News & Analysis as of

Protected Health Information Office of Civil Rights

"Breaking Bad" News: Sharing PHI During Opioid Crisis

by Baker Ober Health Law on

In response to President Trump's declaration of the opioid crisis as a public health emergency, the Office for Civil Rights (OCR) released guidance intended to educate health care providers on how they can respond to requests...more

Healthcare Data Breaches Continue but Fell in October

The news about data breaches always seems to be dire lately. Some good news: data breaches in the healthcare industry were lower in October than in September, based upon reportable data breaches to the Office for Civil Rights...more

Lessons To Be Learned From The Breach Of Nearly 500,000 Individual Health Records Reported In September 2017

by Jackson Lewis P.C. on

A recent report indicates that nearly 500,000 individual health records were breached in September 2017. This figure is taken from the 39 healthcare data breaches involving more than 500 records that were reported to the...more

OCR Clarifies Privacy Rule for Sharing PHI on Opioid Overdoses

In the wake of the national opioid overdose crisis, the Office for Civil Rights (OCR) has provided clarification on when covered entities are permitted to disclose patient information during opioid emergencies....more

Latest OCR Cybersecurity Newsletter Tackles Mobile Devices

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) released its October Cybersecurity Newsletter last week with a focus on mobile devices. Given the amount of work conducted on mobile devices...more

HIPAA Check: Do You Know What to Do if a Breach Happens to You?

by Williams Mullen on

Breaches happen. They happen to major health systems, and they happen to solo practitioners. They happen to health plans, and they happen to health information technology vendors. In our technology-reliant world, it would be...more

Balancing Convenience and Risk: OCR Issues Statement on Use of Mobile Devices

by McGuireWoods LLP on

The U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) recently issued guidance emphasizing the increased risks of using mobile devices in the workplace when the mobile devices contain or have...more

OCR Notified of Patient Records Stored in Psychiatrist’s Basement

Paper records continue to be problematic. An Illinois psychiatrist reported to the Office for Civil Rights (OCR) that the medical records of 10,500 patients were stored in the basement of a house that he rented to an...more

Health Care E-Note - October 2017

by Burr & Forman on

Health care providers are constantly receiving requests for copies of patient medical records. Some requests come by way of the patient exercising his/her right to access his/her medical records, some come by way of patient...more

ALERT: Prepare to be Ransomed: A Primer on Legal Obligations Before and After Ransomware Strikes

by Pullman & Comley, LLC on

According to a recent U.S. Government Interagency report, ransomware is the fastest growing malware threat, targeting users of all types. An incredible 51 percent of respondents in a January 2017 study by the Ponemon...more

Data Privacy + Cybersecurity Insider - October 2017 #4

by Robinson & Cole LLP on

Energy and Critical Infrastructure Industries Warned of Increased Attacks by FBI and DHS - The FBI and Department of Homeland Security issued a joint statement on October 20, 2017 warning of an increased danger of a...more

Building a Health App? Part 6: HIPAA and Other Privacy and Security Considerations

Consumers are increasingly turning to health apps for a variety of medical and wellness-related purposes. This has in turn caused greater amounts of data—including highly sensitive information—to flow through these apps....more

At least 473,074 Individuals’ Health Care Records Breached in September 2018

Unfortunately, September was another banner month for data breaches involving the health care industry. According to the Office for Civil Rights (OCR) website, 39 data breaches involving over 500 records were reported to the...more

Business Associate Resold Fax Machine Containing PHI

Fax machines are still used in the medical community, and these days, faxing may be more secure than emailing as hackers have not yet cracked the task of hacking into old fax machines. All kidding aside, fax machines have...more

HIPAA Disclosures During Mass Tragedies

by Burr & Forman on

In light of the recent incident in Las Vegas, the Office of Civil Rights (“OCR”), the government entity responsible for HIPAA Compliance, issued clarification guidance on the ability of a health care provider to share...more

Second Largest Business Associate Breach in 2017

Cornerstone Business & Management Solutions, a medical supply company located in Nebraska, has notified 21,856 individuals and the Office for Civil Rights that while performing a routine review of system logs, it discovered a...more

Where is your PHI Data Traveling Today?

by Dickinson Wright on

With most vendors offering and pushing cloud computing solutions and offsite data backup, or guaranteeing offsite backup of data they process for you, many HIPAA covered entities and business associates are questioning...more

Recent Events Increase the Importance of HIPAA Risk Analyses and HIPAA Policies

Recent events highlight the fact that threats to customer and patient data continue to increase. In recent months, government agencies, news outlets, and others have spent considerable time investigating and reporting on...more

Another Key to HIPAA Compliance – Have Policies and Procedures and Implement Them, Too

by Williams Mullen on

On this blog, we have discussed the criticality of risk analyses – the assessment required by the Security Rule of the “risks and vulnerabilities” that an organization faces with respect to all of its electronic protected...more

Attempting To Avoid The High Cost Of A Reported HIPAA Breach

by Dickinson Wright on

Preventing unintended or unauthorized disclosure of protected health information is an ever-present goal of all covered entities and business associates. However, protective firewalls and electronic data security measures are...more

What is the HIPAA Complaint Process?

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) is responsible for enforcing the HIPAA Privacy and Security Rules. Any person who believes that a covered entity or business associate is not...more

Health Care E-Note - July 2017

by Burr & Forman on

Everywhere you look these days, there seems to be another report of a cyberattack -- attacks which do not discriminate based on industry type, size of business, or impact. In other words, everyone is vulnerable. In fact, the...more

HIPAA in the Age of Ransomware

According to a recent US Government Interagency report, ransomware is the fastest growing malware threat, targeting users of all types, including health care facilities. This past spring, for example, the WannaCry ransomware...more

Increased Focus on Health Care Cybersecurity: HHS Releases Long-Awaited Report and Cyber Attack Quick-Response Checklist

by McGuireWoods LLP on

The U.S. Department of Health & Human Services (HHS) issued a recent report noting that cybersecurity is a key public health concern that needs “immediate and aggressive attention.” Shortly thereafter, HHS’ Office for Civil...more

Healthcare Business Associates

by Bryan Cave on

The Health Information Technology for Economic and Clinical Health (“HITECH”) Act modified the Health Insurance Portability and Accountability Act (“HIPAA”) by expanding the definition of Business Associates (“BA”) and their...more

458 Results
|
View per page
Page: of 19
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.