Ransomware Resources for HIPAA Regulated Entities

Ransomware attacks on health care organizations are a growing threat, so the HHS Office for Civil Rights (OCR) shared with us the following information to ensure that HIPAA regulated entities are aware of the resources available to assist in preventing, detecting, and mitigating breaches of unsecured protected health information caused by hacking and ransomware. HHS…

OCR Issues Guidance on HIPAA, COVID-19 Vaccinations, and the Workplace

On Thursday, September 30, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) issued guidance to help the public understand when the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule applies to disclosures and requests for information about whether a person has received a COVID-19 vaccine. The…

CMS Issues Guidance on Determining Hospice Beneficiary Enrollment in MA VBID Hospice Model for CY2022

CMS Orders Systems Changes to Identify Hospice Patients in the Model In calendar year 2022 (CY2022), the Medicare Advantage (MA) Value-based Insurance Model (VBID) Hospice Component demonstration model – under which the hospice benefit is included as part of the MA benefit package — will enter its second year of operation and it is believed he…

Security Alert: Postcard Disguised as Official OCR Communication

The Office of Civil Rights (OCR) of the U.S. Department of Health & Human Services (HHS) has been made aware of postcards being sent to health care organizations informing the recipients that they are required to participate in a “Required Security Risk Assessment” and they are directed to send their risk assessment to www.hsaudit.org.  The link…

NAHC Submits Comments On Proposed HIPAA Privacy Rule

On January 21, 2021, the Office of Civil Rights under the Department of Health and Human Services issued a propose rule: Proposed Modifications to the HIPAA Privacy Rule To Support, and Remove Barriers to Coordinated Care and Individual Engagement Office HHS proposes to make a number of changes to the HIPAA Privacy Rule to strengthen…

Call for Comments on Implementing the HIPAA Security Rule

The National Institute for Standards and Technology (NIST) is planning to update the NIST Special Publication (SP) 800—66, Revision 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (“Resource Guide”). NIST is seeking stakeholder input on the purpose of the Resource Guide to educate readers about information security terms…

HHS Proposes Changes To The HIPAA Regulations

On January 21, 2021 the Office of Civil Rights (OCR) of the Department of Health & Human Services (HHS) issued proposed changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to support individuals’ engagement in their care, remove barriers to coordinated care, and reduce regulatory burdens on the health care industry. Several of…

OCR Issues Audit Report on Health Care Industry Compliance with the HIPAA Rules

Late last month, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) released its 2016-2017 HIPAA Audits Industry Report that reviewed selected health care entities and business associates for compliance with certain provisions of the HIPAA Privacy, Security, and Breach Notification Rules. The Health Information Technology for Economic…

OCR Issues Guidance on HIPAA, Health Information Exchanges, and Disclosures of Protected Health Information for Public Health Purposes

On Friday, December 18, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued guidance on how the Health Insurance Portability and Accountability Act of 1996 (HIPAA) permits covered entities and their business associates to use health information exchanges (HIEs) to disclose protected health information (PHI) for the…

Office for Civil Rights Issues Resource Document on HIPAA and IT Asset Inventories

The Department of Health & Human Services (HHS) Office for Civil Rights (OCR) has published, as  part of its Summer 2020 Cybersecurity Newsletter, a resource document to assist covered entities in conduction of an effective risk analysis to ensure compliance with the Security Rule.  The OCR is tasked with enforcing the Health Insurance Portability and…