Jami Mills Vibbert

Latest Articles

Despite the announcement made last week by the Department of Health and Human Services Office for Civil Rights (OCR) about certain reduced penalty caps under the Health Insurance Portability and Accountability Act (HIPAA), OCR has shown in this week’s settlement that it still plans to vigorously enforce HIPAA. New Maximum Annual Penalty Caps On April 30, 2019, OCR announced in a Notification of Enforcement Discretion new annual penalty caps for identical violations of a requirement…
A U.S. Department of Health and Human Services (“HHS”) administrative law judge (“ALJ”) ordered the University of Texas MD Anderson Cancer Center (“MD Anderson”) last month to pay a $4,348,000 civil monetary penalty because of violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  While the vast majority of enforcement actions taken against covered entities and business associates to date have been voluntary settlements, this action came in the form of summary…
The U.S. Food and Drug Administration’s (FDA’s) Center for Devices and Radiological Health (CDRH) recently issued its Medical Device Safety Action Plan:  Protecting Patients, Promoting Public Health (Action Plan), an aspirational set of goals concerning the agency’s approach to medical device safety.  This Action Plan can be considered the FDA’s attempt to reorganize its toolbox to make its regulatory efforts more efficient, effective, and responsive.  The Action Plan describes the FDA’s intentions to: Integrate CDRH’s premarket…
On April 4, 2018, the New Jersey Attorney General’s office announced a settlement with a large network of physicians affiliated with medical and surgical practices throughout New Jersey (the “Medical Group”) for health privacy and security violations related to a breach of more than 1,650 patient records.  The settlement for violations of the federal Health Insurance Portability and Accountability Act and its associated regulations (“HIPAA”) and New Jersey state law requires the Medical Group to…
No two health care companies are alike, but many face similar challenges when managing their data risk. Many of these challenges arise due to the competing desires with which every modern organization now struggles—one between innovation and growth on the one hand and compliance and legal risk on the other. Specifically, the following five issues are top of mind: The tension between data growth and analytics and data minimization; Handling connected devices and mobile apps;…
A circuit split regarding the SEC’s administrative law judges, an internal CFPB playbook and memo on their examination process, and a recent field hearing on small business lending are at the forefront of the May 18 edition of Venable’s Consumer Financial Services Digest. In this issue, we highlight the circuit split between the Tenth Circuit and the D.C. Circuit regarding the status and appointment of the SEC’s administrative law judges. We take a look at the CFPB’s…
On Friday, an unprecedented cyberattack affected a large number of Microsoft Windows-based computers through a type of malware known as ransomware. Although ransomware has been increasingly prevalent over the last few years, this particular version, called “WannaCry,” spread quickly and widely around the world. Many believe that the cyberattack will continue. Ransomware is generally spread via email messages that contain infected attachments. When a user opens the attachment, a program runs that encrypts the user’s…