New HHS Cybersecurity Preparedness Checklist

Carlton Fields

Carlton Fields

The Department of Health and Human Services’ Office of Civil Rights (OCR) recently published a checklist to guide HIPAA-covered entities and business associates through an appropriate response to a ransomware or cybersecurity incident (“Incident”), as follows:

  • respond to the Incident;
  • mitigate any impermissible disclosure of protected health information;
  • deploy contingency plans;
  • report any cybercrime(s) to the appropriate law enforcement agency (e.g., the Federal Bureau of Investigation, Secret Service, state or local law enforcement); and
  • report cyber-threats to applicable federal and information sharing and analysis organizations (ISAOs) (e.g., the Department of Homeland Security or the Health and Human Services Assistant Secretary for Preparedness and Response).

If a breach affecting 500 or more individuals occurs, the covered entity or business associate must report the breach to OCR as soon as possible, but no later than 60 days after it is discovered. If, instead, it is determined that no breach occurred, the HIPAA-covered entity or business associate must document how it made that determination, as well as retain this documentation and all information considered during the Incident’s risk assessment.

We recommend that all HIPAA-covered entities and business associates review their policies and procedures, and ensure they conform to the OCR checklist.

Image source: U.S. Department of Health & Human Services

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Carlton Fields | Attorney Advertising

Written by:

Carlton Fields

Carlton Fields on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.