On April 2, 2020, the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS) announced that effective immediately, it will exercise its enforcement discretion and will not impose penalties for violations of certain provisions of the HIPAA Privacy Rule against health care providers or their business associates for the … Read more
Novel Coronavirus, aka COVID-19, is on track to stretch our healthcare system to the breaking point, and our healthcare providers along with it. In effect as of March 15, 2020, the OCR’s published a Limited Waiver of HIPAA Sanctions and Penalties that during this National Emergency could give care providers one less source of anxiety … Read more
It’s one of those questions that never goes away. The answer is, “Maybe” and very definitely, “Not always.” Contrary to popular belief, even after ransomware attacks, the safe harbor still applies when it comes to breaches. If your PHI data was encrypted prior to the ransomware attack that encrypted (aka “held for ransom”) it, you … Read more
It’s been a tumultuous 2018 for data privacy and information security. New regulations here and abroad show that data privacy will continue to be a hot topic as we move into 2019. We’re seeing the OCR’s investigations and penalties aren’t limited to large entities or to large breaches. Expect that will continue. Over 60 organizations … Read more
The Internet of Things (IoT) is leaving gaps that malicious software can exploit, bringing down extensive systems. The increasing frequency and severity of the attacks has healthcare systems and their supporting technology vendors on pins and needles. Healthcare organizations may lose ability to access systems that are critical to patient care, in addition to affecting … Read more
If you’re a digital health vendor with an EHR product, take heed. Simply because your client hasn’t paid you for implementation, or you’ve had a disagreement about the product, doesn’t mean you can refuse them access to the EHR and the ePHI within. It’s a HIPAA violation. You can check out the FAQ, aka the … Read more
Remember a few years ago we wrote about When it Comes to HIPAA Violations, Size Doesn’t Matter? Then it was a small specialty physician practice in Arizona that was hit with a penalty – now it’s a Denver pharmacy, Cornell Prescription Pharmacy. A well-known single-location pharmacy serving the greater Denver metropolitan area, they’re being pinged … Read more
In a recent LinkedIn group discussion, there was some back and forth about an article that stated Anthem was refusing to cooperate in the security audit. What ensued was debate about what is required vs what is a good idea (particularly when you’re dealing with OPM [Office of Personnel Management] and OIG). I, personally, was … Read more
It was a busy 2014 for the Office for Civil Rights (OCR). OCR entered into several resolution agreements and corrective action plans last year. Pay attention to the enforcement trend Covered entities (CE) and business associates (BA)! No matter how large or small, OCR is taking aim at CEs and likely soon BAs when it … Read more
Apgar & Associates, LLC
7100 SW Hampton St #137
Tigard, OR 97223
503-384-2538
©Copyright 2023 Apgar and Associates. All rights reserved.
