In a release yesterday, HHS Secretary Tom Price stated that OCR will waive sanctions and financial penalties for specific Privacy Rule violations against hospitals in the Hurricane Harvey disaster area. This waiver is only applicable to the provisions of the...
The HIPAA Breach Notification Rule (45 CFR §§ 164.400-414) states that all covered entities must notify the HHS’ Office for Civil Rights of a breach of unsecured protected health information and issue notification letters to affected people without unreasonable delay...
The Department of Homeland Security has issued an alert over vulnerabilities in Siemens medical imaging devices. The vulnerabilities could be exploited remotely and attacks would require only a low level of skill. Exploits are publicly available that could allow...
The Health Information Trust Alliance (HITRUST) is looking to improve its threat information sharing capabilities and provide more assistance to HIPAA covered entities to help them manage cyber threats more effectively. HITRUST is already providing detailed...
The Breach Barometer mid year reviews has been released by Protenus, in conjunction with Databreaches.net. This report covers all data privacy breaches reported in health care over the past 6 months. It provides valuable insights into 2017 data breach trends for the...
The U.S. Senate has passed new legislation that will allow patients’ histories of drug addiction treatment to be shared with their physicians with consent. The legislation will help to ensure physicians can make more informed decisions about treatment for patients...
Regulations governing the treatment of substance use disorder records and HIPAA are currently at odds, although new legislation has been proposed to align both sets of regulations. Representatives Tim Murphy and Earl Blumenauer have introduced a new bill – The...
The Medical Device Cybersecurity Act introduced by Connecticut Senator Richard Blumenthal last week is intended to improve the security of medical devices by making it harder for the devices to be hacked. If the legislation is passed, medical device manufacturers will...
The Department of Health and Human Services’ Office for Civil Rights has reminded HIPAA-covered entities why security awareness training for healthcare employees is so important in its July Cybersecurity Newsletter. PHI security is not only about technological...