As employers continue to grapple with a safe return to the workplace, on January 21, the U.S. Center for Disease Control and Prevention (CDC) issued new guidance for businesses and employers on SARS-CoV-2 testing of employees, as part of a more comprehensive approach to reducing transmission of the virus in non-healthcare workplaces. While the CDC
HIPAA
Want to Know if Your Employees Received the COVID-19 Vaccine? Some Best Practices to Consider
While its rollout has been slow, the vaccine is being administered across the U.S. and in other countries. As of January 15, 2021, nearly 36 million doses of a COVID-19 vaccine have been administered, just over 11 million in the U.S. For a variety of reasons, organizations want to know whether their workforce members…
OCR Releases Report Summarizing HIPAA Privacy and Security Compliance Failures
In the final days of 2020, the Office for Civil Rights (OCR) at the U.S. Health and Human Service (HHS) released a HIPAA Audits Industry Report (“the Report”), that could be quite helpful to covered entities and business associates for tackling HIPAA compliance as we enter the new year. The Report examines OCR’s findings from…
As Voice Recognition Technology Market Surges, Organizations Face Privacy and Cybersecurity Concerns
A new report released by Global Market Insights, Inc. last month estimates that the global market valuation for voice recognition technology will reach approximately $7 billion by 2026, in main part due to the surge of AI and machine learning across a wide array of devices including smartphones, healthcare apps, banking apps and connected cars,…
Hacked Healthcare Provider Refuses to Pay Ransom, Attackers Target Psychotherapy Patients
Earlier this year, we reported on an evolution in the form of cyberattack known as ransomware –attackers transitioning from denying affected users access to critical data by encrypting it to removing data from the compromised systems and threatening public release in exchange for payment. These attacks typically target the companies maintaining the data. However, attackers…
Indiana AG Proposed Regulations Creating Corrective Action Plan Requirement and Cybersecurity Safe Harbor
A proposal by Indiana’s Attorney General Curtis Hill on Wednesday would add a significant step in the incident response process for responding to breaches of security affecting Indiana residents. On Wednesday, during a U.S. Chamber of Commerce virtual event, he announced his proposed rule designed to better protect Hoosiers from cyberattacks. It is expected that…
OCR Releases New Guidance on HIPAA for Mobile Health Technology
Over the past few years, and particularly during the COVID-19 pandemic, the Department of Health and Human Services Office for Civil Rights in Action (OCR) has made countless efforts to enhance its Health Insurance Portability and Accountability Act (HIPAA) guidance and other related resources on its website. Last week, the OCR launched a new feature…
OCR is Serious About Patients’ Rights to Access Records, Announcing Enforcement Actions Against 5 Providers
When providers, health plans, business associates, and even patients and plan participants think of the HIPAA privacy and security rules (‘HIPAA Rules”), they seem to be more focused on the privacy and security aspects of the HIPAA Rules. That is, for example, safeguarding an individual’s protected health information (PHI) to avoid data breaches or avoiding…
HIPAA Covered Entities and Business Associates Need an IT Asset Inventory List, OCR Recommends
Last week, in its Cybersecurity Summer Newsletter, the Office of Civil Rights (OCR) published best practices for creating an IT asset inventory list to assist healthcare providers and business associates in understanding where electronic protected health information (ePHI) is located within their organization, and improve HIPAA Security Rule compliance. OCR investigations often find that organizations…
OCR Warns HIPAA Covered Entities: When You Learn About HIPAA Violations, Fix Them
Roger Severino, Director of the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), provides advice for HIPAA covered health care providers:
When informed of potential HIPAA violations, providers owe it to their patients to quickly address problem areas to safeguard individuals’ health information
According to OCR allegations,…