By Matt Fisher – After promising to provide guidance and insight for a breaking issue, the OCR came out with ransomware guidance under HIPAA. One major issue for debate was whether a ransomware attack constitutes a HIPAA breach. The guidance provides insight into where OCR is coming from and what it expects the industry to do in response to a ransomware attack.
Read More
By Bob Grant – A former respiratory therapist was convicted of wrongly accessing individually identifiable health information by a federal jury on June 23 of this year. The charges claimed that the therapist was using the information to seek, obtain, or use intravenous drugs.
By Jonathan Krasner – Back in March, we reported that OCR had announced its Phase 2 Audit Program. OCR stated that they would compile a database of both Covered Entities and Business Associates to form the basis of the pool of organizations potentially targeted for audit. They have followed up on their intentions and in the last week organizations have started to receive contact emails from OCR.
By Matt Fisher – Potentially lost in the week leading up to the July 4th holiday weekend, the OCR announced its latest HIPAA related breach settlement. The settlement is one of the first directed at a business associate and serves as a pointed reminder that business associates may be directly liable for the breaches that they may cause.
By Bob Grant – The Obama administration submitted its budget proposal for fiscal-year 2017. The OCR Budget in Brief details the increased budget–$1.15 trillion of which is allotted for HHS. $43 million of these funds will go to the Office for Civil Rights, and $82 million will go to the ONC.
By Bob Grant – The HHS Office for Civil Rights released an updated Audit Protocol that it plans to use while investigating health care entities for HIPAA compliance. The biggest change to the audit protocol is the distinction that OCR has made between what’s required of Business Associates and Covered Entities.
By Bob Grant – The HHS Office for Civil Rights announced that NY Presbyterian Hospital would be required to pay a $2.2M settlement after the “egregious disclosure” of two patients’ protected health information. NYP allowed an ABC film crew and staff from the show “NY Med” to film two patients, one of whom was dying, and another experiencing serious distress.
By Matt Fisher – Mobile apps are a topic of frequent discussion in the healthcare field these days. Questions include what regulatory requirements apply, are the apps trustworthy, is information kept safe and secure, and others. The question of what regulations apply in particular leaves many confused and uncertain as to what needs to be done.
By Bob Grant – In the past 90 days, there have been five separate instances of hospitals in the US and Canada being hit by ransomware attacks. The most recent of these instances affected MedStar Health, which is the largest health care provider throughout the Maryland and Washington, D.C. area.