Alert: Phishing Email Disguised as Official OCR Audit Communication November 28, 2016 It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels. This email appears to be an official government communication, and targets employees of HIPAA covered entities and their business associates. The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and
It does not take a huge breach of privacy to result in a huge fine — in this case, malware that potentially compromised 1670 patient files of PHI cost UMASS $650,000 in fines. This emphasizes the concept that there is no such thing as a “small breach” of PHI. The OCR announcement of the fine appears below: The University of Massachusetts Amherst (UMass) has agreed to settle potential violations of the Health Insurance Portability and
Reminder – EMTALA reality: Since the dawn of EMTALA I have been telling people that one of the biggest compliance problems with the law is that nobody reads the definitions. Later when the regulations and site review guidelines (State Operations Manual) came out, the second big set of “definitions” were included in the law through the interpretations and guidelines that the regulators put out. Since then, revisions to the site review guidelines have modified or
I am hopeful that the folks that predicted an orderly transfer of power will be right … at the moment that is not looking likely, but there is still time for that to occur. Comment here on what you are seeing in your areas.
Space weather — solar flares, coronal mass ejections (CMEs), geomagnetic storms and other disruptive solar and cosmic events such as Electromagnetic Pulse(EMP) with the potential to disrupt power grids, communications, and defense systems — moved onto the emergency planning radar screen for the entire country October 13, 2016, when the President issued an executive order to step up government research, monitoring and preparation for the threat of a space weather disaster. Delayed up to now
One of the most common “gotcha’s” when CMS shows up is to be missing a mandatory sign in some obscure location, and the deadline for a new mandatory sign is coming up on the 16th. CMS has posted resources to help you comply with the right wording and languages. A sample of the required sign template is available at Sample Notice English PDF. The notice must be posted or published on your website, and include
The FBI has doubled-down on its repeated warnings on ransomware with another warning and a request to report all instances of ransomware attacks so the FBI can get a handle on the true scope of the issue. The FBI press release Friday states: Ransomware Victims Urged to Report Infections to Federal Law Enforcement The FBI urges victims to report ransomware incidents to federal law enforcement to help us gain a more comprehensive view of the
Ransomware is rapidly becoming the most common and potentially devastating form of cyber attack on healthcare organizations, prompting CMS to issue an advisory warning in August. To help alert our readers to the threat and defenses you can employ in preventing HIPAA violations, I will be hosting a no charge seminar at Noon (Central) September 14, 2016, and you are invited to attend. We will be hosting this webinar on a new platform that is