HIPAA

In today's world, passwords are no longer enough. Organizations should double up on security and implement two-factor authentication to stay ahead of the increasing volume and sophistication of cyberattacks. Although some may worry that two-factor authentication will be difficult to use, savvy organizations have found that it quickly becomes second nature.

Q: Our modem dialed the correct fax number but a switch in the phone company's system misdirected some pages of the fax to a wrong number. Are we in violation of HIPAA even though it is not our fault?

Q: Is an organization required to notify a patient of a single misdirected fax?

Quest Diagnostics, a Madison, New Jersey-based medical laboratory services company, announced a data breach affecting 34,000 individuals. The breach occurred November 26, according to Quest Diagnostic’s December 12 statement.

Breaches and audits brought much needed attention to HIPAA

Q. Are we required to use encryption on all email, or only email that contains PHI?

Information security officers often have their hands full with HIPAA. But as high-deductible health plans have patients paying more out of pocket, it’s time organizations took a closer look at another set of cybersecurity guidance: the Payment Card Industry Data Security Standard (PCI DSS).

It’s been a challenging year for HIPAA compliance. OCR levied more than $20 million in breach settlement fines. Ransomware rocked the healthcare industry.

The second round of desk audits in the HIPAA audit program began this week, the Office for Civil Rights (OCR) announced in a November 30 email alert.

A new phishing scam targeting covered entities (CE) and business associates (BA) is disguised as an official communication from the Office for Civil Rights (OCR). In an alert released November 28, OCR advised CEs and BAs that a phishing email is being circulated on fake HHS letterhead with the signature of Jocelyn Samuels, OCR’s director.