The OCR’s Phase 2 HIPAA Audit Program and Cloud-Service Providers, and an Alert Regarding Phase 2 Audit Email Phishing Scams

The U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) is undertaking continued efforts to assess compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules, and auditing “covered entities” (health care providers, health plans, and health care clearinghouses) and “business associates” (discussed herein) to […]

Read More


Cybersecurity and Financial Institutions

Like many other industries, financial institutions that become more technologically reliant are subjected to numerous and repeated cyberattacks. As the former General Counsel for Florida’s financial institution’s regulator (the Florida Office of Financial Regulation), I was amazed at the frequency and complexity of many such cyberattacks.  As expressed to me by a cybersecurity expert, “it’s […]

Read More


Cybersecurity: Before and After the Storm

Employers, healthcare providers, retailers, and virtually every other business collect data about their customers, clients, patients, and staff every day. In a data-driven economy, personally identifiable information and private health information are gathered, aggregated, stored, and protected electronically. Smart companies encrypt data and limit access to the electronic devices that store the critical financial information, […]

Read More


Data Breaches: They’re What’s for Dinner

There are thousands of restaurants in South Florida. Some of those restaurants are independently owned.  Some are owned by large corporations.  Each restaurant is a potential opening for a costly data breach. On January 29, 2016, Landry’s Incorporated, owner of more than 500 restaurants, including Morton’s, Oceanaire Seafood Room, Vic & Anthonys, and the Rainforest […]

Read More