From HHS, this interesting press announcement: Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement under the Health Insurance Portability and Accountability Act (HIPAA) with Doctors’ Management Services, a Massachusetts medical management company that provides a variety of services, including medical billing and payor credentialing. The…
Category: HIPAA
OCR Releases Cybersecurity Video: How the HIPAA Security Rule Can Help Defend Against Cyber-Attacks
In recognition of National Cybersecurity Awareness Month, OCR has produced a new video this October for organizations covered under the HIPAA Rules on how the HIPAA Security Rule can help regulated entities defend against cyber-attacks. The video is available in English and Spanish. This presentation is intended to educate the health care industry on real…
October 31: OCR Webinar on The HIPAA Security Rule Risk Analysis Requirement
From HHS OCR: OCR Webinar on The HIPAA Security Rule Risk Analysis Requirement Threats and vulnerabilities to electronic protected health information (ePHI) in today’s healthcare environment are numerous and varied. ePHI is under constant threat from malicious insiders selling PHI for financial gain, sophisticated hackers seeking to compromise healthcare systems and blackmail them with ransomware,…
HIPAA requires employers to sanction employees who violate HIPAA. Did you know that?
From HHS’s October cybersecurity newsletter: Last year, the Department of Health and Human Services’ (HHS) Health Sector Cybersecurity Coordination Center (HC3) released a threat brief on the different types of social engineering1 that hackers use to gain access to healthcare information systems and data.2 The threat brief recommended several protective measures to combat social engineering, one of…
Inmediata settles multi-state litigation for $1.14 million; will improve data security and breach notification practices
Indiana Attorney General Rokita led a coalition of 33 attorneys general in a multi-state investigation and litigation against health care clearinghouse Imnediata stemming from a breach disclosed in 2019. Background In January 2019, HHS OCR alerted Inmediata that protected health information (PHI) maintained by Inmediata was available online and had been indexed by search engines….
OCR Presents: How the Security Rule Can Help Defend Against Cyber-Attacks
The HHS Office for Civil Rights (OCR) will be producing a pre-recorded webinar for HIPAA covered entities and business associates (collectively, “regulated entities”) discussing how the Security Rule can help regulated entities defend against cyber-attacks. The webinar will discuss real world cyber-attack trends from OCR breach reports and investigations and explore how implementation of appropriate…