By Marshall Jackson and Alaap Shah

If you have tuned into the news over the last few months, you are likely aware that several major corporations—including one of the nation’s largest retail chains—have suffered data breaches. These breaches have affected hundreds of millions of consumers, and in some cases exposed sensitive financial data such

   By:  Alaap Shah and Ali Lakhani

Why is data breach such a rampant problem within the health care industry?

As health care rapidly digitizes through adoption of electronic health records, mobile applications and the like, the risk of data breach is rising exponentially.  To effectively manage this risk, health care companies and their business associates

By: Alaap Shah and Marshall Jackson

Data is going digital, devices are going mobile, and technology is revolutionizing how care is delivered.  It seems to be business as usual, as your health care organization continues to digitize its operations.  You have even taken measures to help guard against the “typical” risks such as lost laptops,

There are many reasons a healthcare entity dealing with protected health information (“PHI”) should conduct a risk analysis.  First and foremost, if conducted properly, a risk analysis should identify PHI-containing systems, assess vulnerabilities of those systems, evaluate and prioritize risks to those systems, and assist in developing mitigation strategies to safeguard the systems.  These on-going

On January 25, 2013, the Department of Health and Human Services (“HHS”) published in the Federal Register the highly anticipated Omnibus Rule, which strengthens and amends existing regulations in the HIPAA Privacy and Security Rules. The rule will significantly affect health technology companies, including telehealth companies, data centers, and personal health record vendors, with an

With a new era of active enforcement of the HIPAA privacy and security laws upon us, companies need to figure out early-on whether they are regulated under HIPAA, either as covered entities or business associates.  However, determining whether a company is subject to the HIPAA privacy and security requirements is not always straightforward, especially