (EPIC) said in comments submitted Wednesday to the department.
The Department of Health & Human Services “betrayed the trust of almost 80 million people” by agreeing to share healthcare data from Medicaid participants with Immigration and Customs Enforcement, the Center for Democracy & Technology said in a statement Thursday.
Organizations should be aware of how broadly DOJ defines “personal health data” in its data transfer rule, attorneys at Bodman said in a Thursday post.
A mental health provider will pay $225,000 over claims it violated health privacy law by publicly sharing users’ sensitive information online, the Health and Human Services Office of Civil Rights announced Monday.