
Practice administrators seeking federal grants or contracts must look beyond HIPAA, completing SAM registration and adopting FAR 52.204‑21’s 15 essential cybersecurity controls to safeguard PHI, PII, FCI and CUI.

Rachel V. Rose, JD, MBA, advises clients on compliance, transactions, government administrative actions, and litigation involving healthcare, cybersecurity, corporate and securities law, as well as False Claims Act and Dodd-Frank whistleblower cases. She also teaches bioethics at Baylor College of Medicine in Houston. Rachel can be reached through her website, www.rvrose.com.

Practice administrators seeking federal grants or contracts must look beyond HIPAA, completing SAM registration and adopting FAR 52.204‑21’s 15 essential cybersecurity controls to safeguard PHI, PII, FCI and CUI.

Two class-action lawsuits targeting the University of Maryland Medical Center and the University of Kansas Health System for years-long cyberstalking and unauthorized access to protected health information spotlight massive HIPAA risk-analysis failures and underscore the urgent need for stronger health care cybersecurity safeguards.

As biometric technologies expand in health care and consumer surveillance, regulators are cracking down on companies that misuse sensitive data — with HIPAA, FTC orders and billion-dollar state settlements setting the tone.

Think HIPAA is the only law that matters for patient data privacy? Think again —mapping the complex legal web every physician and practice manager must understand to truly stay compliant.

Don't make the same mistakes as this practice.

Medicaid is on the chopping block, but that doesn't mean the end of indigent care.

Recent legislative and regulatory actions tied to generative artificial intelligence.

The long anticipated HIPAA Security Rule Notice of Proposed Rule Making strives to strengthen electronic protected health information cybersecurity.

“Cybersecurity is patient safety” and the continued downstream implications for the use of PHI for other unlawful purposes including insurance fraud and predatory practices targeted at minors are significant.

Gratitude, if it is genuine, can organically lead to greater reimbursement.

An effective compliance program can and does mitigate liability, so it's important to stay abreast of regulatory changes.

These core principles should be adopted into any covered entity or business associates’ policies and procedures.

Given that the health care sector tops the FBI's list as the top target of ransomware, it is not a surprise that the Senate has a bill on the table to increase minimum cybersecurity standards.

Notable regulatory items to consider as Breast Cancer Awareness Month approaches.

A federal judge recently ruled that a proprietary AI system illegally denied Medicaid and other benefits to low-income residents and people with disabilities.

Physicians and practices alike should have safeguards in place to prevent situations like this from happening.

Each practice should learn from the result of this HIPAA case.

What health care can learn from recent DOJ actions.

The physical and mental deterioration of a loved one coupled with the discussion of death are not pleasant topics to discuss.

Allowing employees to use their own devices at work could raise privacy concerns.

Don't let the summer fun get in the way of protecting patient privacy.

In-house counsel and compliance staff should learn from this case and adapt training accordingly.

Don't run afoul of these new privacy and civil rights rules.

Avoid running afoul of the False Claims Act.

Changes in practice ownership can impact Medicare enrollment.

The peculiarities of healthcare makes private equity investments a fraught proposition.

The new rule aligns more closely with HIPAA.

Also the US Department of Health and Human Services is emphasizing cybersecurity.

Neglecting insider threats can be equally as costly as ransomware and other cyberattacks.

Cybersecurity is important for patient piece of mind, but it's also required by law.