A January report unveiled a staggering data leak dubbed the “Mother of All Breaches”, which encompassed data from numerous previous breaches, totaling approximately 12 terabytes and over 26 billion records.
OCR recently announced a significant settlement with a medical group that represents the first resolution of an investigation into a phishing cyberattack under HIPAA.
The Cybersecurity and Infrastructure Security Agency toolkit provides resources, training, and information to help organizations build a strong cybersecurity foundation and advance their defenses against threats.
The Office for Civil Rights has issued guidance on media access to protected health information that can serve as a resource to providers and patients.
A recently published government guide outlines defensive strategies, recommendations, and best practices to combat pervasive cyberthreats affecting critical infrastructure. It also identifies known vulnerabilities that providers can assess their networks for, thereby minimizing risks before intrusions occur.
HIPAA security compliance leaders should ensure that their organization’s sanction policies are well documented, transparent, understood by all workforce members, and applied consistently to reinforce a robust HIPAA compliance program.
The Office for Civil Rights recently issued two resources to help explain to patients the privacy and security risks associated with telehealth services, as related to personal health information.
HHS released two reports recently that provide in-depth insights and compliance tips to help healthcare covered entities contend with cybersecurity threats.
Healthcare covered entities continue to have trouble getting patients their medical records. Since 2019, when the Office for Civil Rights began its Right of Access initiative, the HIPAA privacy and security enforcer has settled 45 cases related to patient requests for medical records.
A recent settlement between the Office for Civil Rights and UnitedHealthcare serves as a stark reminder of the importance of HIPAA compliance and the right of patients to access their medical records in a timely manner.
Robust authentication processes are often the first line of defense against cyberthreats. A recent Office for Civil Rights Cybersecurity newsletter emphasizes the importance of strong authentication in safeguarding electronic protected health information (ePHI).
Government regulators that enforce HIPAA privacy and security compliance are doubling down this year on risk analysis and risk management as a primary avenue to safeguard protected health information.
In an era where digital transformation is reshaping industries, healthcare finds itself at the crossroads of innovation and privacy. Telehealth, a symbol of this transformation, promises unparalleled convenience and accessibility. Yet it also brings forth a myriad of challenges, especially concerning the protection of patient data.
Every click, swipe, and keystroke can lead to a breach in today’s digital healthcare landscape. Robust data protection procedures have never been more critical.
The conclusion of the COVID-19 public health emergency has led to the termination of the Office for Civil Rights’ relaxed enforcement and providers are in the midst of a 90-day transition period back to full compliance with the HIPAA rules for telehealth.
In this article, we will dissect the latest significant breach reported by the Office of Civil Rights. It involved MedEvolve Inc. and resulted in a $350,000 fine. We’ll explore the potential preventive strategies that healthcare entities can implement.
Learn which rules and regulations are changing as providers navigate the post-COVID-19 public health emergency transition period to full OCR compliance with HIPAA telehealth rules.
As the adoption of digital technologies, such as telehealth and electronic health records, increases, organizations face evolving cybersecurity threats that have the potential to compromise patient data and disrupt healthcare operations.
The Office for Civil Rights (OCR) reached another resolution in January during its ongoing effort to ensure the comprehensive enforcement of the HIPAA Privacy Rule’s right of access provision.
In this article, we continue our examination of HHS’ reports to Congress regarding HIPAA compliance and data from 2021, specifically focusing on the HIPAA Privacy, Security, and Breach Notification Rule Compliance report released in February.
In February, HHS published two reports covering HIPAA privacy and security compliance and breaches of protected health information to help HIPAA compliance privacy and security professionals better conduct their roles.
This month, we’ve compiled some questions for HIPAA security and privacy officers to consider when trying to strengthen compliance in their organizations.
OCR released its “Improving Cybersecurity Posture in Healthcare for 2022” news bulletin last February, noting that healthcare organizations are prime targets for cyberattacks due to the sensitive nature of the data they hold.
The Office for Civil Rights (OCR) has announced two resolutions for potential HIPAA violations two months into 2023. These resolutions fall at opposite ends of the HIPAA compliance spectrum—cybersecurity and medical record access. Each is focused on the goal of protecting patient privacy.
The Office for Civil Rights finished 2022 with some enforcement action relating to the HIPAA Security and Privacy Rule enforcer’s Right of Access Initiative.
When it comes to HIPAA compliance, there’s always something new to learn. In 2022, Paubox, a security provider, reported more than 3 million people were affected by breaches involving electronic medical records.
The Office for Civil Rights (OCR) has had a busy fall putting out guidance and proposing rule changes in some crucial areas of HIPAA compliance. Here’s a breakdown of some of its current operations.
In September, the Office for Civil Rights (OCR) released its fall 2022 data for enforcement. Covered entities (CE) and business associates (BA) can review this data to determine areas that most commonly trigger enforcement on behalf of the government’s regulator for the HIPAA Privacy and Security rules.
Those in charge of overseeing HIPAA compliance at their healthcare organizations need to have a firm understanding of privacy laws outside of the healthcare arena.
The Office for Civil Rights (OCR) issued guidance on audio-only telehealth in June. This guidance provides helpful tips on how covered entities (CE) can use remote communication technologies to provide audio-only telehealth services in a manner consistent with HIPAA requirements.
Now that the fourth quarter has arrived, things are winding down for 2022. This is a good time to reflect on the past year of HIPAA compliance and prepare for 2023. Here is a roundup of HIPAA topics and some actionable tips for compliance.
In early June, Congress released a bipartisan draft bill called the American Data Privacy and Protection Act. The goal of this bill is to create a regulation that organizations in any industry would need to accord with compliance. On the surface, this sounds great, but in reality, it is unrealistic.
In August, the Office for Civil Rights (OCR) announced a settlement with New England Dermatology P.C., known as New England Dermatology and Laser Center, over the improper disposal of PHI, which is a potential HIPAA Privacy Rule violation.
Starting on October 6, the definition of electronic health information (EHI) will include “the entire scope of the EHI definition [i.e., ePHI that is or would be in a Designated Record Set (DRS)].”
The 21st Century Cures Act fundamentally changes how patients can interact with their health information — and October 6 is a significant milestone for these changes.
The Office for Civil Rights (OCR) recently announced version 3.3 of the HHS Security Risk Assessment Tool. According to OCR officials, this tool is designed to aid small and medium-sized healthcare organizations in their efforts to assess security risks.
It may be summer, but there is no vacation when it comes to HIPAA privacy and security. In fact, OCR was extremely busy and active with enforcement in July.
In June, the Supreme Court overturned Roe v. Wade, the decades-old decision on abortion rights and it was enough to have OCR weigh in with some guidance on privacy regulations. OCR issued guidance June 29 to protect patient privacy in the wake of the decision.
The growing number of cybersecurity threats is a significant concern, driving the need for enhanced safeguards of electronic protected health information, according to the Office for Civil Rights.
To better prepare for the rest of the year, here are some topical privacy and security compliance tips and reminders as we surge toward a strong second half of 2022.
JayHodes, president of HIPAA compliance company Colington Consulting in Burke, Virginia, sees eight specific challenges organizations face when trying to comply with HIPAA regulations.
OCR released a report on audits it conducted. It found that most CEs failed to meet the requirements for selected provisions in the audit. One of the first steps to improving is learning more about audits and assessments, which are trouble spots for entities.
As part of our continuing series, BOH caught up with Rebecca Herold, CDPSE, FIP, CISSP, CIPM, CIPP/US, CIPT, CISM, CISA, FLMI, to ask the privacy expert HIPAA compliance questions.
Martin Fisher has been the director of information security and chief information security officer for Atlanta-based Northside Hospital for more than eight years. He discusses what’s top of mind in his role and what challenges lay ahead.
Dave Bailey, CISSP, knows firsthand what challenges arise daily for healthcare security officials. He explains what is on the minds of CIOs/CISOs and the security lessons learned from the COVID-19 pandemic.
We caught up with privacy expert Rebecca Herold, FIP, CIPM, CIPP/US, CIPT, CISSP, CISM, CISA, FLMI,CEO and founder of The Privacy Professor, and co-founder of Privacy & Security Brainiacs, to ask her some important HIPAA compliance questions.
Privacy expert Rebecca Herold, FIP, CIPM, CIPP/US, CIPT, CISSP, CISM, CISA, FLMI,CEO and founder of The Privacy Professor, and co-founder of Privacy & Security Brainiacs, recommends some key actions for practitioners to identify vulnerabilities in their security and privacy practices.
According to the Office for Civil Rights, the most commonly alleged HIPAA complaints include impermissible uses and disclosures of protected health information (PHI), lack of PHI safeguards, lack of patient access to PHI, lack of administrative safeguards of electronic PHI, and use or disclosure of more than the minimum necessary PHI.
We caught up for a HIPAA compliance checkpoint Q&A with Rebecca Herold, FIP, CIPM, CIPP/US, CIPT, CISSP, CISM, CISA, FLMI, CEO and founder of The Privacy Professor, and co-founder of Privacy Security Brainiacs.
Cybersecurity and ransomware never sleep. The Office for Civil Rights wrote about the need to stay vigilant against cybersecurity threats in a security email.
Having a good lawyer often comes in handy. Having a lawyer who understands HIPAA and works well with your HIPAA compliance officers, though, is priceless.
The past couple of years have been filled with challenges for healthcare workers, to say the least. It’s also been a time to reflect on lessons learned, especially in the arena of HIPAA privacy and security. And, naturally, there are lessons to be learned from other healthcare entities.
As HIPAA privacy and security officers gear up for another year of compliance, it’s always a good time to rethink training. How often should you train? How should you tailor content? How should you assess learning competency?
In its fall 2021 cybersecurity newsletter, OCR said it’s a great time for organizations to revisit the protections they have in place for their legacy systems.
Learn about the most important parts of the 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program final rule for HIPAA compliance officers.
It’s almost a new year. And for HIPAA security officers, that means it’s time to reflect on the year that was and also look forward to the next 12 months. One way to do that is to sharpen their toolkit of skills and traits.
In its July newsletter, OCR announced a collaboration with the HHS Office of the National Coordinator for Health Information Technology (ONC) to seek user feedback and improvement suggestions on its Security Risk Assessment (SRA) Tool.
H.R. 7898 became law on January 5, 2021, and amended the Health Information Technology for Economic and Clinical Health (HITECH) Act to require the secretary of HHS to consider certain recognized security practices of covered entities and business associates when making certain determinations, and for other purposes.
With the first month of fall arrived, it’s time to start thinking of the year ahead—and, of course, to finish the year strong. We’ve gathered some HIPAA compliance tips to consider while getting through the final third of the year and building some compliance momentum heading into 2022.
HHS recently issued its Summer 2021 OCR Cybersecurity Newsletter, covering the topic of controlling access to ePHI. HHS officials cited a Verizon 2021 Data Breach Investigations report that found 61% of analyzed data breaches in the healthcare sector were perpetrated by external threat actors and 39% were carried out by insiders.
Before the final HIPAA Privacy Rule updates are released, providers have a change to weigh in on the proposals. Read what they've said and how it might influence the final rule.
The agency responsible for setting the rules for healthcare IT compliance underwent its own audit by the Office of Inspector General (OIG) recently. See what auditors found and where HHS needs to improve.
The Cybersecurity and Infrastructure Security Agency (CISA) and FBI have observed continued targeting through spearphishing campaigns using TrickBot malware in North America, according to a Joint Cybersecurity Advisory published in March and updated in May.