- DEA will not reschedule marijuana unless the FDA determines the drug has a medical use.
- DEA’s new research policy will hopefully facilitate future necessary medical research.
* The following alert was originally published in Health Law360. To read it on the Health Law360 website, click here.
The Federal Trade Commission asserted its data security authority in two recent back-to-back enforcement actions, only a day apart from each other.
Today, the US Department of Health & Human Services’ Office for Civil Rights (OCR) announced that Advocate Health Care Network (Illinois’ largest healthcare system) will pay a record $5.5 million settlement for violating HIPAA. The violations include failure to properly assess risks and limit access to electronic PHI (for example, an unencrypted laptop was left in an employee’s unlocked vehicle overnight); failure to have in place business associate agreements; and three data breaches, compromising the records of four million patients. With this record settlement (and other recent settlements setting previous record highs), OCR hopes to send covered entities a strong message that they must conduct comprehensive risk analyses and risk management to keep electronic PHI secure.
On June 24, 2016, the non-profit Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule with the U.S. Department of Health and Human Services (HHS). This is HHS’ first resolution agreement and monetary penalty against a business associate (BA) under HIPAA.
Ransomware is old news – it has been around at least since 1989 – but it has only now started to attract widespread attention. Ransomware is a type of malicious software (or malware, for short) that blocks access to the infected device, to some or all of the information stored in the device, or even worse, to files in the device’s network. To unlock either the device or the data, the responsible cybercriminals require the victim to pay a ransom. Ransomware is typically enabled when a victim clicks on malicious links in an email or online.
*This article was originally published by The Journal of Health Care Compliance.
Strong cybersecurity is no longer an option for health care institutions. A medical chart is identity theft on a platter. Criminals pay more for personal health information than for credit card numbers. Unauthorized access to electronic health records surpassed hacking as the chief cybersecurity risk in 2016. Third-party information technology (IT) systems used by heath care providers and other institutions (referred to for convenience as “hospitals” in this article) are a key avenue of unauthorized access and pose a significant risk as hospitals upgrade IT systems either alone or as part of a merger into larger health care systems. This article address how health care IT puts the security in health care cybersecurity.
Seven Critical Cybersecurity Roles Played by IT
On Monday, July 11, 2016, the Office for Civil Rights (OCR) released a fact sheet with guidance for covered entities and business associates on HIPAA and ransomware.
ABOUT ARENT FOX LLP
Arent Fox LLP, founded in 1942, is internationally recognized in core practice areas where business and government intersect. With more than 350 lawyers, the firm provides strategic legal counsel and multidisciplinary solutions to clients that range from Fortune 500 corporations to trade associations. The firm has offices in Los Angeles, New York, San Francisco, and Washington, DC.