News and Toolkit Updates
Recent breach shows importance of BA agreements
Carefully managing your Business Associates (BA) agreements is important. At PrivaPlan we can’t emphasize that enough. The following story illustrates why. As if going to the dentist doesn’t cause enough anxiety, last week 4300 dental patients learned that their personal records may have been compromised. Massachusetts General Hospital (MGH) in Boston contacted the patients about…
From the PrivaPlan Blog
New COVID-19 vishing scam targets nursing homes
A new COVID-19 phone scam is targeting nursing homes in the Midwest. Called vishing, these phone calls use the guise of test results to steal personal information.
The COVID-19 Vaccine Phishing Campaigns are Here
The COVID-19 vaccines began arriving in U.S. hospitals this week, and as expected, the phishing campaigns are in full force, with an increase in suspicious texts or emails claiming to have information about the vaccine in exchange for personal information.
OCR proposes big changes to HIPAA Privacy Rule
This week, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) released proposed changes to the HIPAA Privacy Rule that would “break down barriers that have stood in the way of commonsense care coordination and value-based arrangements for far too long,” according HHS Secretary Alex Azar.
Alert: Imminent and increased threat of cybercrime attacks against healthcare industry
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) issued a Joint Cybersecurity Advisory October 28 siting “credible information” they have on an “imminent and increased” threat of cybercrime attacks against the US healthcare industry with the goal of locking down systems, stealing data, and extorting money.
Sign up now for Oct. 27th Webinar: Managing Cybersecurity During a Pandemic
BlueNovo and PrivaPlan will provide tips and tricks to safeguard your systems and people.
Alert: Postcard Disguised as Official OCR Communication is in the Mail
Though the postage is marked first class, the mailer’s intent is not. In fact, it is another low-class act by scammers. The United States Office for Civil Rights (OCR) released a statement on August 6 about postcards that are being sent to health care organizations disguised as official OCR communications, claiming to be notices of a mandatory HIPAA compliance risk assessment.
OCR Ensures Patients Can Receive Religious Visitations During COVID-19 in a Maryland Health System
Tuesday the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS) announced the resolution of a religious discrimination complaint against Prince George’s Hospital Center of the University of Maryland Medical System (UMMS) after UMMS adopted new policies ensuring clergy access to patients for religious purposes during the COVID-19 pandemic.
Microsoft warns of COVID-19 phishing attack via Excel
Microsoft is warning users about an infected Excel email attachment that can wreak major havoc when opened. The massive phishing attack started on May 12 appearing as emails from the Johns Hopkins Center with an Excel attachment that claims to be US deaths caused by the Coronavirus.
OCR warns there is an individual posing as OCR Investigator
On April 3, the Office for Civil Rights (OCR) issued an alert that an individual posing as an OCR Investigator has contacted HIPAA covered entities in an attempt to obtain protected health information (PHI).
Cyberthreats are lurking in COVID-19 pandemic
“As more of our employees work from home and are under the collective stress of the COVID-19 pandemic we become easy victims,” said David Ginsberg, PrivaPlan president. “Security reminders and awareness at this time are essential.”
Best HIPAA Practices Working From Home During the COVID-19 Emergency
During the Coronavirus emergency, physicians and healthcare providers may want to adopt telemedicine as a way to provide patient care. This is an acceptable practice under HIPAA and California data and privacy laws but some precautions should be followed.
Can I share a coronavirus patient’s information to protect the public?
This month in light of the Novel Coronavirus (2019-nCoV) outbreak, the Department of Health and Human Services (HHS) released a bulletin reminding HIPAA covered entities and their business associates of the ways they may share patient information during an outbreak of infectious disease or other emergency situations.
Important notice regarding individuals’ right of access to health records
The Department of Health and Human Services’ Office for Civil Rights has released an announcement that certain legislative changes regarding individuals’ right of access to health records have been reversed.
Do you understand what PHI is?
An apparent lack of understanding of what defines Protected Health Information (PHI) has cost one hospital system $2.175 million in fines to the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS).
HHS releases proposal to overhaul patient privacy rules for addiction treatment
The Department of Health and Human Services (HHS) announced proposed changes late last week to the federal regulations governing the confidentiality of patient records created by federally-assisted substance use disorder treatment programs, known as 42 CFR Part 2. Drafted in 1975, 42 CFR Part 2 was designed to protect patient records created by federally-assisted programs…
Are your Business Associates protecting your patient data?
This week, American Medical Collection Agency (AMCA), the billing collections vendor for both Quest Diagnostics and LabCorp, reported to both companies that the data of nearly 20 million customers may have been compromised.
HHS reduces maximum civil penalties for HIPAA violations
The HHS published a Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties that changes the interpretation of fines for violations defined under the HITECH Act, effectively reducing some of the annual limits.
Email breaches in three states expose protected health information
Three email system breaches in three states exposed protected health information and each healthcare entity is stepping up efforts so it won't happen again.
Payroll phishing scam targets university employees
Three university personnel began the new year without paychecks after falling victim to a payroll phishing scam.
Health Sector Cybersecurity Coordination Center opens
The Health Sector Cybersecurity Coordination Center underscores HHS’ commitment to support and improve the health sector’s cybersecurity defenses.
PrivaPlan advises rural health care staff to train, train and retrain
Train, train and retrain is at the top of PrivaPlan’s list of practical solutions for being HIPAA compliant.
PrivaPlan HIPAA Certification Program promotes culture of compliance
PrivaPlan’s HIPAA Certification Program is giving healthcare professionals access to what had once been next to impossible to find: a one-stop shop to become a certified HIPAA expert.
HHS waives HIPAA sanctions and penalties for hurricane-affected hospitals
As Hurricane Florence continues its destructive path, hospitals affected by the storm have been given the go ahead to break certain provisions of the HIPAA Privacy Rule.
Verizon’s 2018 Data Breach Investigations Report Shows Healthcare Suffers Most Breaches
Can you hear me now? Verizon reports that the healthcare industry had more breaches than any other industry in 2017. In the recently released 2018 Data Breach Investigations Report (DBIR) by Verizon, Personally Identifiable Information and Protected Health Information were shown to be the most common types of data compromised overall, even more than payment…
Judge rules in favor of OCR, orders cancer center to pay $4.3 for HIPAA violations
A HHS Administrative Law Judge has ruled that MD Anderson violated HIPAA and is requiring the Texas cancer center to pay $4.3 million in penalties to the OCR.