How is OCR handling Women’s Reproductive Healthcare challenges as relates to PHI?

OCR PHI and reproductive health

With every new headline about women’s reproductive health, providers and patients have been left wondering what’s next legally. Will they be protected or prosecuted? The answer could be down to interpretation of HIPAA’s Privacy Rule. To that end, OCR’s taken the position of clarification and strengthening PHI protections from the HIPAA perspective. On April 12, … Read more

Attention Business Associates! New OCR Announcement re PHI during COVID-19 Relates to You

Business Associates HIPAA National Emergency

On April 2, 2020, the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS) announced that effective immediately, it will exercise its enforcement discretion and will not impose penalties for violations of certain provisions of the HIPAA Privacy Rule against health care providers or their business associates for the … Read more

When It’s OK to Share: OCR’s Novel Coronavirus Disease (COVID-19) Limited Waiver

OCR Limited Waiver HIPAA

Novel Coronavirus, aka COVID-19, is on track to stretch our healthcare system to the breaking point, and our healthcare providers along with it. In effect as of March 15, 2020, the OCR’s published a Limited Waiver of HIPAA Sanctions and Penalties that during this National Emergency could give care providers one less source of anxiety … Read more

Are All Ransomware Attacks Breaches?

ransomware-breach or incident only

It’s one of those questions that never goes away.  The answer is, “Maybe” and very definitely, “Not always.” Contrary to popular belief, even after ransomware attacks, the safe harbor still applies when it comes to breaches.  If your PHI data was encrypted prior to the ransomware attack that encrypted (aka “held for ransom”) it, you … Read more

Data Privacy & Security: 2018 Reflections & the Year Ahead

2018 its a wrap data privacy

It’s been a tumultuous 2018 for data privacy and information security. New regulations here and abroad show that data privacy will continue to be a hot topic as we move into 2019. We’re seeing the OCR’s investigations and penalties aren’t limited to large entities or to large breaches. Expect that will continue. Over 60 organizations … Read more

Serious Implications of DDoS & DOS Attacks Prompts OCR to Share Prevention Tips

The Internet of Things (IoT) is leaving gaps that malicious software can exploit, bringing down extensive systems. The increasing frequency and severity of the attacks has healthcare systems and their supporting technology vendors on pins and needles. Healthcare organizations may lose ability to access systems that are critical to patient care, in addition to affecting … Read more

OCR Confirms that an EHR Kill Switch Violates HIPAA

If you’re a digital health vendor with an EHR product, take heed. Simply because your client hasn’t paid you for implementation, or you’ve had a disagreement about the product, doesn’t mean you can refuse them access to the EHR and the ePHI within. It’s a HIPAA violation. You can check out the FAQ, aka the … Read more

OCR News: Single-location Pharmacy Pinged with Penalty & Corrective Action Plan

Remember a few years ago we wrote about When it Comes to HIPAA Violations, Size Doesn’t Matter? Then it was a small specialty physician practice in Arizona that was hit with a penalty – now it’s a Denver pharmacy, Cornell Prescription Pharmacy. A well-known single-location pharmacy serving the greater Denver metropolitan area, they’re being pinged … Read more

Anthem Unfolding: Who has regulatory authority when it comes to security audits?

In a recent LinkedIn group discussion, there was some back and forth about an article that stated Anthem was refusing to cooperate in the security audit. What ensued was debate about what is required vs what is a good idea (particularly when you’re dealing with OPM [Office of Personnel Management] and OIG). I, personally, was … Read more

Never mind Big Brother, OCR is watching! HIPAA Enforcement Developments

It was a busy 2014 for the Office for Civil Rights (OCR). OCR entered into several resolution agreements and corrective action plans last year. Pay attention to the enforcement trend Covered entities (CE) and business associates (BA)! No matter how large or small, OCR is taking aim at CEs and likely soon BAs when it … Read more