It feels like we’ve been seeing a lot more health care breaches caused by hackers and other IT security incidents, and there’s a good reason why: a recent report by cloud security company Bitglass confirms that both the...more
The HHS Office for Civil Rights (OCR) released a new guidance document regarding which HIPAA violations business associates (BAs) can and cannot be held directly liable for. In the guidance, OCR states that BAs can be held...more
Regular readers of the blog won’t be surprised to hear that there has been another data breach, this time involving a business associate in charge of storing medical records on behalf of health care providers and insurers....more
Today, we’re looking back at HIPAA and other privacy and security developments in 2018. This past year saw continued HIPAA enforcement (including the largest ever fine for a HIPAA breach), reminders from the OCR on best...more
1/7/2019
/ Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Popular ,
State Data Breach Notification Statutes
Last week, the Office for Civil Rights (OCR) announced that it had reached a settlement with a contract physician group based in Florida to resolve potential HIPAA violations relating to the sharing of protected health...more
12/13/2018
/ Breach Notification Rule ,
Business Associates ,
Corrective Actions ,
Cybersecurity ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
PHI ,
Policies and Procedures ,
Settlement Agreements
The July 2018 cyber security newsletter issued by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) reminds health care providers and their business associates of the importance of properly...more
8/13/2018
/ Cybersecurity ,
Data Protection ,
Electronic Devices ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Personally Identifiable Information ,
Popular ,
Record Retention
Privacy and security compliance obligations for health care companies remain hot topics this spring. Health care companies must now contend with data breach laws in all 50 states as well as keeping on top of federal HIPAA...more
6/21/2018
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Cybersecurity ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Guidance ,
OCR ,
Personally Identifiable Information ,
Revocation ,
State and Local Government ,
State Data Breach Notification Statutes
The May 2018 cyber security newsletter from the U.S. Department of Health and Human Services Office for Civil Rights (OCR) focused on a topic often overlooked by covered entities and their business associates: physical...more
As we look back on 2017, one message is clear: don’t be a Scrooge when it comes to HIPAA compliance. With ever-evolving security threats and unrelenting enforcement, regulated entities must maintain a spirit of compliance...more
As Texas, Florida, and the Caribbean rebuild after the latest string of deadly hurricanes and prepare for the possibility of future storms, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR)...more
9/19/2017
/ Cybersecurity ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
Hurricane Harvey ,
Hurricane Irma ,
Natural Disasters ,
OCR ,
Personally Identifiable Information ,
Waivers
OCR released a simple checklist and infographic last week to assist Covered Entities and Business Associates with responding to potential cyber attacks. As cybersecurity remains a pressing concern for health care entities,...more
6/14/2017
/ Business Associates ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Federal Breach Notification Standard ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
ISAOs ,
OCR ,
PHI ,
Popular
Although National Cyber Security Month isn’t until October, September has brought plenty of privacy and security updates that health care companies need to be aware of. In this post, we review guidance from the Office for...more