Tag: OCR

OCR Releases New Recognized Security Practices Video

In recognition of National Cybersecurity Awareness Month, the Office of Civil Rights (OCR) has produced a new video for organizations covered under the HIPAA Rules on Recognized Security Practices. Recommended security practices can help organizations improve their ability to safeguard patient information from cyberattacks and better safeguard the health care services we all rely upon.…

HIPAA Resources and Security Risk Assessment Webinar on Wednesday, Thursday

Even though some providers have been living with the Health Insurance Portability and Accountability Act (HIPAA) requirements since 1996, there are still questions about whether an entity is covered and what all the requirements are.  The Office of Civil Rights (OCR) administers HIPAA and has a webpage that contains resources specifically for health care professionals…

HHS Issues Guidance on HIPAA and Audio-Only Telehealth

On Monday, June 13, the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), is issuing guidance on how covered health care providers and health plans can use remote communication technologies to provide audio-only telehealth services when such communications are conducted in a manner that is consistent with the applicable requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules, including when OCR’s Notification of Enforcement Discretion for Telehealth – PDF is no longer in effect.

This guidance will help individuals to continue to benefit from audio-only telehealth by clarifying how covered entities can provide these services in compliance with the HIPAA Rules and by improving public confidence that covered entities are protecting the privacy and security of their health information.

While telehealth can significantly expand access to health care, certain populations may have difficulty accessing or be unable to access technologies used for audio-video telehealth because of various factors, including financial resources, limited English proficiency, disability, internet access, availability of sufficient broadband, and cell coverage in the geographic area.  Audio-only telehealth, especially using technologies that do not require broadband availability, can help address the needs of some of these individuals.

“Audio telehealth is an important tool to reach patients in rural communities, individuals with disabilities, and others seeking the convenience of remote options. This guidance explains how the HIPAA Rules permit health care providers and plans to offer audio telehealth while protecting the privacy and security of individuals’ health information,” said OCR Director Lisa J. Pino.

The Guidance on How the HIPAA Rules Permit Health Plans and Covered Health Care Providers to Use Remote Communication Technologies for Audio-Only Telehealth may be found at: https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/hipaa-audio-telehealth/index.html.

HHS Issues Guidance on HIPAA and Audio-Only Telehealth

On Monday, June 13, the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), is issuing guidance on how covered health care providers and health plans can use remote communication technologies to provide audio-only telehealth services when such communications are conducted in a manner that is consistent with the applicable requirements…

Version 3.3 of the HHS Security Risk Assessment Tool Now Available

The Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) have released version 3.3 of the popular HHS Security Risk Assessment (SRA) Tool (https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool). This tool is designed to aid small and medium sized health care organizations in…

Version 3.3 of the HHS Security Risk Assessment Tool Now Available

The Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) have released version 3.3 of the popular HHS Security Risk Assessment (SRA) Tool (https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool). This tool is designed to aid small and medium sized health care organizations in their efforts to assess security risks.

The latest version of the SRA Tool contains a variety of feature enhancements based on user feedback and public input. New features include the incorporation of Health Industry Cybersecurity Practices (HICP) references, file association in Windows, improved reports, and other bug fixes and stability improvements.

Also new this year is the SRA Tool Excel Workbook. This alternative version of the SRA Tool takes the same content from the Windows desktop application and presents it in a familiar spreadsheet format. The Excel Workbook contains conditional formatting and formulas to calculate and help identify risk in a similar fashion to the SRA Tool application.

This version of the SRA Tool is intended to replace the legacy “Paper Version” and may be a good option for users who do not have access to Microsoft Windows.

Ransomware Resources for HIPAA Regulated Entities

Ransomware attacks on health care organizations are a growing threat, so the HHS Office for Civil Rights (OCR) shared with us the following information to ensure that HIPAA regulated entities are aware of the resources available to assist in preventing, detecting, and mitigating breaches of unsecured protected health information caused by hacking and ransomware. HHS…

OCR Issues Guidance on HIPAA, COVID-19 Vaccinations, and the Workplace

On Thursday, September 30, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) issued guidance to help the public understand when the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule applies to disclosures and requests for information about whether a person has received a COVID-19 vaccine. The…

Webinar on Enhancements to HHS Security Risk Assessment Tool

The Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services are hosting a new webinar for users of the Security Risk Assessment Tool. Learn about the SRA Tool and how it can be used at your organization, hear…

Cyber Alert: Updates on Ransomware and Critical VMware Vulnerability

The Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology has released a memo titled “What We Urge You To Do To Protect Against The Threat of Ransomware.”  This memo addresses the growing number and size of ransomware incidents and calls upon government and private sector to take steps…