Tag: OCR

Cyber Alert: Updates on Ransomware and Critical VMware Vulnerability

The Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology has released a memo titled “What We Urge You To Do To Protect Against The Threat of Ransomware.”  This memo addresses the growing number and size of ransomware incidents and calls upon government and private sector to take steps…

Security Alert: Postcard Disguised as Official OCR Communication

The Office of Civil Rights (OCR) of the U.S. Department of Health & Human Services (HHS) has been made aware of postcards being sent to health care organizations informing the recipients that they are required to participate in a “Required Security Risk Assessment” and they are directed to send their risk assessment to www.hsaudit.org.  The link…

NAHC Submits Comments On Proposed HIPAA Privacy Rule

On January 21, 2021, the Office of Civil Rights under the Department of Health and Human Services issued a propose rule: Proposed Modifications to the HIPAA Privacy Rule To Support, and Remove Barriers to Coordinated Care and Individual Engagement Office HHS proposes to make a number of changes to the HIPAA Privacy Rule to strengthen…

New Legal Guidance and Resources to Expand Access to COVID-19 Vaccines for Elderly & Disabled

The Office for Civil Rights (OCR), the Administration for Community Living (ACL), and the Office of the Assistant Secretary for Planning and Evaluation (ASPE) at the U.S. Department of Health and Human Services (HHS) have published several new resources to help states, vaccination providers, and others leading COVID-19 response activities improve access to vaccines for…

Cyber Alert: Mitigating Microsoft Exchange Server Vulnerabilities

The Office for Civil Rights (OCR) of the Department of Health & Human Services (HHS) is sharing the following Updated Alert on Mitigating Microsoft Exchange Vulnerabilities to assist HIPAA-covered entities and their business associates in addressing serious threats to Microsoft Exchange servers.  Organizations are encouraged to review the information below and take appropriate action. The…

OCR Issues Audit Report on Health Care Industry Compliance with the HIPAA Rules

Late last month, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) released its 2016-2017 HIPAA Audits Industry Report that reviewed selected health care entities and business associates for compliance with certain provisions of the HIPAA Privacy, Security, and Breach Notification Rules. The Health Information Technology for Economic…

OCR Issues Guidance on HIPAA, Health Information Exchanges, and Disclosures of Protected Health Information for Public Health Purposes

On Friday, December 18, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued guidance on how the Health Insurance Portability and Accountability Act of 1996 (HIPAA) permits covered entities and their business associates to use health information exchanges (HIEs) to disclose protected health information (PHI) for the…

Office for Civil Rights Issues Resource Document on HIPAA and IT Asset Inventories

The Department of Health & Human Services (HHS) Office for Civil Rights (OCR) has published, as  part of its Summer 2020 Cybersecurity Newsletter, a resource document to assist covered entities in conduction of an effective risk analysis to ensure compliance with the Security Rule.  The OCR is tasked with enforcing the Health Insurance Portability and…

Feds Issue Health Care Malware Warning

The Office of Civil Rights (OCR) of the Department of Health and Human Services has issued a warning to health care providers about the Taidoor Malware being used by the Chinese government. The warning from the OCR and the Assistant Secretar for Preparedness and Response (ASPR) includes a warning about malware, as well as response…

Alert: Watch Out for a Postcard Disguised as Official OCR Communication

The Office of Civil Rights (OCR) of the Department of Health & Human Services (HHS) is alerting the public of postcards being sent to health care organizations disguised as official OCR communications and claiming to be notices of a mandatory HIPAA compliance risk assessment.  The postcards have a Washington, D.C. return address, and the sender…