The Office for Civil Rights (OCR) has announced its fourth cybersecurity investigation and settlement, noting a 264% increase in significant ransomware breaches since 2018. A recent settlement with a medium-sized healthcare provider involved a $250,000 payment and commitments to enhance the security of Protected Health Information (PHI). This investigation and settlement underscore the critical need
Healthcare
What U.S. Healthcare Providers Trying to Leverage AI Can Learn from Australia Privacy Regulator’s Investigation into I-MED Radiology Network
Leveraging AI in healthcare requires vast amounts of data, but navigating privacy and data security laws is crucial. A recent investigation into Australia’s I-MED Radiology Network highlights concerns about using medical data for AI. This case offers valuable insights for U.S. providers, especially regarding compliance with HIPAA and other regulations. Read more.
Louisiana Limits Non-Compete Agreements for Physicians
Following the national trend toward prohibiting or limiting non-compete agreements, Louisiana Senate Bill 165 limits the length and geographical scope of non-compete agreements for both specialty and primary care physicians. The law goes into effect on Jan. 1, 2025. Under Senate Bill 165, non-compete agreements for physicians must expire three years or five years from…
Pennsylvania Bans Most Non-Compete Agreements for Healthcare Practitioners
Pennsylvania Governor Josh Shapiro has signed the “Fair Contracting for Health Care Practitioners Act” (House Bill 1633), which restricts the ability of employers and healthcare practitioners to enter into non-compete agreements. The Act goes into effect on Jan. 1, 2025. The Act represents a significant shift in the employment landscape for healthcare practitioners in Pennsylvania…
Rhode Island Prohibits Use of Non-Competition Agreements With Nurses; Governor Vetoes Broader Ban
Rhode Island Governor Dan McKee signed a new law (R.I. Gen. Laws § 5-34-50) that prohibits the enforcement of non-competition agreements with advanced practice registered nurses (APRNs) in the state on June 17, 2024. Surprisingly, only three days after the APRN prohibition was enacted, the Rhode Island legislature sent a proposed bill containing a full…
District Court Strikes Portions of Inglewood’s Healthcare Worker Minimum Wage Ordinance
In 2022, the City of Inglewood passed a healthcare worker minimum wage ordinance. The new $25.00 minimum wage applies to private-sector healthcare employees who work in hospitals, integrated health systems, and dialysis clinics in Inglewood. The new minimum wage applied to clinicians, nurses, certified nursing assistants, aides, technicians, maintenance workers, janitorial or housekeeping staff…
Nuanced Privacy Laws Means Healthcare Organizations Should Prioritize Protecting Personal Information
The healthcare industry is among the most highly regulated industries when it comes to privacy protections. In addition to the federal Health Insurance Portability and Accountability Act (HIPAA), healthcare providers also must comply with a growing number of state laws governing data privacy and security. Fully complying with this patchwork of privacy protections is a…
New HIPAA Final Rule Imposes Added Protections for Reproductive Health Care Privacy
On April 22, 2024, the federal Department of Health and Human Services’ Office for Civil Rights (OCR) announced a final rule enhancing privacy protections relating to reproductive health care. Specifically, the final rule amends the Privacy Rule under the Health Insurance Portability and Accountability Act (HIPAA) to, among other things, establish new limits on the…
AI, Phishing Attacks, Healthcare, and a $480,000 OCR Settlement under HIPAA
Phishing has long been a favorite tactic for threat actors (hackers) to commence a cyberattack. The rapid expansion of more adaptable and available artificial intelligence (AI) technologies, such as natural language processing and large language models, now fuels more ferocious phishing campaigns. The effects are being felt in many industries, perhaps most notably the healthcare…
Sanction Policies Can Help Drive Cybersecurity and HIPAA Compliance, OCR Says
Many HIPAA covered entities and business associates struggle with developing and implementing a sanctions policy. What should it say, is zero-tolerance required, do we have to impose discipline in every case, etc. These are examples of frequent and thorny questions that arise in connection with the development and implementation of these policies. But they are…