An SRA is a requirement under the HIPAA Security Rule, which directs covered entities and business associates to conduct a thorough and accurate assessment on the risks and vulnerabilities to ePHI. Join us and register for this event to learn more.
By Matt Fisher – At some point in time most group practices, hospitals or other provider organizations will receive a letter from the OCR. The letter will state that OCR received a complaint from a patient, employee or some other party with knowledge or information as to alleged acts at the healthcare organization.
By Matt Fisher – The Breach Barometer published monthly through the joint effort of Protenus and Databreaches.net provides a fair amount of insight into data breach happenings.
By Matt Fisher – A healthcare organization compare a number of vendors, product features and gets close to choosing one. Just before making the ultimate decision, someone asks, what about HIPAA?
By Art Gross – In a cruel twist of fate, health care entities are being phished using an OCR (HHS Office of Civil Rights) email as the bait. Here is the context: HHS/OCR is the governmental entity in charge of enforcing the HIPAA statutes.
By Ebony Brice & Nick Heesters – As we mark National Cyber Security Awareness Month, the ONC and the HHS Office for Civil Rights have jointly launched an updated their HIPAA Security Risk Assessment Tool.
By Mike Semel – The Office for Civil Rights announced that the new permanent audit program has started. On July 11 letters were sent BY E-MAIL (check your junk mail folders!) to 167 health plans, health care providers, and health care clearing houses (all HIPAA Covered Entities) notifying them that they have to send in documentation for a ‘desk audit.’ They will have 10 days to send in the required materials for review.
By Art Gross – On September 2, 2015 The HHS Office of Civil Rights (OCR) issued a press release announcing a $750,000 HIPAA settlement with Cancer Care Group, P.C. This large fine offers some very important lessons. Let’s take a closer look:
By Matt Fisher – The rapid adoption of electronic health records (“EHR”) and other new technology in healthcare has resulted in the introduction of serious security threats. Numerous stories and reports have made it clear that hackers, criminals and others view the healthcare industry as a ripe target due to security vulnerabilities. This issue is exacerbated by the high value placed upon medical records in the black market.
By Mike Semel – When we think Cyber-Security we logically think about technology tools to block North Korean or Chinese hackers from breaking into our networks. Those breaches make the news because they are so unique. What is much more common are users doing stupid things that neutralize your investment in security tools.
On Monday, December 8th, the Office for Civil Rights (“OCR”) at the Department of Health and Human Services announced another new HIPAA settlement. As with most recent settlements, the latest settlement is being used to set up an example of what not to do.
If you are a provider participating in the EHR Incentive Programs, conducting or reviewing a security risk analysis is required to meet Stage 1 and Stage 2 of meaningful use. This meaningful use objective complements, but does not impose new or expanded requirements on the HIPAA Security Rule.
OUR STREAMING RADIO STATION
HealthcareNOW Radio – Past Episodes On Demand
Miss any episodes of your favorite HealthcareNOW Radio shows? Find them all on our SoundCloud Channel. Play or Download Here
Get Our eNews Digests
EHR Incentive Program News
More Top Headlines
- Revisiting Your Interactive Voice Response System
- Podcast: KHN’s ‘What The Health?’ What’s Next For The FDA?
- HELP Hearing on Making Electronic Health Information Available to Patients and Providers
- CMS: Beyond the Policy
- What’s Happening at the ONC – 3-15-19
- See all our sites aggregated content on HealthITAnswers.net