Risk Assessment

ONC, OCR Release Updated Version of HHS Security Risk Assessment (SRA) Tool

June 15, 2022 - The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) released version 3.3 of the HHS Security Risk Assessment (SRA) Tool. ONC and OCR developed the SRA Tool to help HIPAA-covered entities navigate risk assessment requirements under the HIPAA Security Rule. The tool is a software...


More Articles

The Importance of Third-Party Risk Assessments in Healthcare

by Jill McKeon

Healthcare organizations can have the most sophisticated internal security protocols, but failing to assess third-party risk may leave organizations vulnerable to data breaches nonetheless. Threat actors are increasingly using third-party...

FCC Finalizes Best Practices to Combat Hospital Robocalls

by Jill McKeon

In a public notice, the Federal Communications Commission (FCC) concluded its assessment on the widespread adoption of the Hospital Robocall Protection Group’s (HRPG) best practices. The FCC...

OCR Settles with AEON Clinical for $25K Over Multiple HIPAA Failures

by Jessica Davis

Peachstate Health Management, doing business as AEON Clinical Laboratories, has settled with the Department of Health and Human Services Office for Civil Rights for $25,000 and agreed to a...

Healthcare’s Biggest Cybersecurity Blind Spots and Misconceptions

by Jessica Davis

Threat actors are moving at a drastic pace and with stealthy tactics able to hide their activities from system administrators. The truth is that healthcare is struggling with some massive cybersecurity...

Insurer Pays $5.1M OCR Penalty for Data Breach Involving 9.3M Patients

by Jessica Davis

New York-based Excellus Health Plan, doing business as Excellus BlueCross BlueShield and Univera Healthcare, agreed to a $5.1 million civil monetary penalty and a corrective action plan with the...

OCR: Healthcare HIPAA Compliance Report Finds PHI Security Failures

by Jessica Davis

The Department of Health and Human Services Office for Civil Rights released an audit report on HIPAA compliance in the sector from 2016 to 2017 based on reviews of selected healthcare covered entities...

New Haven Pays OCR $202K for PHI Breach of 498 Patients, HIPAA Failure

by Jessica Davis

The Office for Civil Rights reached a settlement with the city of New Haven, Connecticut, including a $202,400 civil monetary penalty and a corrective action plan, following a...

OCR Settles With Business Associate CHSPSC for $2.3 Over Breach of 6M

by Jessica Davis

The Department of Health and Human Services Office for Civil Rights reached a $2.3 million settlement with CHSPSC, which provides services to hospitals and...

Just 44% of Healthcare Providers Meet NIST Cybersecurity Standards

by Jessica Davis

Only 44 percent of healthcare organizations, including hospitals and health systems, adhere to NIST cybersecurity framework standards, despite a drastic increase in healthcare data breaches in recent...

Senators Probe VA After Data Breach Affecting 46K Veterans, Providers

by Jessica Davis

A group of Democratic Senators led by Jon Tester, D-Montana, is demanding answers from the Department of Veterans Affairs after a reported data breach that impacted the personal and...

Athens Orthopedic Pays OCR $1.5M Over Systemic HIPAA Noncompliance

by Jessica Davis

The Office for Civil Rights reached a settlement with the Athens Orthopedic Clinic for $1.5 million over a 2016 data breach caused by the notorious hacking group...

HIPAA Compliance: ONC Updates Security Risk Assessment Tool

by Jessica Davis

The Office of the National Coordinator (ONC) in collaboration with the Office of Civil Rights released an update to the Department of Health and Human Services Security Risk Assessment Tool designed to...

5 Top Critical Vulnerabilities In Need of Patch, Software Update

by Jessica Davis

The healthcare sector has remained a crucial target for hackers over the course of the last five years. But despite a heavy reliance upon legacy technologies, industry stakeholders have...

OCR: IT Asset Inventory Can Improve HIPAA-Required Risk Analysis

by Jessica Davis

The Office for Civil Rights recently shared a detailed list of IT asset inventory steps, which can help covered entities and their business associates better fulfill the HIPAA Security Rule...

OCR Settles with Small Provider for $25K Over Multiple HIPAA Violations

by Jessica Davis

The Department of Health and Human Services Office for Civil Rights has reached a settlement with North Carolina-based Metropolitan Community Health Services, DBA Agape Health Services, over...

3 Key Ways to Bolster Healthcare Cybersecurity with MFA, Training

by Jessica Davis

Throughout the course of the first half of 2020, the FBI, the Department of Homeland Security, and a number of security agencies ramped up cybersecurity alerts -- many of which directed at the...

H-ISAC Shares Identity Management Framework for Healthcare CISOs

by Jessica Davis

The Health Information Sharing and Analysis Center recently released an identity management framework for the healthcare sector, designed to help chief information security officers better manage...

OCR Settles with Utah Provider for $100K Over HIPAA Security Failures

by Jessica Davis

The provider office of Steven Porter, MD in Ogden, Utah has settled with the Department of Health and Human Services Office for Civil Rights after failing to implement certain HIPAA security...