Cybersecurity

Rivkin Radler’s Frank Izzo and Jeff Ehrhardt authored an article in the Spring 2024 issue of USLAW magazine, “New York Joins List of States Prohibiting Geofencing Near Healthcare Facilities.” The article discussed geofencing laws, enacted partly in response to the Supreme Court Dobbs decision, in depth by state.

Sign up to receive Rivkin Rounds at 

On February 6, the U.S. Department of Health and Human Services (HHS) announced a $4.75 million settlement with Montefiore Medical Center (MMC) for a breach of unsecured electronic protected health information (ePHI). The settlement stems from an internal investigation that found that an employee of the New York hospital system sold patient information to an

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently released two resource documents to help healthcare providers explain the privacy and security risks of telehealth to their patients.

The first document, entitled “Educating Patients about Privacy and Security Risks to Protected Health Information when Using Remote Communication Technologies

New York State and Connecticut have recently enacted laws that prohibit “geofencing” near health care facilities. The New York State law took effect on July 2, 2023, and Connecticut’s on October 1, 2023. These geofencing laws, enacted partly in response to the Supreme Court Dobbs decision (to prevent advertisers from targeting people receiving reproductive services)

The Federal Trade Commission (FTC) recently issued guidance entitled “Collecting, Using, or Sharing Consumer Health Information? Look to HIPAA, the FTC Act, and the Health Breach Notification Rule.” The guidance points out that while businesses that collect, use, or share consumer health information are (or should be) accustomed to complying with HIPAA and its Privacy

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on February 2 that Banner Health, a not-for-profit hospital system based in Arizona, has paid $1.25 million in order to settle alleged HIPAA violations in connection with a cyber attack.

The incident occurred in 2016 when a hacker gained access to

On December 1, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) issued a Bulletin entitled ”Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates“ that addresses the responsibilities of HIPAA covered entities and business associates (“regulated entities”) when using online tracking technologies. Regulated entities need

Dental Care Alliance, LLC (DCA) agreed to settle a class action lawsuit that arose out of a 2020 cyberattack. A hearing to approve the $3 million settlement was held on September 1.

DCA, based in Sarasota, Fla., is a dental services organization that provides practice support to over 390 affiliated dental practices across the U.S.

In the next installment of Rivkin Radler’s Healthcare Compliance Lunch & Learn series, Ashley Algazi will discuss requirements and tips for success in conducting HIPAA breach assessments and making required disclosures. The program will:

• Review HIPAA breach definition
• Discuss the analysis and investigation process to determine whether a breach has occurred
• Review

Oklahoma State University’s Center for Health Services recently paid $875,000 to settle potential HIPAA violations after a cyberattack resulted in the unauthorized access of its patients’ protected health information. A hacker installed malware on the Center’s web server which contained electronic protected health information. More than 275,000 individuals were affected by the breach, which resulted