A joint Alert from the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre (NCSC) warns of new cyber attacks targeting COVID-19-related information.

Notably, these attacks succeed when system users have weak or common passwords.  NCSC published frequently found passwords here, many of which are

The New York Attorney General has issued a warning to healthcare providers, hospitals, and other organizations within the health supply chain that cyber criminals are using targeted COVID-19 phishing emails and texts to gain access to sensitive information.  Multiple reports indicate that scammers are sending emails and texts to get a recipient to click on

The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a warning that it has received reports that someone has been impersonating an OCR inspector in an effort to access HIPAA Protected Health Information (PHI).

According to the agency: “The individual identifies themselves on the telephone as an OCR investigator, but

On March 20, 2020, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) published Guidance and a list of FAQs related to the provision of telehealth and HIPAA compliance.

“OCR will exercise enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered

By Margaret J. Davino, Salvatore J. Russo and Nawa A. Lodin

In the Medicare Telemedicine Healthcare Provider Fact Sheet published March 17, 2020, the Centers for Medicare & Medicaid Services (CMS) broadened access to Medicare telehealth services to allow Medicare patients to receive more services from their doctors without travel to a health care

Effective March 15, 2020, certain hospitals that fail to comply with specific HIPAA Privacy Rule requirements will not be subject to HIPAA sanctions and penalties, according to a “COVID-19 & HIPAA Bulletin” issued by U.S. Health and Human Services Secretary Alex M. Azar. The waiver was implemented as a response to President Trump’s

Fox Rothschild partner Bill Maruca’s article, “Protecting Privacy During an Infectious Disease Panic”, is (unfortunately) as relevant today as it was when it was posted here more than 5 years ago. Swap Ebola for COVID-19, and the article provides useful guidance for covered entities and business associates subject to HIPAA and to employers, family and

Fellow Fox Rothschild LLP Partner (and former hospital system General Counsel) Salvatore J.  Russo generously contributed this post.

Some twenty-three years ago, the first well-publicized incident of the re-identification of de-identified personal health data was brought to the attention of the American public. It involved the then governor of Massachusetts, William Weld.   Dr. Latanya Sweeney