Matthew Fisher

What to Do with Health Data

By Matt Fisher – A Shakespearean Tangle: The current state of medical data is very complicated. The amount of medical data being created is exploding all of the time. The explosion is being facilitated by the always increasing number of ways of creating it and a broadening array of people or entities how want access to it.


Health IT and the OIG Work Plan

By Matt Fisher – The annual OIG Work Plan was published on November 2nd. The Work Plan each year identifies what the Office of the Inspector General of the Department of Health and Human Services will review and provides insight into what the OIG contemplates as risk areas.



Compliance With HIPAA Privacy Rule Spotty

By Matt Fisher – The Office of the Inspector General HHS recently released the review results from its assessment of the Office for Civil Rights oversight of the HIPAA Compliance Rule. Not too surprisingly, the OIG found weaknesses in the way in which OCR oversees compliance with the HIPAA Privacy Rule.


The Auditors Are Coming, The Auditors Are Coming!!

By Matt Fisher – After waiting with bated breath for almost a year, the day when full scale HIPPA audits will start is almost here. During a keynote address the the HIPAA Security Conference co-hosted by the HHS Office for Civil Rights and the National Institute of Standards and Technology (“NIST”), OCR Director Jocelyn Samuels revealed that the day when audits will start is getting closer.


Breaches, Breaches, Everywhere

By Matt Fisher – It often seems as though a day does not go by without the report of a new breach of healthcare data. Examples of breaches include loss of unencrypted devices (whether laptops, flash drives or other devices), usage of non-secure services, inattention to paper records, employee snooping, and more.


When a Breach Isn’t a Breach

By Matt Fisher – A hospital in Arkansas recently learned the lesson of the nuances contained within the HIPAA Privacy Rule. There are many uses and disclosures identified in the Privacy Rule that permit actions that would otherwise appear to be a breach.


The Cloud is Good, But Know Where Data Go

By Matt Fisher – A recent settlement announcement from the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) highlights the need to evaluate web-based applications and storage solutions. Web-based or cloud solutions are viable options and tools for healthcare entities to utilize, but those tools need to evaluated for compliance with HIPAA security requirements.