The Department of Health and Human Services' Office for Civil Rights has notified 167 covered entities they've been selected for remote "desk audits" of their HIPAA compliance. But the audits will focus on only a handful of requirements.
Most ransomware attacks result in a breach of protected health information that must be reported under HIPAA, according to newly released federal guidance for healthcare entities and business associates. But is the guidance clear enough?
In the on-prem world, companies needed experts for each major area of IT provenance: hardware, networking, systems administration, security, operating systems, virtualization, workload balancing, data integration, data cleansing and quality, and then all the function-specific applications that drive everyday business...
In a rare criminal case involving a HIPAA violation, a former respiratory therapist in Ohio has been convicted of wrongly obtaining individually identifiable protected health information.
The FDA is reviewing comments on its proposed cybersecurity guidance for medical devices, including suggestions that it should beef up the guidance with more details. Meanwhile, the agency has issued new proposed guidance clarifying that manufacturers can share device-generated information with patients.
In the aftermath of the massacre at an Orlando nightclub, confusion emerged over whether the Obama administration had issued a waiver to suspend certain privacy provisions of HIPAA to ease communication between clinicians caring for the injured and those patients' families. Learn why the waiver wasn't necessary.
While awaiting new guidance from the HHS Office for Civil Rights, healthcare organizations can take several steps to help determine whether a ransomware attack is a reportable breach under HIPAA, says compliance attorney Betsy Hodge.
HIPAA has long provided patients with the right to access their own "designated record set" of protected health information. But federal regulators are on a campaign to help patients and healthcare organizations understand records access rights, as well as the related privacy risks.
Organizations chosen for remote "desk audits" of their HIPAA compliance, which will begin this summer, need to be prepared to quickly provide supporting documentation, Deven McGraw, deputy director of health information privacy at the HHS Office for Civil Rights, explains this in-depth audio interview.
Achieving HIPAA compliance is a journey, not a destination. The regulatory landscape is constantly changing, resources are stretched beyond capacity, disparate systems make it difficult to assess and remediate gaps, and the sophistication of cybercriminals is accelerating faster than most healthcare organizations can...
Federal regulators are reminding healthcare organizations about the urgency of having plans in place to manage security issues, including data breaches, involving their business associates. The guidance is important, security experts say, because about one-fifth of major health data breaches have involved BAs.
Proposed new federal regulations would end the HITECH Act electronic health records "meaningful use" incentive program for physicians treating Medicare patients and replace it with a simplified program as part of a sweeping payment revamp. What impact would the Medicare change have on data security requirements?
A former pharmaceutical company manager faces sentencing in July after pleading guilty to criminal HIPAA violations for his part in a complex fraud scheme involving drug maker Warner Chilcott. Why are criminal HIPAA cases so rare?
MedStar is but the latest healthcare entity to fall victim to a ransomware attack. What can organizations do proactively to improve their ransomware defenses and response? PhishMe CEO Rohyt Belani offers insight.
It's no surprise that healthcare entities are being targeted, Belani says - and not just by ransomware,...
Federal regulators have quietly released an updated, extremely detailed protocol for use in phase two of HIPAA compliance audits of covered entities and business associates later this year. Experts say the protocol also can be a helpful tool in self-assessing compliance as well as security strategies.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.