The Office for Civil Rights (OCR) announced on Monday, November 28, 2016, that is was a victim of a sneaky phishing episode. And OCR published a clarification on Wednesday, November 30, 2016. The phishing email disguises itself as an official communication from OCR. It directs recipients to a non-governmental website... more
The Internet has now been around for 40 years, with email as a core application. The Internet is used in many enterprises to enable computer networking and facilitate electronic communications. In the early years, the security of email communication was not an issue, but it surely is now! The use... more
In early October 2016, the Office for Civil Rights (OCR) published an extensive guidance document on Cloud Computing that takes the form mostly of FAQs at http://www.hhs.gov/hipaa/for-professionals/special-topics/cloud-computing/index.html. Basically, it states that that covered entities (CEs) and business associates (BAs) must protect and secure protected health information no matter where it... more
The Office for Civil Rights (OCR) guidance: “FACT SHEET: Ransomware and HIPAA”[1] defines ransomware as: “Ransomware is a type of malware (malicious software) distinct from other malware; its defining characteristic is that it attempts to deny access to a user’s data, usually by encrypting the data with a key known... more
The Office of Civil Rights’ (OCR) second round of audits began on Monday, July 11, 2016, when selected covered entities received email notification letters on that day. The letter asks for a response within 14 days from the date on the letter (July 25, 2016) confirming your organization’s email information... more
Cybersecurity insurance is an insurance policy that is designed to help with the losses from a variety of cyber incidents, such as data breaches, business interruption or network damage. Each cybersecurity insurance policy, while similar to another policy, is never exactly the same as other insurance policies. Cybersecurity insurance is... more
OCR’s interest in Business Associates is not new but they are much more active in this area lately. For example, Business Associates: Are directly responsible for their own security incidents and all HIPAA breaches per the HITECH Act; Will be audited by OCR per the HITECH Act; Are the subject... more
The HIPAA Security Rule at 45 CFR 164.308(a)(1)(ii)(A) Risk Analysis requires a covered entity or business associate to “Conduct an accurate and through assessment of the potential risks an vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.” In... more
Phase 2 of the proactive HIPAA Audits mandated by the HITECH Act of 2009 began in earnest in March 2016, when OCR sent out emails to survey a number of covered entities. The thumbnail sketch of the new audits includes the following information: 200 covered entities will be audited by... more
As you may know, there are more than a few federal agencies that impact HIPAA and its compliance. Two or the most important are the Office for Civil Rights, known by its acronym OCR, and The Office of the National Coordinator, its acronym is ONC. OCR writes and enforces the... more
© 2023 Litmos US, L.P. and affiliates. All rights reserved.
