OCR Issues Audit Report on Health Care Industry Compliance with the HIPAA Rules

Late last month, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) released its 2016-2017 HIPAA Audits Industry Report that reviewed selected health care entities and business associates for compliance with certain provisions of the HIPAA Privacy, Security, and Breach Notification Rules. The Health Information Technology for Economic…

OCR Issues Guidance on HIPAA, Health Information Exchanges, and Disclosures of Protected Health Information for Public Health Purposes

On Friday, December 18, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued guidance on how the Health Insurance Portability and Accountability Act of 1996 (HIPAA) permits covered entities and their business associates to use health information exchanges (HIEs) to disclose protected health information (PHI) for the…

Office for Civil Rights Issues Resource Document on HIPAA and IT Asset Inventories

The Department of Health & Human Services (HHS) Office for Civil Rights (OCR) has published, as  part of its Summer 2020 Cybersecurity Newsletter, a resource document to assist covered entities in conduction of an effective risk analysis to ensure compliance with the Security Rule.  The OCR is tasked with enforcing the Health Insurance Portability and…

Feds Issue Health Care Malware Warning

The Office of Civil Rights (OCR) of the Department of Health and Human Services has issued a warning to health care providers about the Taidoor Malware being used by the Chinese government. The warning from the OCR and the Assistant Secretar for Preparedness and Response (ASPR) includes a warning about malware, as well as response…

Alert: Watch Out for a Postcard Disguised as Official OCR Communication

The Office of Civil Rights (OCR) of the Department of Health & Human Services (HHS) is alerting the public of postcards being sent to health care organizations disguised as official OCR communications and claiming to be notices of a mandatory HIPAA compliance risk assessment.  The postcards have a Washington, D.C. return address, and the sender…

Office of Civil Rights Issues Guidance on Prohibiting Discrimination During COVID-19

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), on July 20, issued guidance to ensure that recipients of federal financial assistance understand that they must comply with applicable federal civil rights laws and regulations that prohibit discrimination on the basis of race, color, and national origin in…

New HHS Fact Sheet on Direct Liability of Business Associates under HIPAA

The Health and Human Services (HHS) Office for Civil Rights (OCR) has issued a new fact sheet that provides a clear compilation of all provisions through which a business associate can be held directly liable for compliance with certain requirements of the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (“HIPAA Rules”), in accordance with…