“Trump’s company taps ex-Bannon lawyer as outside ethics advisor” —
- “U.S. President-elect Donald Trump’s company said Friday it has retained William Burck, a managing partner of U.S. trial firm Quinn Emanuel Urquhart & Sullivan and longtime Republican insider, as its outside ethics advisor.”
- “Burck will help the Trump Organization develop and maintain internal ethics policies to ward against conflicts of interest, the company said in a press release posted on X by Trump’s son Eric, who is an executive vice president of the company.”
- “The Trump Organization consists of hundreds of companies that are ultimately owned by the Republican president-elect, including his golf and resort business. Reuters has estimated the company was on track to generate over $600 million in revenue last year.”
- “Eric Trump told Reuters last month there will be a ‘very large wall’ separating the Trump Organization’s business activity from the U.S. government.”
- “Burck said in an email that the Trump Organization assignment would have no effect on his role at Quinn Emanuel. The 1,000-lawyer firm’s other clients include billionaire Tesla CEO and Trump ally Elon Musk.”
- “Burck previously defended Trump’s former political strategist Steve Bannon on charges of defrauding donors in a border-wall scheme, which were dismissed when Bannon was pardoned by Trump. Burck also represented Bannon before a U.S. Senate committee investigating the Trump campaign’s links to Russia, and he represented ex-Trump officials including U.S. Secretary of State Mike Pompeo and former White House Counsel Don McGahn.”
- “Earlier Burck was a federal prosecutor in Manhattan and served as deputy White House counsel in the George W. Bush administration.”
- “China-based drone maker DJI last month hired Quinn Emanuel in a lawsuit challenging DJI’s inclusion on a U.S. Defense Department list of entities allegedly working with Beijing’s military.”
- “Asked if Quinn Emanuel’s work for DJI could raise conflict concerns when the incoming Trump administration inherits responsibility to defend against the case, Burck said the firm is ‘governed by bar ethics and conflicts rules and will abide by them as we always do.’”
See also: “President-Elect Trump’s New White Paper on Conflicts of Interest”
“What to Know About the HHS HIPAA Security Standards Proposal” —
- “At the close of 2024, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (the Proposed Rule) to amend the Security Rule regulations established for protecting electronic health information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The updated regulations would increase cybersecurity protection requirements for electronic protected health information (ePHI) maintained by covered entities and their business associates to combat rising cyber threats in the health care industry.”
- “The Proposed Rule seeks to strengthen the HIPAA Security Rule requirements in various ways, including:”
- “Removing the ‘addressable’ standard for security safeguard implementation specifications and making all implementation specifications ‘required.’ This, in turn, will require written documentation of all Security Rule policies and encryption of all ePHI, except in narrow circumstances.”
- “Requiring the development or revision of technology asset inventories and network maps to illustrate the movement of ePHI throughout electronic information system(s) on an ongoing basis, to be addressed not less than annually and in response to updates to an entity’s environment or operations potentially affecting ePHI.”
- “Setting forth specific requirements for conducting a risk analysis, including identifying all reasonably anticipated threats to the confidentiality, integrity, and availability of ePHI, identifying potential vulnerabilities, and assigning a risk level for each threat and vulnerability identified.”
- “Requiring prompt notification (within 24 hours) to other healthcare providers or business associates with access to an entity’s systems of a change or termination of a workforce member’s access to ePHI; in other words, entities will now be obligated to immediately communicate changes if an employee’s or contractor’s access to patient data is altered or revoked to mitigate the risk of unauthorized access to ePHI.”
- “Establishing written procedures on how the entity will restore the loss of relevant electronic information systems and data within 72 hours.”
- “Requiring encryption of ePHI at rest and in transit.”
- “Requiring specific security safeguards on workstations with access to ePHI and/or storage of ePHI, including anti-malware software, removal of extraneous software from ePHI systems, and disabling network ports pursuant to the entity’s risk analysis.”
- “Requiring vulnerability scanning at least every six (6) months and penetration testing at least once every year.”
- “Requiring network segmentation.”
- “The Proposed Rule notably includes some requirements specific to business associates only. These include a proposed new requirement for business associates to notify covered entities (and subcontractors to notify business associates) within 24 hours of activating their contingency plans. Business associates would also be required to verify, at least once a year, to their covered entity customers that the business associate has deployed the required technical safeguards to protect ePHI. This must be conducted by a subject matter expert who provides a written analysis of the business associate’s relevant electronic information systems and a written certification that the analysis has been performed and is accurate.”
- “The Proposed Rule’s changes are also a tacit acknowledgment that current Security Rule standards have not kept up with threats or operational changes.”
