Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Stephanie Willis

Stephanie Willis

Stephanie Willis is a counsel in Crowell & Moring’s Washington, D.C. office and a member of the firm’s Health Care Group. Stephanie primarily works with health care clients seeking to comply with state and federal health care anti-fraud and abuse laws, privacy and security laws, and licensing laws.

Stephanie’s work incorporates her Master of Public Health degree as well as her past experiences as an associate counsel in the Office of the Inspector General for the Department of Health and Human Services (HHS-OIG) and as an intern at the Massachusetts Division of Insurance, the Health Care Division of the Massachusetts Attorney General’s Office, and the Massachusetts Health Care Connector, which was the first health care exchange in the nation.

Read Stephanie's bio on Crowell & Moring's website

Subscribe to all posts by Stephanie Willis

New OCR Settlement Targets Safety Net Provider on Security Rule Deficiencies

Posted in Cybersecurity / Data Security, Information Management
On Wednesday, the U.S. Department of Health and Human Services, Office for Civil Rights announced a $400,000 settlement with Metro Community Provider Network arising from MCPN’s alleged failure to implement adequate security management processes to safeguard electronic protected health information in accordance with the Health Insurance Portability and Accountability Act Security Rule. This settlement followed… Continue Reading

OCR Announces Major HIPAA Enforcement Initiative

Posted in Cybersecurity / Data Security, Data Breach, Health IT
The Department of Health & Human Services Office of Civil Rights (“OCR”) announced on August 18, 2016 that it is stepping up enforcement actions related to small breaches.  Although OCR investigates all reported breaches affecting more than 500 people, this new initiative will increase investigations of breaches affecting fewer than 500 people.  As OCR recognizes,… Continue Reading

OCR Announces Third HIPAA Settlement in Three Weeks

Posted in Cybersecurity / Data Security, Data Breach
On Monday, the HHS Office of Civil Rights (OCR) released its third resolution and settlement agreement in as many weeks.  The $750,000 settlement with the University of Washington Medicine (“UWM”) is yet another citing the alleged failure to conduct an enterprise-wide risk analysis as required by the HIPAA Security Rule.  As part of the settlement,… Continue Reading

HHS-OCR Announces First Settlement Involving Medical Device Security Issues

Posted in Data Breach
The day before Thanksgiving, the HHS Office of Civil Rights (OCR) announced its first settlement involving a reported data breach implicating security of medical devices used in the hospital setting. OCR’s $850,000 settlement and resolution agreement with Lahey Hospital and Medical Center (LHMC) stem from the theft of a laptop workstation used to operate and… Continue Reading