Administration for Strategic Preparation and Response Releases Updated Cybersecurity Framework Implementation Guide

  April 7, 2023 | By Rachel Rose, JD, MBA Overview Whenever I present, which is often, I often receive follow-up questions from participants regarding resources to utilize when creating, reviewing, and/or supplementing a compliance program, including relevant policies and procedures. One resource which should be utilized is the Health Care and Public Health Sector…

HIPAA Considerations When Business Associates and Data are International.

  December 9, 2022 | By Rachel Rose, JD, MBA Overview Although it is said that “business is global”, there are some nuances to this blanket statement to consider when creating, receiving, maintaining, or transmitting electronic protected health information or electronic health information (herein the blanket term “PHI” is used) internationally.[i] Before delving into items…

Tips for Addressing HHS-OIG’s Discovery of Medicare’s Lack of Cybersecurity Oversight for Networked Devices in Hospitals

  July 23, 2021 | By Rachel Rose, JD, MBA In June 2021, the U.S. Department of Health and Human Services Office of the Inspector General (HHS-OIG) issued Issue Brief, OEI-01-20-00220 (hereinafter “Issue Brief”), which highlighted the results of its review of cybersecurity for networked medical devices in hospitals. The impetus behind the review was…

Biometrics – the New Battleground in Privacy and Security

March 23, 2020 | By Rachel Rose, JD, MBA According to the National Institute for Standards and Technology (“NIST”), biometrics is defined as, “[a]utomated recognition of individuals based on their behavioral and biological characteristics [e.g., fingerprints, facial recognition and retinal scans]. In this document, biometrics may be used to unlock authentication tokens and prevent repudiation…

Compliance Tidbit: How Covered Providers May Contact Patients with COVID About Population-Based Activities

  August 7, 2020 | By By Rachel Rose, JD, MBA The Health Information Portability and Accountability Act, Pub. L. 104-191 (Aug. 1996) (“HIPAA”) is often times misapplied. Take the COVID-19 pandemic for example. Despite the U.S. Department of Health and Human Services (“HHS”) and the Office for Civil Rights (“OCR”) reiterating the exceptions present…