HIPAA

On April 27th, an EHR system company sent an email to hosted customers detailing a ransomware incident. According to the email, "A sophisticated criminal organization carried out a ransomware attack on some of the hosting vendor’s systems, disaster recovery site, and backups." As a result of this outage, many customers lost access to their EHR system.

The CDC has recently stated that individuals who have been vaccinated do not need to wear masks. As a result, many states have lifted mask restrictions. This begs the question of what to do if your state has lifted mask restrictions and somebody walks into your office without a mask?

National Institute of Standards and Technology (NIST) released NIST Special Publication 800-63B Digital Identity Guidelines. The new guidelines represent some significant changes to password management.

in order to be HIPAA Compliant, you must maintain a "Culture of Compliance" at your office. This can include keeping your software up-to-date, regular required training and addressing risks that pose to your office. This month we address Updating to Windows 10 20H2, Getting cell phones off your office WiFi and Understanding your backups

Microsoft has released it’s March security Patch which includes fixes for:

When you have a Business Associate Agreement in place you always can send a letter terminating the relationship. When you send that letter, you should instruct the Business Associate to delete all your patient data, and if that is not feasible that hey are responsible to protect that data under the HIPAA regulations. It is always best to have an attorney review the letter prior to sending it.

Just a few days ago Cybernews reported the largest compilation of emails and passwords were leaked on a public forum.

in order to be HIPAA Compliant, you must maintain a "Culture of Compliance" at your office. This can include keeping your software up-to-date, regular required training and addressing risks that pose to your office. This month we address Phishing Emails, Battery Backups and Proper Disposal of Copiers/Printers/Fax Machines

Amidst all of the other events in Washington DC in January, a law was passed that amended the HIPAA Regulations. . The amendment requires the department of Health and Human Services to take certain items into account during a HIPAA investigation. The text of the bill reads as follows:

It is important to realize that many of the devices in your office may contain patient information, even after you are no longer using the devices. Information can be stored in hard drives and memory that is on circuit boards and if the information finds it way into the wrong hands you have a HIPAA Violation.