By Matt Fisher – The Office for Civil Rights announced a $750,000 settlement with Raleigh Orthopaedic Clinic, P.A. of NC on 4/20/16, resulting from a breach involving an “undocumented” business associate. The settlement comes only weeks before desk audits are expected to begin and focuses on a perceived area of weakness, BA agreements.
Read More
By Bob Grant – As of March 22, 2016, the Office for Civil Rights (OCR) has officially begun their Phase 2 HIPAA Privacy, Security, and Breach Notification Audit Program. This announcement comes after months of speculation and preparation for the eventual roll-out of this new program. Luckily, with Compliancy Group you won’t have to go it alone.
By Jonathan Krasner – Although HIPAA is an important set of laws passed to protect the sensitive medical information handled by millions of covered entities and business associates, HHS Office for Civil Rights has never established a permanent compliance audit program.
By Matt Fisher – It has been a frequent message that the Office for Civil Rights (OCR) at the federal Department of Health and Human Services (HHS) has been providing numerous HIPAA lessons over the past few years through settlement announcements.
By Matt Fisher – The Office for Civil Rights (OCR) at the Department of Health and Human Services, the Office of the National Coordinator of HealthIT (ONC) and others are becoming prolific in the amount of HIPAA guidance being issued.
By Matt Fisher – The OCR at the Department of Health and Human Services sent out an email on February 2, 2016 to announce the launch of a cyber-awareness for the healthcare industry. OCR recognizes the danger faced by healthcare from an array of bad actors and the need to spread information.
By Steve Spearman – Once upon a time, all a healthcare organization needed to do to ensure that its vendors and subcontractors would keep data secure was to require it in their contractual agreement. However OCR’s recent efforts to strengthen what it believes could be the weakest link in HIPAA compliance and PHI security: vendors and subcontractors.
Last month Congress passed a cybersecurity bill as part of the 2016 Omnibus budget. The bill formalizes the information sharing process among industry and government and recognizes the importance of a healthcare industry specific cybersecurity approach.
By Matt Fisher – The annual OIG Work Plan was published on November 2nd. The Work Plan each year identifies what the Office of the Inspector General of the Department of Health and Human Services will review and provides insight into what the OIG contemplates as risk areas.