Edward G. Zacharias Edward G. Zacharias

Subscribe to Edward G. Zacharias's Posts
  Edward (Ed) G. Zacharias focuses his practice on complex transactions and regulatory compliance matters. He represents hospitals and health systems, academic medical centers, physician group practices, post-acute care providers, health information technology vendors, biotech companies, insurers, pharmaceutical companies and a variety of other health care entities. Read Edward Zacharias' full bio.

The Continuing Disconnect between the Health Care Industry and OCR on HIPAA’s Risk Analysis Requirement


By , and on May 6, 2018
Posted In Cybersecurity, Data Privacy, Telehealth

Lack of a sufficient risk analysis continues to be one of the most commonly alleged violations in Office for Civil Rights (OCR) HIPAA enforcement actions, appearing in half of all OCR settlements announced in the last 12 months and in almost all of the $1 million-plus settlements during that time period. Significant confusion remains across...

Continue Reading



OCR Explains How Information Blocking Violates HIPAA


By , , and on Oct 27, 2016
Posted In Cloud, Consumer Protection, Cybersecurity, Data Privacy, General Interest

The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently posted guidance (OCR guidance) clarifying that a business associate such as an information technology vendor generally may not block or terminate access by a covered entity customer to protected health information (PHI) maintained by the vendor on behalf of the...

Continue Reading



OCR Transmits Pre-Audit Screening Surveys to Covered Entities for Phase 2 HIPAA Compliance Audits


By , and on May 7, 2015
Posted In Consumer Protection, Cybersecurity, Data Privacy, General Interest

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently transmitted HIPAA pre-audit screening surveys to covered entities that may be selected for a second phase of HIPAA compliance audits (Phase 2 Audits). OCR is required to conduct compliance audits of covered entities and business associates under the 2009 Health Information...

Continue Reading



Just in Time for the Holidays: Another HIPAA Settlement


By on Dec 12, 2014
Posted In Consumer Protection, Cybersecurity, Data Privacy

Following an Office for Civil Rights investigation, Anchorage Community Mental Health Services, Inc., agreed to pay $150,000 and comply with a two-year Corrective Action Plan to settle allegations that it violated the HIPAA Security Rule. This settlement is another reminder that covered entities and business associates should take the necessary steps to ensure compliance with...

Continue Reading



Incorporating Risk Analysis Into Your HIPAA Strategy


By on May 14, 2014
Posted In Big Data, Cloud, Consumer Protection, Cybersecurity, Data Privacy, General Interest

In building a stout privacy and security compliance program that would stand up well to federal HIPAA audits, proactive healthcare organizations are generally rewarded when it comes to data breach avoidance and remediation. But an important piece of that equation is performing consistent risk analyses. McDermott partner, Edward Zacharias, was interviewed by HealthITSecurity to discuss these...

Continue Reading



Take Action to Stop the Bleeding: Follow These Steps


By and on Apr 14, 2014
Posted In Consumer Protection, Cybersecurity, Data Privacy, General Interest

“Heartbleed” has been all over the news, and companies have been scrambling to respond.  What sounds like a nasty medical condition is actually a recently discovered flaw in popular encryption software called OpenSSL.  It has been widely reported in the news outlets that approximately 60 percent of all web servers use OpenSSL.  According to the Federal...

Continue Reading



Data Privacy Day 2014


By , , and on Jan 29, 2014
Posted In Advertising & Marketing, Consumer Protection, Cybersecurity, Data Privacy, Data Transfers/Safe Harbor/Privacy Shield, Electronic Contracting, Mobile Apps, Social Media, Text Messaging

In Boston, we celebrated Data Privacy Day (January 28) by presenting “U.S. Privacy and Data Protection: 2013 Year In Review and a Prediction of What’s to Come in 2014” for participants in an IAPP KnowledgeNet.  Our panel of speakers discussed significant U.S. data privacy and protection events from 2013 and shared thoughts about what’s ahead for...

Continue Reading



STAY CONNECTED

TOPICS

ARCHIVES