Archives: HHS

Subscribe to HHS RSS Feed

Due to the COVID-19 Pandemic, HHS Eases Restrictions on the Use and Disclosure of PHI by Business Associates

The COVID-19 public health emergency already has caused the U.S. Health and Human Services (HHS) Office for Civil Rights to announce various enforcement changes and waivers. On April 2, HHS issued another notification of enforcement discretion – this one relating to business associates. This latest notification allows business associates to use and disclose protected health … Continue Reading

HHS Issues Two Important Bulletins Waiving HIPAA Sanctions During the COVID-19 National Emergency

The HHS Office for Civil Rights (OCR) issued two important bulletins this week regarding the novel coronavirus disease (COVID-19) outbreak. On Mar. 16, OCR issued a limited waiver of HIPAA sanctions and penalties for noncompliance with certain provisions of the HIPAA Privacy Rule, including the requirement to obtain a patient’s agreement to speak with family … Continue Reading

New HHS Rules Give Patients ‘Unprecedented’ Digital Access to Their Own Health Data but May Put Privacy at Risk

On Monday, the U.S. Department of Health and Human Services (HHS) issued what it calls “transformative” rules that will govern how healthcare providers, insurers and technology vendors must design their systems to give patients safe and secure access to their health data. Issued by two different agencies within HHS – the Office of the National … Continue Reading

Federal Court Invalidates 2013 HIPAA Omnibus Rule Regulations and HHS Guidance on Fees for Copies of Medical Records

In what is being seen as a strong rebuke to years of regulatory overreach, the United States District Court for the District of Columbia entered an order on January 23, 2020 that invalidates provisions of the 2013 Omnibus Rule to the Health Insurance Portability and Accountability Act (“HIPAA”) and 2016 guidance issued by United States … Continue Reading

Risk Management Strategies to Reduce Risk Associated with Telehealth

The use of technology to provide healthcare has existed for decades; however, recent advances in technology and changes in reimbursement have increased the prevalence of telehealth for diagnosing and treating patients. Telehealth is an emerging and promising method of providing healthcare in areas where healthcare may be limited or unavailable. Telehealth provides quality, cost-effective healthcare … Continue Reading

Best Cybersecurity Practices for Healthcare Organizations – Insider-Caused Data Loss

This article is part of a series of blog posts exploring the recommendations and guidance Health & Human Services (HHS) provides to healthcare organizations in its Cybersecurity Best Practices report. For previous articles in the series, click here. While any security incident may cause an entity heartburn, when the incident is traced back to an … Continue Reading

Best Cybersecurity Practices for Healthcare Organizations – Loss or Theft of Devices

This article is part of a series of blog posts exploring the recommendations and guidance Health & Human Services (HHS) provides to healthcare organizations in its Cybersecurity Best Practices report. For previous articles in the series, click here. The report on cybersecurity best practices (Report) weighs in on one of the issues many entities find … Continue Reading

Best Cybersecurity Practices for Healthcare Organizations – Ransomware Prevention

This article is part of a series of blog posts exploring the recommendations and guidance Health & Human Services (HHS) provides to healthcare organizations in its “Cybersecurity Best Practices” report. For previous articles in the series, click here. The report on cybersecurity best practices (Report) is not the first time HHS has discussed the prevalent … Continue Reading

What Can We Learn From the Healthcare Data Breach ‘Wall of Shame’?

In addition to dealing with the public outcry and regulatory scrutiny resulting from a healthcare data breach, covered entities under the Health Insurance Portability and Accountability Act (or their business associates) are required to report breaches to the Department of Health & Human Services’ (HHS) Office for Civil Rights. But the pain doesn’t end there. … Continue Reading

Best Cybersecurity Practices for Healthcare Organizations – Phishing Prevention

This article is part of a series of blog posts exploring the recommendations and guidance Health and Human Services (HHS) provides healthcare organizations in its Cybersecurity Best Practices report. For previous articles in the series, click here. In its report on cybersecurity best practices, HHS highlights email phishing attacks as one of the top threats … Continue Reading

HHS Issues Cybersecurity Guidance for Healthcare Organizations

BakerHostetler will post a series of blogs to fully explore the recommendations and guidance Health and Human Services provides healthcare organizations in its report. Cyberattacks continue to rise across industries, and healthcare is no different. Eighty percent of U.S. physicians reported having experienced some form of cyberattack. In 2017, cyberattacks cost small and midsize businesses … Continue Reading

HHS OIG Launches Cybersecurity Webpage to Raise Awareness and Boost Cybersecurity Best Practices

Healthcare data can be up to 10 times more valuable to cyber criminals than credit card numbers, according to a report from the Department of Health & Human Services’ (HHS) Office of the Inspector General (OIG). And, with healthcare-focused ransomware attacks like WannaCry and NotPetya in the news more frequently, it’s no wonder that HHS OIG … Continue Reading
LexBlog