HIPAA’s Security Rule Glow-Up: What’s Changing and Who’s Affected

HIPAA’s Security Rule Glow-Up: What’s Changing and Who’s Affected

by | Jan 12, 2025 | , ,

On December 27, 2024, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) decided it was time to give the HIPAA Security Rule a much-needed cybersecurity makeover—and let’s just say, it’s not just a light touch-up. These proposed changes mean stricter security rules, fewer loopholes, and a whole lot more paperwork for covered entities, business associates, and especially Health Information Exchanges (HIEs) and Health Information Networks (HINs).

read more
OCR Sees Uptick in Ransomware Incidents

OCR Sees Uptick in Ransomware Incidents

by | Nov 4, 2024 | , , ,

During the Fall 2024, the HHS OCR concluded 3 investigations resulting in settlement payments relating to ransomware incidents. In all three instances, OCR found that the entities that encountered the cybersecurity incidents had not conducted a compliant risk analysis and did not sufficiently monitor their health information systems’ activity. there has been a 264% uptick in large ransomware breaches since 2018.

read more
Not So Sunny News in Arizona –  Major Health Care System Agrees to Pay $1.25 Million HIPAA Settlement for Cybersecurity Hacking Incident from 2016

Not So Sunny News in Arizona –  Major Health Care System Agrees to Pay $1.25 Million HIPAA Settlement for Cybersecurity Hacking Incident from 2016

by | Feb 8, 2023 | , , ,

The forecast for Arizona is thunderstorms, at least for at least one health care system. Last week, OCR announced a $1.25 settlement for HIPAA Security Rule violations brought to light by a cybersecurity hacking incident that took place over five years ago.

read more
Mind your Breach Insurance and Vendor Contracts

Mind your Breach Insurance and Vendor Contracts

by | Jul 17, 2020 | , ,

A preliminary class action data breach settlement involving UnityPoint Health should prompt health care organizations to take a second look at their breach insurance coverage as well as their contracts with vendors who process data on their behalf. Adequate cyber and breach insurance coverage is paramount and should be commensurate with the health care organization’s size, operations. Additionally, health care organizations should pay close attention to their vendor contracts, particularly limitation of liability clauses, hold harmless provisions and indemnification provisions in health IT and other contracts.

read more
Is Your Organization Ready to Send Patient Information to Apps by November?

Is Your Organization Ready to Send Patient Information to Apps by November?

by | Jun 19, 2020 | , , ,

Becker’s Hospital Review reported that 70% of CIOs are “concerned” about meeting the upcoming November 2nd deadline for complying with the Final Rules prohibiting information blocking practices. This is according to a survey conducted by CHIME, which included responses from executives at academic medical centers, critical access hospitals, multi-hospital systems and specialty hospitals.  Although the survey did not appear to identify specifically what concerns CIOs about complying with information blocking rules by this fall, one possibility is fully understanding how ONC’s information blocking rules will apply to releasing patients’ EHI to third-party apps.

read more

Archives