Q: In a previous question, you said you can destroy paper records like charts as soon as they are scanned into the EMR if your state considers electronic storage media legally acceptable for medical records. My organization is currently rewriting our policy on shredding charts; is there any reference to this in HIPAA that we can use to back this up?
The healthcare sector is a frequent target of cyberattacks due to the value of PHI, which is the target of financial identity theft and medical identity theft. To safeguard PHI, you need to know the differences among phishing, ransomware, and DoS attacks.
A recent phishing attack against Network180, a mental health organization in Grand Rapids, Michigan, led to a data breach affecting approximately 2,200 patients.
In December, HHS Office for Civil Rights (OCR) released a request for information seeking input from the public in order to identify provisions of HIPAA that may impede value-based care or limit care coordination among individuals and covered entities, and which do not meaningfully contribute to protecting the privacy and security of protected health information.
Approximately 16,000 patients of Mind and Motion Developmental Centers of Georgia had their protected health information compromised after a ransomware attack on a server at the facility.
