News & Analysis as of

Security Risk Assessments Health Insurance Portability and Accountability Act

HHS Gets Agressive: HIPAA Audits from 2016

by Kiesewetter Law Firm on

HHS has become more aggressive with audits, and with increased penalties, covered entities and business associates simply cannot afford an audit on HIPAA rules and regulations. In March of 2016, HHS's Office for Civil Rights...more

More on HIPAA Audits for 2016 and 2017–Desk Audits and On-Site Audits

As part of the ongoing HHS OCR HIPAA audit initiative, it is conducting “HIPAA desk audits.” These audits don’t involve auditors coming in your facility. Instead, covered entities are being asked to submit documents on...more

HIPAA Compliance – Not Just an Issue for Health Care Providers

by Dechert LLP on

Many people believe that compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) is solely an issue for health care providers and their affiliates. However, nothing could be further from the...more

HIPAA Phase 2 Audits: What Has OCR Requested from Auditees to Date?

by Alston & Bird on

In our April 8, 2016, advisory, we discussed the U.S. Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) “Phase 2” audit program. Then, we could only make educated guesses about what documents OCR...more

HIPAA Compliance Is a Health Care Entity’s Secret Weapon in Preventing and Combating Ransomware Attacks

One of the fastest growing areas of cybercrime is ransomware. Ransomware is a type of malicious software that encrypts data and makes it inaccessible to authorized users. The hackers who orchestrate ransomware attacks demand...more

Boosts in Ransomware Attacks Spark Multiple Government Agency Responses

by Reed Smith on

Following a recent U.S. government interagency report indicating that, on average, there has been an alarming 300 percent spike in daily ransomware attacks since early 2016 as compared with 2015, the U.S. Department of Health...more

HHS: Ransomware Attacks Likely HIPAA Breaches In Absence of Encryption

On July 11, 2016, the U.S. Department of Health & Human Services (HHS) issued a Fact Sheet that provides guidance on (i) how HIPAA Security Rule compliance can assist health care organizations combat ransomware attacks, and...more

OCR Begins HIPAA Phase 2 Audits

by Morgan Lewis on

What covered entities and business associates can do to prepare for the next round of audits. On July 11, the HIPAA Phase 2 audits commenced when 167 covered entities received notice of a desk audit from the Department...more

“Your Money or Your PHI”: OCR Releases Guidance on Ransomware

On July 11, 2016, the Office for Civil Rights (OCR) released important new guidance on ransomware for hospitals and other healthcare providers and finally addressed the question of whether electronic protected health...more

Business Associate Settles HIPAA Investigation for $650,000

by Lathrop Gage on

The U.S. Office for Civil Rights (OCR), the agency responsible for enforcing the HIPAA Privacy and Security rules, has just sent a strong message that business associates are not immune from scrutiny. On June 24, 2016, in a...more

HIPAA and Text Messaging

by LeClairRyan on

Text messaging is pervasive. Doctors and other health care providers, covered entities, and business associates currently use (and embrace) the technology. Texting is easy, fast and efficient. It doesn’t require a laptop...more

Data-Harvesting Zombie Hackers, Blood-Thirsty Auditors, and Other Reasons to be Scared on Halloween

This Halloween, the scariest monsters might not be in your closet or under your bed. They may be overseas, orchestrating intrusions into your electronic medical record. Or they may be lurking in your own workforce, carrying...more

Privacy, Security, Risk: What You Missed At IAPP Conference

by Orrick - Trust Anchor on

Earlier this month, privacy and security professionals from around the globe gathered for “Privacy. Security. Risk. 2015”—the second joint conference between the International Association of Privacy Professionals and the...more

HIPAA Fine Underscores OCR’s Focus on Physician Group Compliance

by BakerHostetler on

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced a $750,000 fine and resolution agreement, including a Corrective Action Plan (CAP), for Cancer Care Group, P.C. (CCG), a...more

Is Your HIPAA Compliance Program Ready for the FTC?

Everyone in healthcare knows that the next round of HIPAA audits is coming. Covered entities and business associates have long been advised to review and update their HIPAA security risk analyses, have business associate...more

Cure of Security Rule Violations Following Breach of EPHI Cannot Save Covered Entities from $750,000 Settlement; Non-Breach...

by Reed Smith on

More than three years after the Cancer Care Group, P.C. (“CCG”) notified the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) of a breach of unsecured electronic protected health...more

Back to School – HIPAA 101

After a summer that saw major data breaches at the Office of Personnel Management and UCLA Health System, this fall is a great time to take your organization back to school on HIPAA compliance and data security. Here are...more

OCR Enforcement Trends

by McDermott Will & Emery on

On April 27, 2015, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a resolution agreement with Cornell Prescription Pharmacy (CPP) pursuant to which CPP paid a $125,000...more

ONC Releases Privacy and Security Guidance Geared Toward Small Providers

The HHS Office of the National Coordinator for Health Information Technology (“ONC”) recently released a new and improved version 2.0 of their Guide to Privacy and Security of Electronic Health Information. This revamped...more

HHS releases new software for updating (but not replacing) HIPAA security risk assessment toolkits

Last week, the Department of Health and Human Services (HHS) released a new, free, downloadable tool to assist small and medium-size health care provider offices to conduct security risk assessments (SRA)....more

New HIPAA Tool Released by the Federal Government – Makes Assessing Risks Easier and It Won’t Cost You a Dime

Do you lie awake at night wondering if you or the health care entity for which you work is complying with the Health Insurance Portability and Accountability Act (“HIPAA”)? If so, you will be happy to hear that a good night’s...more

Hot Off the Press: Tool to Help Providers Conduct Security Risk Assessments

by DLA Piper on

What’s Happening? The Office of the National Coordinator for Health Information Technology (ONC), in collaboration with the HHS Office for Civil Rights (OCR), recently released a jointly developed tool designed to assist...more

22 Results
|
View per page
Page: of 1
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.