In recent years, health care organizations and the vendors that support them have been prime targets for cyber attacks. Indeed, just last year, the ransomware attack on the health care clearinghouse ...

On December 27, 2024, the Department of Health and Human Services (“HHS”) proposed substantial revisions to the 20-year-old HIPAA Security Rule. Comments on the proposal will be due within sixty days ...

The Department of Health and Human Services has finalized the most significant HIPAA Security Rule update since 2003, introducing mandatory encryption, multi-factor authentication, annual risk ...

In this week’s installment of our blog series on the U.S. Department of Health and Human Services’ (HHS) HIPAA Security Rule updates in its January 6 Notice of Proposed Rulemaking (NPRM), we discuss ...

An unmitigated revamp of healthcare cybersecurity is coming in 2025, and experts warn that the compliance burden for organizations will be steep. Since 2005, healthcare organizations have been subject ...

The 2026 HIPAA Security Rule updates will make encryption of all electronic protected health information (ePHI) at rest and in transit mandatory, ending the long-standing 'addressable' flexibility.

The HHS Office for Civil Rights proposed a rule on Jan. 6 to update the HIPAA Security Rule, potentially affecting health systems’ security policies and operations. A Feb. 3 blog post by Coronis ...

The Department of Health and Human Services and the Office for Civil Rights have announced they will be soliciting comments on a proposal to modify the Security Standards for the Protection of ...

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up for any (or all) of our 25+ Newsletters. Some states have laws and ethical rules regarding solicitation and ...

Editor’s note: Steven W. Teppler is a partner and chair of the Cybersecurity and Data Privacy practice group at Mandelbaum Barrett PC in Roseland, New Jersey. Carly ...