Last month Congress passed a cybersecurity bill as part of the 2016 Omnibus budget. The bill formalizes the information sharing process among industry and government and recognizes the importance of a healthcare industry specific cybersecurity approach.
Read More
By Matt Fisher – The annual OIG Work Plan was published on November 2nd. The Work Plan each year identifies what the Office of the Inspector General of the Department of Health and Human Services will review and provides insight into what the OIG contemplates as risk areas.
By Frank Sivilli – The Office of Inspector General of the U.S. Department of Health and Human Services released two reports last week urging the Office of Civil Rights (OCR) to retool its HIPAA enforcement efforts by the start of 2016.
By Art Gross – The Department of Health and Human Services Office of Inspector General has issued a report that is critical of the Office for Civil Rights. OIG concluded that OCR is not fulfilling its responsibility to enforce HIPAA regulations that safeguard protected health information (PHI) and to ensure that organizations protect patient’s privacy.
By Steve Spearman – Last week, in Washington, D.C., NIST and OCR held their 8th annual Safeguarding Health Information: Building Assurance through HIPAA Security seminar. Here are some of the major takeaways and big announcements that came out of that conference.
By Matt Fisher – After waiting with bated breath for almost a year, the day when full scale HIPPA audits will start is almost here. During a keynote address the the HIPAA Security Conference co-hosted by the HHS Office for Civil Rights and the National Institute of Standards and Technology (“NIST”), OCR Director Jocelyn Samuels revealed that the day when audits will start is getting closer.
By Art Gross – On September 2, 2015 The HHS Office of Civil Rights (OCR) issued a press release announcing a $750,000 HIPAA settlement with Cancer Care Group, P.C. This large fine offers some very important lessons. Let’s take a closer look:
By Mike Semel – Once you become aware of a HIPAA data breach it is not a good idea to sweep it under the rug, especially when that is breaking the law and anyone who finds out can report you. Just because they are free and easy doesn’t mean you should use just any Internet file sharing service for storing patient information.
By Matt Fisher – A recent settlement announcement from the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) highlights the need to evaluate web-based applications and storage solutions. Web-based or cloud solutions are viable options and tools for healthcare entities to utilize, but those tools need to evaluated for compliance with HIPAA security requirements.