Despite all that made 2020 an unusual year, data security incidents did not slow down. For organizations that are covered by the Health Insurance Portability and Accountability Act (HIPAA), the deadline to report small incidents is fast approaching. Organizations that experienced a data security incident in 2020, which affected the protected health information (PHI) of less than 500 individuals, have until March 1, 2021 to submit their notification to the U.S. Dept. of Health & Human Services.
Read more »Tag: healthcare
-
Don’t Forget the HIPAA Small Breach Notification Deadline of March 1, 2021. It’s Right Around the Corner! Posted on: February 10, 2021 In: Data Privacy & Cybersecurity
-
FBI Healthcare Alert - Imminent Threat Of Widespread Ryuk Attack Posted on: October 29, 2020 In: COVID-19 Response
The FBI and DHS-CISA issued a warning on October 28, 2020 about an imminent threat to hospitals and healthcare providers. They represent that they have credible information to suggest there will be a widespread Ryuk ransomware attack this weekend (October 30 - November 1), and the FBI, DHS and the NSA's Cybersecurity Threat Operations Center are currently investigating the matter. It is recommended that hospitals and healthcare providers implement the following measures as soon as possible.
Read more »
-
California Seeks to Heal HIPAA & CCPA Divisions with AB 713 Posted on: October 19, 2020 In: Data Privacy & Cybersecurity
On September 5, 2020 the California legislature passed AB 713, amending the California Consumer Privacy Act (CCPA). The bill alleviates some of the burdens imposed on medical research and healthcare operations by the CCPA, and imposes new requirements and restrictions on businesses that sell or disclose de-identified health data. The bill also contains an emergency clause enabling it to take effect immediately upon the governor's approval.
Read more »
-
The Next Major Public Health Crisis Posted on: October 15, 2020 In: COVID-19 Response
In 2014, a business associate of a healthcare entity was notified by law enforcement that it had suffered a cyberattack to the company's information system. The hackers were able to access and exfiltrate the health information of more than 6 million people from numerous entities served by the business associate. In addition to a fine issued by OCR, a related covered entity was sued and a multimillion-dollar settlement was reached. OCR placed the covered entity under a very detailed corrective action plan.
Read more »
-
OCR Announces HIPAA Telehealth Security Waiver in Response to COVID-19 Pandemic Posted on: March 20, 2020 In: COVID-19 Response
The Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS), which is the body responsible for enforcing certain regulations pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), is exercising its enforcement discretion to meet the needs of health care providers and patients during the COVID-19 (Coronavirus) public health emergency.
Read more »