A Q&A with Antony Kim and John Wolfe of Orrick, Herrington and Sutcliffe The recent HIPAA breach at St. Elizabeth’s Medical Center in Brighton, MA, brought some key issues to light. With the continual outsourcing of healthcare sector computing for ePHI data to external third-party clouds, it’s becoming increasing vital that the covered entity (CE)…

A Q&A with J.T. Malatesta of Maynard Cooper & GaleMedical Informatics Engineering and subsidiary NoMoreClipboard revealed a breach last month affecting up to 3.9 million Americans which has now resulted in a series of class action lawsuits on behalf of victims. The incident is causing headaches for risk managers in the healthcare sector, including their…

A Q&A with John Yanchunis of Morgan & Morgan The legal landscape around data loss is rapidly evolving, and with major events such as the Anthem breach changing the game on a daily basis, it can be a challenge to keep up with the courts’ current thinking. I spoke with plaintiff attorney John Yanchunis of…

A Q&A with Steve Visser, Managing Director at Navigant Consulting
Many types of data security incidents can require a forensic investigation to uncover the depth of the breach and how it occurred, and this process is more efficient when an organization has anticipated what’s involved. I talked to Steve Visser—national leader of Navigant Consulting’s information security incident investigation and response practice—about what risk managers can do to prepare for a successful forensic investigation.

A Q&A with Lynn Sessions of Baker Hostetler LLP
Now that the Affordable Care Act (aka Obamacare) is law, states potentially now have cyber public entity liability exposure, due to their role in managing PHI in connection with the healthcare exchanges, the data hubs that will centralize and route private information through government agencies and related businesses. This new model has already led to privacy data breach incidents, well before the act went into effect this past October (see example). To sort through the complications the ACA poses to public entities, I spoke with Lynn Sessions, counsel at Baker Hostetler LLP.

A Q&A with Barbara Bennett
When they were released this past January, the final HITECH regulations amending the HIPAA Security, Privacy, Breach and Enforcement Rules updated those regulations with expansion of the scope of the rules, increased patient protections and more stringent government oversight, including application of the rules to contractors and subcontractors. So what does this mean for healthcare organizations and the service providers that work with them? I asked Barbara Bennett, partner at Hogan Lovells, LLP in Washington, DC to explain the finer points of the final rules.

A Q&A with Lynn Sessions of Baker Hostetler
In enforcing the HIPAA/HITECH regulations, the Department of Health and Human Services’ Office of Civil Rights (OCR) has been coming down on healthcare organizations with recent fines of US $1.7 million, and yet the OCR and its investigations remains an area of mystery for many organizations. I asked Lynn Sessions, counsel at Baker Hostetler in Houston, TX, for some perspective on OCR’s process for ensuring data security and privacy compliance in healthcare.

A Q&A with Michael Bruemmer of Experian
Healthcare is one of the single biggest areas for data breach and identity fraud, yet many people still don’t understand the gravity of the risks facing companies and consumers. To get a better handle on the specific risks and how organizations can better protect themselves, I spoke with Michael Bruemmer, VP of Data Breach Resolution at Experian.