By Lisa Eramo – In the coming months, physician practices may find themselves thrust into the HIPAA spotlight thanks to an Office for Civil Rights’ email announcement in August that it would soon target data breaches affecting fewer than 500 individuals.
Read More
By Chris Apgar – The Office of Civil Rights is in the midst of the latest round of HIPAA audits. If your organization is a business associate (BA) or a covered entity (CE) and it’s not already prepared, you have a challenge facing you.
By Jim Johnson – With the first round of HIPPA Audits behind us, the Office of Civil Rights indicated back in March that it would finally launch the long-awaited round 2 of HIPAA audits in 2016.
By David Harlow – The latest OCR HIPAA guidance on cloud computing will probably not satisfy those who keep calling for an overhaul of HIPAA because it dates from an era when health records were kept on cuneiform tablets.
By Matt Fisher – The HIPAA spotlight is beginning to shine brightly on business associates. Covered entities have long had their time to star, so it is only fair to share the stage now. It is likely that covered entities are only too happy to have the Office for Civil Rights and others focus attention on business associates with all the consequences that come with such attention.
By Mike Semel – The Office for Civil Rights announced that the new permanent audit program has started. On July 11 letters were sent BY E-MAIL (check your junk mail folders!) to 167 health plans, health care providers, and health care clearing houses (all HIPAA Covered Entities) notifying them that they have to send in documentation for a ‘desk audit.’ They will have 10 days to send in the required materials for review.
By Matt Fisher – After promising to provide guidance and insight for a breaking issue, the OCR came out with ransomware guidance under HIPAA. One major issue for debate was whether a ransomware attack constitutes a HIPAA breach. The guidance provides insight into where OCR is coming from and what it expects the industry to do in response to a ransomware attack.
By Bob Grant – A former respiratory therapist was convicted of wrongly accessing individually identifiable health information by a federal jury on June 23 of this year. The charges claimed that the therapist was using the information to seek, obtain, or use intravenous drugs.
By Jonathan Krasner – Back in March, we reported that OCR had announced its Phase 2 Audit Program. OCR stated that they would compile a database of both Covered Entities and Business Associates to form the basis of the pool of organizations potentially targeted for audit. They have followed up on their intentions and in the last week organizations have started to receive contact emails from OCR.