By Art Gross – In a cruel twist of fate, health care entities are being phished using an OCR (HHS Office of Civil Rights) email as the bait. Here is the context: HHS/OCR is the governmental entity in charge of enforcing the HIPAA statutes.
Read More
By Matt Fisher – When it comes to HIPAA compliance, no stone can be left unturned. The most recent HIPAA settlement announced by the OCR continues the trend of using settlement agreements to highlight specific areas of HIPAA for compliance.
By Lisa Eramo – In the coming months, physician practices may find themselves thrust into the HIPAA spotlight thanks to an Office for Civil Rights’ email announcement in August that it would soon target data breaches affecting fewer than 500 individuals.
By Chris Apgar – The Office of Civil Rights is in the midst of the latest round of HIPAA audits. If your organization is a business associate (BA) or a covered entity (CE) and it’s not already prepared, you have a challenge facing you.
By Jim Johnson – With the first round of HIPPA Audits behind us, the Office of Civil Rights indicated back in March that it would finally launch the long-awaited round 2 of HIPAA audits in 2016.
By David Harlow – The latest OCR HIPAA guidance on cloud computing will probably not satisfy those who keep calling for an overhaul of HIPAA because it dates from an era when health records were kept on cuneiform tablets.
By Matt Fisher – The HIPAA spotlight is beginning to shine brightly on business associates. Covered entities have long had their time to star, so it is only fair to share the stage now. It is likely that covered entities are only too happy to have the Office for Civil Rights and others focus attention on business associates with all the consequences that come with such attention.
By Mike Semel – The Office for Civil Rights announced that the new permanent audit program has started. On July 11 letters were sent BY E-MAIL (check your junk mail folders!) to 167 health plans, health care providers, and health care clearing houses (all HIPAA Covered Entities) notifying them that they have to send in documentation for a ‘desk audit.’ They will have 10 days to send in the required materials for review.
By Matt Fisher – After promising to provide guidance and insight for a breaking issue, the OCR came out with ransomware guidance under HIPAA. One major issue for debate was whether a ransomware attack constitutes a HIPAA breach. The guidance provides insight into where OCR is coming from and what it expects the industry to do in response to a ransomware attack.