Breach Notification Rule

In response to the WannaCry ransomware attack that infiltrated the computer systems of health care systems and other entities worldwide on or around May 12, 2017 (previously discussed here), HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) issued a series of updates to provide consumers and potentially affected organizations with information on the attack and to detail HHS’ efforts to mitigate the harmful effects of the attack on government computer systems and health care organizations.

In five successive updates issued between May 13 and May 17, ASPR provided links to the most up-to-date information from the U.S. government on cyber threats (including from the US-CERT Cyber Awareness System, the FBI, HHS’ Healthcare Cybersecurity and Communications Integration Center (HCCIC)), and solicited information on new attack vectors, as well as regarding any impact the attack may have had on patient care or supply chain distribution.
Continue Reading HHS Office of the Assistant Secretary for Preparedness and Response Issues Series of Cybersecurity Updates in Response to WannaCry Attack

Now more than ever, workplace wellness programs are becoming increasingly popular among employers. A common concern many employers have is how to design a meaningful workplace program intended to improve the health of participating employees while complying with HIPAA’s privacy and security rules. Although employers are not covered entities, HIPAA may apply to an employer’s