Edward G. Zacharias
Subscribe to Edward G. Zacharias's Posts
Edward (Ed) G. Zacharias focuses his practice on complex transactions and regulatory compliance matters. He represents hospitals and health systems, academic medical centers, physician group practices, post-acute care providers, health information technology vendors, biotech companies, insurers, pharmaceutical companies and a variety of other health care entities. Read Edward Zacharias' full bio.
The Continuing Disconnect between the Health Care Industry and OCR on HIPAA’s Risk Analysis Requirement
By Amy C. Pimentel, David Quinn Gacioch and Edward G. Zacharias on May 6, 2018
Posted In Cybersecurity, Data Privacy, Telehealth
Lack of a sufficient risk analysis continues to be one of the most commonly alleged violations in Office for Civil Rights (OCR) HIPAA enforcement actions, appearing in half of all OCR settlements announced in the last 12 months and in almost all of the $1 million-plus settlements during that time period. Significant confusion remains across...
Continue Reading
OCR Explains How Information Blocking Violates HIPAA
By Amanda Enyeart, Edward G. Zacharias, Daniel F. Gottlieb and Ryan S. Higgins on Oct 27, 2016
Posted In Cloud, Consumer Protection, Cybersecurity, Data Privacy, General Interest
The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently posted guidance (OCR guidance) clarifying that a business associate such as an information technology vendor generally may not block or terminate access by a covered entity customer to protected health information (PHI) maintained by the vendor on behalf of the...
Continue Reading
OCR Transmits Pre-Audit Screening Surveys to Covered Entities for Phase 2 HIPAA Compliance Audits
By Edward G. Zacharias, Daniel F. Gottlieb and Ryan S. Higgins on May 7, 2015
Posted In Consumer Protection, Cybersecurity, Data Privacy, General Interest
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently transmitted HIPAA pre-audit screening surveys to covered entities that may be selected for a second phase of HIPAA compliance audits (Phase 2 Audits). OCR is required to conduct compliance audits of covered entities and business associates under the 2009 Health Information...
Continue Reading
Just in Time for the Holidays: Another HIPAA Settlement
By Edward G. Zacharias on Dec 12, 2014
Posted In Consumer Protection, Cybersecurity, Data Privacy
Following an Office for Civil Rights investigation, Anchorage Community Mental Health Services, Inc., agreed to pay $150,000 and comply with a two-year Corrective Action Plan to settle allegations that it violated the HIPAA Security Rule. This settlement is another reminder that covered entities and business associates should take the necessary steps to ensure compliance with...
Continue Reading
Incorporating Risk Analysis Into Your HIPAA Strategy
By Edward G. Zacharias on May 14, 2014
Posted In Big Data, Cloud, Consumer Protection, Cybersecurity, Data Privacy, General Interest
In building a stout privacy and security compliance program that would stand up well to federal HIPAA audits, proactive healthcare organizations are generally rewarded when it comes to data breach avoidance and remediation. But an important piece of that equation is performing consistent risk analyses. McDermott partner, Edward Zacharias, was interviewed by HealthITSecurity to discuss these...
Continue Reading
Take Action to Stop the Bleeding: Follow These Steps
By David Quinn Gacioch and Edward G. Zacharias on Apr 14, 2014
Posted In Consumer Protection, Cybersecurity, Data Privacy, General Interest
“Heartbleed” has been all over the news, and companies have been scrambling to respond. What sounds like a nasty medical condition is actually a recently discovered flaw in popular encryption software called OpenSSL. It has been widely reported in the news outlets that approximately 60 percent of all web servers use OpenSSL. According to the Federal...
Continue Reading
Data Privacy Day 2014
By McDermott Will & Emery, David Quinn Gacioch and Edward G. Zacharias on Jan 29, 2014
Posted In Advertising & Marketing, Consumer Protection, Cybersecurity, Data Privacy, Data Transfers/Safe Harbor/Privacy Shield, Electronic Contracting, Mobile Apps, Social Media, Text Messaging
In Boston, we celebrated Data Privacy Day (January 28) by presenting “U.S. Privacy and Data Protection: 2013 Year In Review and a Prediction of What’s to Come in 2014” for participants in an IAPP KnowledgeNet. Our panel of speakers discussed significant U.S. data privacy and protection events from 2013 and shared thoughts about what’s ahead for...
Continue Reading