The Information Sharing and Analysis Organization-Standards Organization (ISAO-SO) was set up under the aegis of the Department of Homeland Security pursuant to a Presidential Executive Order intended to foster threat vector sharing among private entities and with the government. ISAOs are proliferating in many critical infrastructure fields, including health care, where cybersecurity and data privacy

On January 9, 2015, New Jersey Governor Chris Christie signed new legislation that will require health insurance carriers authorized to issue health benefits plans in the state—including insurance companies, health service corporations, hospital service corporations, medical service corporations, and health maintenance organizations—to encrypt personal information. Triggered by a series of data breaches involving the health

On September 23 and 24, 2014, the National Institute of Standards and Technology (“NIST”) and the Department of Health and Human Services Office of Civil Rights (“HHS OCR”) hosted their annual HIPAA conference “Safeguarding Health Information: Building Assurance through HIPAA security.”

OCR officials and key industry leaders engaged in dialogue regarding developments

The increasing prevalence of mobile technology in the healthcare sector continues to create compliance concerns for physician practices and other health care entities.  While the Office of Civil Rights (OCR) of the Department of Health and Human Services, has traditionally focused on technology breaches within larger health systems, smaller physician practices and health

On May 20, 2014, the Secretary of the Department of Health and Human Services (HHS) submitted the agency’s Annual Report to Congress on Breaches of Unsecured Protected Health Information for Calendar Years 2011 and 2012 (“Breach Report”). This report provides valuable insight for healthcare entities regarding their data security and enforcement priorities.

Section 13402(i) of

By Brandon Ge and Alaap Shah

The Department of Health and Human Services (“HHS”) is taking laudable steps to improve notices of privacy practices (“NPPs”) and make them more clear, understandable, and user-friendly. Under the HIPAA Privacy Rule, individuals are entitled to a receive an NPP informing them of how their health information may be

By Marshall Jackson and Alaap Shah

If you have tuned into the news over the last few months, you are likely aware that several major corporations—including one of the nation’s largest retail chains—have suffered data breaches. These breaches have affected hundreds of millions of consumers, and in some cases exposed sensitive financial data such

   By:  Alaap Shah and Ali Lakhani

Why is data breach such a rampant problem within the health care industry?

As health care rapidly digitizes through adoption of electronic health records, mobile applications and the like, the risk of data breach is rising exponentially.  To effectively manage this risk, health care companies and their business associates

By: Alaap Shah and Marshall Jackson

Data is going digital, devices are going mobile, and technology is revolutionizing how care is delivered.  It seems to be business as usual, as your health care organization continues to digitize its operations.  You have even taken measures to help guard against the “typical” risks such as lost laptops,

By:  Alaap Shah and Ali Lakhani

The Good: 

“Hey Doc, just shoot me a text . . .”

The business case supporting text messaging in a health care environment is compelling – it is mobile, fast, direct, and increases dialogue between physicians and patients as well as streamlines the often inefficient page/callback paradigm that