The FTC Health Breach Notification Rule was enacted 10 years ago to protect the privacy and security of consumer health data not covered by HIPAA, but it was never enforced. A policy decision enacted on Sept. 15 will change that.
HHS OCR announced it reached an $80,000 settlement with Children's Hospital & Medical Center over potential HIPAA Right of Access failures. It’s the 20th settlement made under its access rights’ initiative.
A recent filing with the U.S. District Court of Northern California consolidates multiple lawsuits filed against Flo Health by its users, alleging the fertility app shares highly sensitive data with third parties like Facebook and Google — in direct contradiction with its privacy practices.
Representatives from critical infrastructure hammered at two key differences between the House and Senate versions of the bill: the amount of time that entities would have to report a cyber incident, and the level of certainly that would need to be present before doing so.
Ultimately, the system is designed to create a separate track for cybersecurity candidates to hire faster, pay more and sidestep box-checking requirements around qualifications and skillsets that don't translate to cybersecurity.
Michael Daugherty, CEO of LabMD, discusses how he went about choosing a lawyer to fight the FTC over a breach in episode 12 of the CISO Stories podcast.
