HIPAA

On January 8, HHS announced a settlement of $337,750 with USR Holdings for a violation of the HIPAA regulations. This is significant due to the nature of the HIPAA Violation. Among the violations by USR Holdings was Deletion of electronic Protected Health Information.

PIH Health in California was hit with a ransomware attack which severely impacted its computer and telephone systems. The attack forced the hospital to activate their Downtime Contingency Plan. A downtime contingency plan are the procedures that are followed to maintain the ability to provide patient care in the event of a computer outage. This typically involved going back to recording patient information on paper for later entry into the computer systems when they are back online.

The U.S. Department of Health and Human Services (HHS) has proposed significant updates to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to enhance the protection of electronic protected health information (ePHI) amid rising cyber threats.

A Security Risk Assessment (SRA) is a systematic process of identifying, evaluating, and mitigating risks that could compromise the security of an organization, system, or asset. The purpose of an SRA is to ensure that security controls are in place and sufficient to protect against potential threats, vulnerabilities, and their associated impacts.

A Privacy and Breach Risk Assessment (PBRA) is a systematic process used by organizations to evaluate potential privacy risks and the likelihood and impact of data breaches associated with handling personal or sensitive information. It is typically conducted to ensure compliance with privacy laws, regulations, and organizational policies while minimizing risks to individuals whose data is collected, processed, or stored.

Doctors have a hard enough time treating patients and dealing with basic business operations on a day-to-day basis. It’s a difficult task to ask them to be aware of and in compliance with every section of health care regulatory laws and other standards in addition to their daily provision of care to patients. Simply stated, doctors and other health care professionals and providers face an enormous challenge trying to be aware of, understand, and comply with applicable state and federal health care regulatory laws. Consequently, health care professionals and providers are often completely in the dark on what it takes to spot compliance issues and prevent them from happening before they become serious issues. This level of awareness (or lack of it) can be summed up in one simple statement. You don’t know what you don’t know. And not having this knowledge can lead to devastating consequences.

ON Demand Courses for TLD Systems Clients

The Microsoft Threat Intelligence Briefing: Healthcare has reported that the healthcare/public health sector was one of the top 10 most impacted industries in the second quarter of 2024 and that there has been a 300% surge in ransomware attacks. There is now an entire industry of RaaS – Ransomware as a service. The same way a doctor can subscribe to have access to an EHR. Bad actors can subscribe to services that will create ransomware for them. Bad actors are also utilizing AI to create ransomware and better target ransomware attacks.

We have searched the web for HIPAA release forms that have been approved by each state. The links here bring you back to your state web site with access to state created HIPAA release forms.