International HIPAA, Privacy, and Security Law Considerations

International HIPAA, Privacy and Security Law Considerations addresses the old and new generations of cybersecurity laws, compliance requirements, and threats, which need to be considered in conjunction with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) – a law that celebrated its 25th anniversary in August 2021 and continues to evolve.

International cybercriminals have become more brazen, as attacks in 2021 and 2022 were aimed at children’s hospitals – Boston’s Children’s Hospital and SickKids in Toronto, Canada. Actions like those perpetrated on children’s hospitals, as well as other infrastructure considerations, such as the Colonial Pipeline prompted Executive Order 14028 – Improving the Nation’s Cybersecurity, which called for the public and the private sectors to improve its prevention, detection, and correction of cyber risks and events. Government agencies, including the U.S. Department of Justice acted and implemented cyber-fraud and other cybersecurity enforcement initiatives.

Cybersecurity risks continue to escalate. Now more than ever, healthcare industry participants – whether covered entities, business associates, or subcontractors – should utilize resources such as those set forth by the U.S. Department of Health and Human Services (HHS), Health Sector Cybersecurity Coordination (HC3).