Did you know? OCR has a new Risk Analysis Enforcement Initiative

HIPAA Summit 41 OCR risk analysis enforcement

View OCR Director Melanie Fontes Rainer’s presentation deck here. At the HIPAA Summit 41 in late February, she spoke on “spoke on recent OCR rulemakings, trends in health data breaches, recent HIPAA enforcement actions, new HIPAA enforcement initiatives (think risk analysis enforcement), best practices, and available cybersecurity resources to improve the protection and security of … Read more

Are All Ransomware Attacks Breaches?

ransomware-breach or incident only

It’s one of those questions that never goes away.  The answer is, “Maybe” and very definitely, “Not always.” Contrary to popular belief, even after ransomware attacks, the safe harbor still applies when it comes to breaches.  If your PHI data was encrypted prior to the ransomware attack that encrypted (aka “held for ransom”) it, you … Read more

Using the Cloud to Store & Share Files? It may be time for another Security Risk Analysis.

We’ve been working with a number of clients lately who are trying to wrap their arms – and IT policies – around cloud computing and file sharing. You may remember last year when OHSU was fined $2.7 million for “widespread HIPAA vulnerabilities.” Well, part of those vulnerabilities came about because of improper use of cloud-based … Read more

Healthcare Compliance: Meaningful Use & Risk Analysis

At the HCCA regional conference in Portland earlier this year, I heard that a speaker said that only the NIST 800 series risk analysis standard is acceptable for a Meaningful Use risk analysis. However, while the NIST standard is one acceptable methodology for healthcare organization risk analyses, it’s not the only one. In the end, … Read more