Posts

Showing posts with the label encryption

HIPAA Enforcement: A Look Ahead at 2026 Informed by 2025's Inflection Points

The healthcare ecosystem has closed the book on a volatile 2025, and HIPAA enforcement has moved into 2026 with sharper edges, wider apertures, and higher stakes. Regulators spent 2025 refining the tools they use, broadening the set of entities they scrutinize, and tightening expectations around cybersecurity hygiene, vendor oversight, and the responsible use of digital technologies. At the same time, parallel enforcement—from the Department of Justice, the Federal Trade Commission, and state attorneys general—has reinforced the reality that data protection failures are not just a compliance problem; they are an enterprise risk with civil, criminal, and reputational dimensions. What 2025 Signaled—And Why It Matters In 2025, the Office for Civil Rights maintained its steady cadence on HIPAA Right of Access cases, but increasingly linked access failures to broader issues—training, audit controls, and vendor performance—resulting in corrective action plans that are deeper, more prescripti...

Think Before You Click: Employers Could Violate Federal Law by Reading Employee Emails

Image
The federal Stored Communications Act (SCA) protects the privacy of personal emails and social media accounts that employees may access with company-owned devices. It provides for both civil and potentially criminal penalties for violations. Quick Hits The federal Stored Communications Act prohibits employers from reading an employee’s personal emails and messages stored on third-party servers or networks. An employee or former employee might accidentally or unknowingly leave open apps or accounts with access to personal messages on a company-issued device. Employers need to balance workers’ privacy rights with business needs and company policies. Typically, when an employee voluntarily quits or is fired, the employer collects any laptops, phones, tablets, or other equipment owned by the employer. Employees often create bookmarks or links on these company-owned devices to their own email or other personal accounts. But what if at the time of termination an employee has inadvertently l...