What do ransomware, Yelp, and website tracking technologies all have in common? They are troubling areas of concern for HIPAA covered entities and business associates, according to one official from the federal Office for Civil Rights (OCR) which enforces the HIPAA privacy and security rules. Recently, the Executive Editor of Information Security Media Group’s (ISMG’s)
Office for Civil Rights
ChatGPT and HIPAA, Caution is Needed, Even ChatGPT Says So!
Recently, things may have sped up a little in your doctor’s office. The notes for your recent visit may have been organized and filed a little more quickly. You might have received assistance sooner than expected with a physician letter to your carrier concerning a claim. You also may have received copies of those medical…
HHS and FTC Send Joint Letter to 130 Hospital Systems, Telehealth Providers Re: Tracking Technologies
The Department of Health and Human Services and the Federal Trade Commission have sent a joint letter to approximately 130 hospital systems and telehealth providers to emphasize the risks and concerns about the use of technologies, such as the Meta/Facebook pixel and Google Analytics, that can track a user’s online activities. Read more.
OCR Reminds Healthcare Providers and Their Business Associates – You Need an Incident Response Plan!
October is National Cybersecurity Awareness month, and the HHS Office for Civil Rights (OCR) has provided a timely reminder for HIPAA covered entities and business associates to have a written incident response plan! To learn why another policy is needed, what an incident response plan needs to include, and the reporting obligations, read the…
OCR HIPAA Guidance For Getting PHI of COVID-19 Exposed Individuals to First Responders
With first responders on the front lines of helping to fight the coronavirus, sharing information about potential exposure to COVID-19 is critical to protecting them and preventing further spread. In these situations, the information shared is most often “protected health information” (PHI) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule.…
OCR Recognizes Insider Threats to HIPAA PHI, You Should Too
As we have observed here, news reports of security risks, hackings and breaches caused by individuals, terror groups or even countries around the world certainly are important and can be unsettling. But, for many organizations, including healthcare providers and business associates, a significant and perhaps more immediate area of data risk is malicious insiders.…
A Trio of OCR HIPAA Breach Resolutions: Is Your Organization HIPAA Compliant?
Over the past thirty days, the Office for Civil Rights (OCR) has reached three HIPAA breach resolutions, signaling to organizations that are covered entities and business associates under HIPAA, the importance of instituting basic best practices for data breach prevention and response. Our colleagues in the Workplace Privacy, Data Management & Security practice group discusses…