In Case You Missed It: U.S. Major party platforms address cybersecurity. The two major parties have released their 2016 election platforms, both of which include cybersecurity planks. The Republican platform’s perspective of cybersecurity is an element of national security and international relations. The platform called for harsh responses to cyber-attacks against American businesses, institutions, and government, applauded the Cybersecurity Information Sharing Act of 2015, and pledged to “explore the possibility of a free market for Cyber-Insurance.” The Democratic platform is largely as a continuation of President Obama’s cybersecurity policies.… More
Tag Archives: HIPAA
HHS OCR Guidance on Ransomware Attacks: They Constitute a “Security Incident” and Are Likely a Data Breach
On July 11, 2016, the HHS Office of Civil Rights (OCR) released guidance on HIPAA covered entities’ responsibilities in a ransomware attack, a type of cyber-attack that has targeted the health care sector extensively in recent months. This guidance comes in the wake of a June 20, 2016 “Dear Colleague” letter from HHS Secretary Sylvia Burwell highlighting ransomware issues. The most notable of OCR’s statements is that ransomware attacks often constitute breaches subject to the HIPAA Breach Notification Rule.… More
In Case You Missed It: Court certifies class in suit against Apple. On July 15, 2016, U.S. District Judge Jon S. Tigar certified a class of users of the mobile app Path, who allege that Apple facilitated the app’s access their contacts without their knowledge. In the same decision, Judge Tigar denied certification to a proposed class of consumers who downloaded the app, but never had their contacts uploaded. … More
Catholic Health Care Services of the Archdiocese of Philadelphia (“CHCS”), a HIPAA business associate, has agreed to pay the Department of Health and Human Services Office of Civil Rights (“OCR”) $650,000 in connection with a data breach involving the nursing homes to which it provides management and IT services.
The underlying breach occurred in February 2014 (which suggests a significant backlog at OCR in resolving open matters). … More
The summer movie season is now officially in full swing, with the release of three informational videos regarding HIPAA and the right of individuals to access their medical records, published by the Office of Civil Rights of the Department of Health and Human Services.
The video trilogy, and accompanying infographic, are the eagerly-awaited sequel to OCR’s guidance “Individuals’ Right under HIPAA to Access their Health Information 45 CFR § 164.525,” issued earlier this year. … More
Unfortunately, health care providers are the perfect mark for theft and extortion because they have huge amounts of sensitive information and maintain such information in computer databases at risk of infiltration. On May 17, Foley Hoag presented a webinar discussing the ongoing crime sprees involving theft of patients’ identities and health information; ransomware involved in these crimes; related data security issues affecting health care providers; and how they implicate law enforcement and the criminal law aspects of HIPAA.… More
Written by Elizabeth Snell | This article was originally published on HealthITSecurity.com
The recently announced OCR HIPAA audits are not a cause for panic, according to experts, especially of organizations have proper documentation.
You have seen all the hysterical headlines — “The HIPAA audits are coming, the HIPAA audits are coming….” But when you really think about it, what is the big deal? If you are a HIPAA covered entity, you surely know by now what you are supposed to be doing. And you probably have been doing it– so just check around to make sure before you get the dreaded letter from HHS OCR. … More
On January 22, 2016, I had the pleasure to present to the Massachusetts Health Information Management Association’s Winter Meeting, to discuss “Compliance Beyond HIPAA.” The presentation slides from the program are available here, and reflect discussion of:
HIPAA Privacy Regulations Amended to Allow Disclosures of Mental Health Information for Firearm Background Checks
On January 4, 2016, the Department of Health and Human Services (HHS) modified the HIPAA Privacy Rule to expressly permit certain covered entities to disclose to the National Instant Criminal Background Check System (NICS) the identities of those individuals who, for mental health reasons, already are prohibited by Federal law from having a firearm. According to HHS, “This modification better enables the reporting of the identities of prohibited individuals to the background check system and is an important step toward improving the public’s safety while continuing to strongly protect individuals’… More