The Office for Civil Rights (OCR) is planning to implement a regulation that would share HIPAA settlements and monetary penalties with individuals affected by breaches.
Hackers are targeting poorly secured file transfer protocol (FTP) servers to access protected health information (PHI), store malicious tools, or launch cyberattacks, according to an alert released by the FBI March 22.
Data integrity and analytics, increased HIPAA enforcement, patient-generated health data, and information security emerged as the top four topics at the 2017 Health Information and Management Systems Society national conference.
HIM Briefings’ 2017 EHR benchmark survey took a closer look at EHR implementation and use as well as the role of HIM in EHR management, including common challenges and benefits. Respondents shared experiences, discussed the impact of EHRs on data quality and security, and reflected on HIM’s role in ongoing EHR maintenance.
Q. We’re a small clinic and were just hit with ransomware. We do have a plan to recover and have clean backup data to restore from. Is there anything we’re missing?
The Substance Abuse and Mental Health Services Administration released a final rule updating privacy regulations for alcohol and substance abuse patient records. The changes are intended to reflect the way information is shared in new healthcare models while still protecting the privacy of individuals seeking treatment.
Q: We currently use an electronic system to make appointments for our spa clients that is not HIPAA compliant according to its maker. Can we use this system to track appointments for B-12 shots clients and those who are prescribed with appetite suppressants? We would have to enter patient medications and any allergies into this system. Since it is a cash-based business, what’s the HIPAA liability?
Covered entities (CE) and business associates (BA) should report any suspicious cyber activity, including malware, phishing, or other cybersecurity incidents, to the United States Computer Emergency Readiness Team (US-CERT), the Office for Civil Rights (OCR) said in guidance released February 23.
Q. If we discover that our business associate (BA) uses a cloud service vendor for certain services, do we need to see proof that the BA has executed a BA agreement (BAA) with the cloud service vendor?
