Tag Archives: audit

HHS OCR Alert: Phishing Email Disguised as Official OCR Audit Communication

This alert just in from HHS OCR:

“It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels. This email appears to be an official government communication, and targets employees of HIPAA covered entities and their business associates.  The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy,… More

More on HIPAA Audits for 2016 and 2017–Desk Audits and On-Site Audits

As part of the ongoing HHS OCR HIPAA audit initiative, it is conducting “HIPAA desk audits.”  These audits don’t involve auditors coming in your facility.  Instead, covered entities are being asked to submit documents on:

     (1) their risk analysis and risk management plans under the HIPAA security rule;

     (2) the content and timeliness for following the HIPAA breach notification rule; or

     (3) the notice of the entity’s privacy practices for health information and patients’… More

New Data Protection Obligations In Europe: Data Protection Officers and Impact Assessment under the New General Data Protection Regulation (GDPR)

The full text of the General Data Protection Regulation (GDPR) was published on 4 May 2016. Although the GDPR will not be effective until 25 May 2018, it is worth looking into it right now given the major changes it makes to the rules in the 1995 Directive.

Application of the GDPR

The GDPR applies to the processing of personal data by companies having an “establishment” in the European Union,… More

HIPAA Compliant Technology and the Importance of Encryption

We welcome this guest blog by Gene Fry, Compliance Officer, Scrypt, Inc.

The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. This means that any covered entity (CE) or business associate (BA) that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed. The HIPAA Privacy Rule addresses the storage,… More