By Matt Fisher – Prior to the changeover of the administration, the HHS Office for Civil Rights went on a bit of a HIPAA settlement bender. The fast pace of announced settlements felt a bit like a clearing of the decks. The various settlements continued recent trends around the issues being selected by OCR for settlement along with the still random amount of settlements.
Read More
By Matt Fisher – On January 6, 2025, the Department of Health and Human Services officially published a notice of proposed rulemaking to modify and update the HIPAA Security Rule. The timing of the proposed rule leaves any sort of immediate action with a lot of uncertainty (changing administrations bring changing priorities and delays).
By Matt Fisher – Recently the OCR announced another settlement stemming from a ransomware attack. The settlement is just the latest one imposed by OCR stemming from a cyberattack. It may feel like rubbing salt in a wound, but the details behind the settlement (at least the minimum ones available) provide a little bit more insight.
By Matt Fisher – When will a healthcare organization suffer its first or next cyberattack? The phrasing of that question is intentional because reality has certainly moved into the “it’s a matter of when” phase and the “if” option is gone. Given that an attack needs to be expected, what is occurring to enable a ready to go response?
By Art Gross – The OCR is preparing to launch a new round of audits in 2024 to assess compliance with the HIPAA Security Rule across the healthcare sector. After long delays, HIPAA-regulated entities can expect increased scrutiny on their security practices and risk management programs.
By Art Gross – While HIPAA is all about protecting patient privacy, the Privacy Rule is just one of five areas of regulation. When it comes to annual requirements, the other heavy hitter is the Security Rule, which focuses on securing technology.
By Matt Fisher – The latest volley in the tracking technology saga has now been sent up by the New York Attorney General. Specifically, the New York AG and New York Presbyterian, which is a large academic medical center system in New York, settled allegations about privacy violations stemming from NYP’s use of tracking tools.
By Matt Fisher – Part of our Cybersecurity Awareness Month. Security must become more of an essential feature in healthcare. The risk of an attack is ever present and pretty much a guarantee at this point. If an organization has not revealed an attack it either has not detected the intrusion yet or is trying to avoid a negative spotlight by keeping information in the background.
By Art Gross – Part of our Cybersecurity Awareness Month. In a world where health records are considered 50 times more valuable than credit card information on the dark web, the OCR’s basic requirements are no longer sufficient on their own. Covered entities and business associates need comprehensive solutions and cybersecurity training to avoid data breaches and safeguard their patient data.