New OCR Advisory — HIPAA and Health Information Exchanges

Dec. 18,2020 — Today, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued guidance on how the Health Insurance Portability and Accountability Act of 1996 (HIPAA) permits covered entities and their business associates to use health information exchanges (HIEs) to disclose protected health information (PHI) for the … Read more

OCR report finds most providers and business associates failed basic HIPAA standards

December 17, 2020 –The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) released its 2016-2017 HIPAA Audits Industry Report that reviewed selected health care entities and business associates for compliance with certain provisions of the HIPAA Privacy, Security, and Breach Notification Rules. The Health Information Technology for Economic … Read more

Shocking US Treasury warning puts ransomware victims in triple-bind: between a rock, hardplace, and really bad place.

With hospitals and healthcare providers as the prime targets (but certainly not the only targets) for ransomware cybercriminals,  an October 1, announcement from the US Treasury department puts the victims of ransomware in the impossible position.  The unexpected policy statement https://home.treasury.gov/system/files/126/ofac_ransomware_advisory_10012020_1.pdf  gives the victim the options of choosing to not pay the ransom and incurring loss … Read more

Insurance company hit with $6.85 million data breach penalty

OFFICE OF CIVIL RIGHTS — Premera Blue Cross (PBC) has agreed to pay $6.85 million to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security … Read more

HHS releases new Security Risk Assessment Tool

September 15, 2020 HHS Security Risk Assessment Tool Version 3.2 and Webinar SRA Tool Version 3.2 The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) have released version 3.2 of the popular HHS Security Risk Assessment (SRA) Tool. This tool is designed to aid small and … Read more

New HIPAA fines stress patient right to access their records

OCR Settles Five More Investigations in HIPAA Right of Access Initiative The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announces that it has settled five more investigations in its HIPAA Right of Access Initiative this year. OCR announced this initiative as an enforcement priority in 2019 to … Read more

New HIPAA scam aimed at healthcare providers

  April 3, 2020 Alert: Individual Posing as OCR Investigator It has come to OCR’s attention that an individual posing as an OCR Investigator has contacted HIPAA covered entities in an attempt to obtain protected health information (PHI). The individual identifies themselves on the telephone as an OCR investigator, but does not provide an OCR … Read more