By Art Gross – The Department of Health and Human Services Office of Inspector General has issued a report that is critical of the Office for Civil Rights. OIG concluded that OCR is not fulfilling its responsibility to enforce HIPAA regulations that safeguard protected health information (PHI) and to ensure that organizations protect patient’s privacy.
Read More
By Art Gross – On September 2, 2015 The HHS Office of Civil Rights (OCR) issued a press release announcing a $750,000 HIPAA settlement with Cancer Care Group, P.C. This large fine offers some very important lessons. Let’s take a closer look:
By Jonathan Krasner – We are all well aware of the epidemic of large data breaches that have been occurring recently. Anthem, Blue Cross, UCLA, the list goes on and on. Over 143 million records breached to date – an astounding figure! Since 2009, when the Office of Civil Rights “Wall of Shame” came into existence, there have been over 1,200 breaches of 500 records or more that have been reported.
By Art Gross – Now that the 2015 HIPAA Audits have begun, organizations are reevaluating their HIPAA compliance posture. This is a good thing being that an organization will have very little time to respond to pre-audit and audit inquiries from the Office of Civil Rights (OCR).
By Jonathan Krasner – There are a large number of potential attack vectors on any network. Medical devices on a healthcare network is certainly one of them. While medical devices represent a potential threat, it is important to keep in mind that the threat level posed by any given medical device should be determined by a Security Risk Assessment (SRA) and dealt with appropriately.