Healthcare Groups Push Back on Proposal to Modify HIPAA Privacy Rule

In January of 2021, the Department of Health and Human Services (HHS) published a Notice of Proposed Rulemaking (Notice) to modify the HIPAA Privacy Rule. HHS has proposed to modify the Privacy Rule right of access provision by (among other measures) requiring providers, at an individual’s request, to mail or electronically transmit PHI to or through the individual’s personal health application (PHA). HHS seeks to define PHAs as [...]

2021-05-14T11:41:19-04:00May 14th, 2021|
Read More

7 Tips to Improving Healthcare Security

Ransomware attacks continue to rise, especially those targeting healthcare organizations. Hackers often target healthcare organizations in ransomware attacks to disrupt operations in hopes that the organization will pay a ransom. Healthcare organizations are also targeted in data theft incidents because patient information can be extremely valuable on the black market. This is why it has never been more important to protect your organization by improving your healthcare security. [...]

2021-05-14T11:41:19-04:00May 11th, 2021|
Read More

Is Trello HIPAA Compliant?

Trello is a project management software tool that allows users to track a project’s progress, and who is working on it. Project management software can be useful for any business, but when a healthcare organization utilizes such software for projects related to specific patients, they must ensure that the software is HIPAA compliant. So, is Trello HIPAA compliant? The answer is discussed below. Is Trello HIPAA Compliant: Security [...]

2021-05-07T15:28:17-04:00May 7th, 2021|
Read More

Einstein Healthcare Class Action Lawsuit Alleges PHI Breach

Recently, a healthcare class action lawsuit was filed against Einstein Healthcare. The lead plaintiff in the healthcare lawsuit is patient Nanette Katz. In August of 2020, Einstein was the victim of a phishing attack that led to numerous employee email accounts being accessed by someone without authorization.  The 51-page complaint alleges Einstein Healthcare failed to secure and safeguard the protected health information (PHI) of patients, and failed to [...]

2021-05-04T13:39:21-04:00May 3rd, 2021|
Read More

Healthcare Vendor Ransomware Attack Stalls Cancer Treatments, 170 Health Systems Hit

On April 20, 2021, Elekta, a cancer software provider, was targeted by a healthcare ransomware attack. Through the attack, hackers were able to access Elekta’s cloud-based software, used to operate radiology equipment. As a result of the incident, Elekta temporarily took their software offline, preventing treatment for cancer patients across 170 U.S. health systems. More details on the healthcare vendor ransomware attack are discussed. What We Know About [...]

2021-05-04T13:42:02-04:00April 29th, 2021|
Read More

OCR Fraud Alert! Beware of This Postcard

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) enforces the HIPAA regulations through investigations, civil monetary penalties, and settlements. On April 26, 2021, OCR announced that it had been made aware of postcards being sent to healthcare organizations informing the recipients that they are required to participate in a “Required Security Risk Assessment.” The postcards instruct recipients to send the risk assessment to [...]

2021-05-12T12:35:48-04:00April 27th, 2021|
Read More

OSHA COVID-19 Enforcement is Now Prioritized

The United States Department of Labor (DOL), the federal agency that enforces OSHA law, has issued new OSHA enforcement guidance. The guidance is intended to be time-limited to the current COVID-19 public health crisis. Under the new guidance, OSHA has prioritized elimination and control of workplace exposure to SARS-Co-V-2, the cause of COVID-19. More about OSHA COVID-19 enforcement is discussed below. Updated OSHA COVID-19 Enforcement Strategy [...]

2021-05-04T13:35:50-04:00April 23rd, 2021|
Read More

Does HIPAA Require Email Archiving?

Does HIPAA require email archiving? Well, not specifically. The HIPAA Security Rule requires covered entities and business associates to keep an archive of electronic communications of patient data. Email archiving is one of the ways in which this can be accomplished, and although it is not mandated, it’s a good way to keep records of your email communications. What is Email Archiving? [...]

2021-05-04T13:44:51-04:00April 21st, 2021|
Read More

March Healthcare Breaches Affected 2.9 Million Patients

We have reached the time of the month where we take a look at the previous month’s healthcare breaches. March saw a whopping 62 healthcare breaches, affecting 2,913,084 patients (more than double the amount of patients affected by February healthcare breaches).  In March 2021, health plans were the biggest target with 1,629,885 patients’ files potentially exposed through their health plan. Healthcare providers were the second largest target [...]

2021-04-27T11:50:33-04:00April 19th, 2021|
Read More

5 Tips on How to Complete a Risk Assessment

Are you worried about completing your HIPAA risk assessment? Many organizations are. To provide you with guidance, 5 tips on how to complete a risk assessment are discussed. Educate yourself on the HIPAA Security Rule Identify risks and vulnerabilities Create and implement remediation plans Use a risk assessment tool Repeat annually How to Complete a Risk Assessment Completing your [...]

2021-04-23T12:45:51-04:00April 15th, 2021|
Read More
Load More Posts