By Matt Fisher – It has been a frequent message that the Office for Civil Rights (OCR) at the federal Department of Health and Human Services (HHS) has been providing numerous HIPAA lessons over the past few years through settlement announcements.
Read More
By Matt Fisher – The Office for Civil Rights (OCR) at the Department of Health and Human Services, the Office of the National Coordinator of HealthIT (ONC) and others are becoming prolific in the amount of HIPAA guidance being issued.
By Matt Fisher – The OCR at the Department of Health and Human Services sent out an email on February 2, 2016 to announce the launch of a cyber-awareness for the healthcare industry. OCR recognizes the danger faced by healthcare from an array of bad actors and the need to spread information.
By Steve Spearman – Once upon a time, all a healthcare organization needed to do to ensure that its vendors and subcontractors would keep data secure was to require it in their contractual agreement. However OCR’s recent efforts to strengthen what it believes could be the weakest link in HIPAA compliance and PHI security: vendors and subcontractors.
Last month Congress passed a cybersecurity bill as part of the 2016 Omnibus budget. The bill formalizes the information sharing process among industry and government and recognizes the importance of a healthcare industry specific cybersecurity approach.
By Matt Fisher – The annual OIG Work Plan was published on November 2nd. The Work Plan each year identifies what the Office of the Inspector General of the Department of Health and Human Services will review and provides insight into what the OIG contemplates as risk areas.
By Frank Sivilli – The Office of Inspector General of the U.S. Department of Health and Human Services released two reports last week urging the Office of Civil Rights (OCR) to retool its HIPAA enforcement efforts by the start of 2016.
By Art Gross – The Department of Health and Human Services Office of Inspector General has issued a report that is critical of the Office for Civil Rights. OIG concluded that OCR is not fulfilling its responsibility to enforce HIPAA regulations that safeguard protected health information (PHI) and to ensure that organizations protect patient’s privacy.
By Steve Spearman – Last week, in Washington, D.C., NIST and OCR held their 8th annual Safeguarding Health Information: Building Assurance through HIPAA Security seminar. Here are some of the major takeaways and big announcements that came out of that conference.