New federal guidance that describes processes in the current round of HIPAA compliance audits - which could lay the foundation for future rounds of audits - illustrates the massive amount of documentation demanded for these "desk audits."
Healthcare, more than any other industry, is increasingly in the crosshairs of attackers who seek to cause business disruption through evolving attacks such as ransomware. It's inevitable, frankly, that the vast majority of healthcare organizations will be diagnosed with ransomware. How must they prepare? What...
A Congressional proposal that would allow HHS to offer technical assistance to private-sector efforts aimed at solving the problem of matching the right records to the right patient could pave the way for a significant breakthrough, says Lynne Thomas Gordon, CEO of AHIMA, which represents records professionals.
The nation's HIPAA enforcement agency has dramatically ramped up its issuance of breach-related financial penalties. In the ninth enforcement action of 2016, it slapped University of Mississippi Medical Center with a $2.75 million fine after a breach investigation revealed big security woes.
Mobile health applications, wearable fitness trackers and even social media sites are creating new privacy risks for health information because the data collected, shared and used falls outside the regulatory scope of HIPAA, says Lucia Savage of the Office of the National Coordinator for Health IT.
The federal agency that enforces HIPAA has been very busy lately, taking numerous steps to reiterate the importance of safeguarding patient data and stressing the need to prepare a breach response plan. But the agency still needs to improve transparency on breaches involving business associates.
Oregon Health & Science University says it has been slapped with a $2.7 million fine after HHS investigated two data breaches that affected a total of about 7,000 individuals. It's the eighth HIPAA-related settlement announced by HHS so far this year.
The Department of Health and Human Services' Office for Civil Rights has notified 167 covered entities they've been selected for remote "desk audits" of their HIPAA compliance. But the audits will focus on only a handful of requirements.
Most ransomware attacks result in a breach of protected health information that must be reported under HIPAA, according to newly released federal guidance for healthcare entities and business associates. But is the guidance clear enough?
Many healthcare organizations embark on cloud migrations
to achieve scalability, cost-efficiency, and higher application
performance. But migrating applications to the cloud can be a
complex process that requires careful planning and deliberation.
Maintaining HIPAA compliance and maximizing PHI security...
In the on-prem world, companies needed experts for each major area of IT provenance: hardware, networking, systems administration, security, operating systems, virtualization, workload balancing, data integration, data cleansing and quality, and then all the function-specific applications that drive everyday business...
The federal tally of major health data breaches shows that to-date in 2016, there have been more reported hacker incidents than during the first half of 2015. However, so far this year, those hacks appear to be affecting fewer individuals.
Members of Congress have sent a letter to federal regulators saying that because ransomware attacks are "different" from other breaches in the healthcare sector, there's a need for new recommendations in upcoming government guidance.
In the first HIPAA enforcement action against a business associate, federal regulators have smacked a nonprofit organization with a $650,000 penalty following an investigation into a 2014 security incident affecting just 412 patients.