Healthcare Information Security

HHS

OIG Finds Vulnerabilities in HHS Security Controls, Detection

March 13, 2019 - The Department of Health and Human Services’ Operating Divisions (OPDIVs) needs to improve its security controls to more effectively detect and prevent cyberattacks, according to a new Office of Inspector General report. Officials said they conducted audits during fiscal years 2016 and 2017 at eight OPDIVs sites by pen testing network and web applications. The goal was to...


More Articles

HIPAA Needs Clarity Around Patient Data Sharing, AMIA, AHIMA say

by Jessica Davis

In recommendations to the Department of Health and Human Services, the American Health Information Management Association and American Medical Informatics Association are recommending updates to HIPAA that would both clarify right to...

The Hits and Misses of HHS Healthcare Cybersecurity Guidelines

by Jessica Davis

The Department of Health and Human Services released a four-volume set of cybersecurity guidelines for the healthcare sector last month, which was applauded by many for its extensive breakdown of both risks and mitigations. Drafted in...

Feds Issue Emergency Directive on DNS Infrastructure Hijacking Attacks

by Jessica Davis

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency issued a rare emergency directive to all federal agencies to secure its DNS infrastructure, in the wake of a mass DNS infrastructure hijacking...

OCR Hiring Deputy Director for Health Information Privacy

by Jessica Davis

The Department of Health and Human Services’ Office for Civil Rights is looking to hire a Deputy Director of Health Information Privacy, according to a job listing posted on January 14. According to the post on USAJOBS, the senior...

HHS Releases Best Practice Healthcare Cybersecurity Guidelines

by Jessica Davis

The Department of Health and Human Services issued cybersecurity guidelines for the healthcare sector on Friday, focused on voluntary cybersecurity practices to reduce security risks and bolster cybersecurity programs across the...

HHS, OCR Seek Industry Feedback on HIPAA Update for Data Sharing

by Jessica Davis

The Department of Health and Human Service and the Office for Civil Rights are seeking industry feedback on how to improve HIPAA guidance, especially around care coordination. The OCR Request for Information comes in response to an...

HSCC Wants Healthcare Cybersecurity Waiver to Anti-kickback Rules

by Fred Donovan

The Healthcare Sector Coordinating Council (HSCC) asked the HHS OIG for a waiver to the anti-kickback rules to enable the donation of healthcare cybersecurity technology and services to improve the cybersecurity of smaller healthcare...

Another Major Storm, Another HHS HIPAA Privacy Rule Waiver

by Fred Donovan

HHS Secretary Alex Azar has issued another HIPAA Privacy Rule waiver for US territory the Northern Marianas Islands, which was devastated by Super Typhoon Yutu this week. Super Typhoon Yutu was a Category 5 storm when it hit the Northern...

Mistakes, Not Hacks, Make Up Bulk of Medicaid Data Breaches

by Fred Donovan

Most of the Medicaid data breaches that state agencies and their contractors reported in 2016 disclosed information about a single individual and often resulted from misdirected letters or faxes, according to a report released last week by...

Azar Issues 2nd HIPAA Privacy Rule Waiver in As Many Months

by Fred Donovan

As in the case of Hurricane Florence, HHS Secretary Alex Azar has waived sanctions and penalties under certain HIPAA Privacy Rule provisions for areas impacted by Hurricane Michael. The waiver is intended to enable greater information...

OIG Forms Team to Protect HHS, Boost Cybersecurity Best Practices

by Fred Donovan

The HHS OIG has formed a multidisciplinary cybersecurity team composed of auditors, evaluators, investigators, and attorneys from various HHS agencies to help protect department data and systems and foster cybersecurity best practices...

HHS Still Leads in DMARC Implementation To Stop Phishing Attacks

by Fred Donovan

With the Oct. 16 deadline looming, HHS continues to lead in securing the most domains of any federal agency as part of the DMARC protocol implementation, which is designed to prevent phishing attacks from succeeding. As of Sept. 14, HHS...

Azar Waives HIPAA Privacy Rule Sanctions for Hurricane Response

by Fred Donovan

HHS Secretary Alex Azar has waived sanctions and penalties under certain HIPAA Privacy Rule provisions that apply to hospitals to enable greater sharing of information in response to Hurricane Florence making landfall on the East...

OIG Faults Maryland for Inadequate Medicaid Data Security

by Fred Donovan

The HHS Office of Inspector General (OIG) has found that Maryland’s Medicaid data security program has failed to secure sensitive data and information systems. An OIG audit released August 14 concluded that numerous, significant...

OCR Levies Close to $80M in HIPAA Privacy Rule Fines

by Fred Donovan

OCR has assessed close to $80 million in fines in 55 cases of HIPAA Privacy Rule violations since the rule took effect in April 2003, according to data on the HHS website. OCR has received 184,614 HIPAA complaints and has initiated 902...

HHS Leads Federal Agencies in Email Security Implementation

by Fred Donovan

HHS has secured the most domains of any federal agency as part of the DMARC email security protocol implementation mandated by the Department of Homeland Security (DHS), according to a study by email security firm Agari. The Domain-based...

HHS Pushes for Changes to HIPAA Privacy Rule, 42 CFR Part 2

by Fred Donovan

In the next few months, HHS plans to issue requests for information (RFIs) about changing the HIPAA Privacy Rule and 42 CFR Part 2 to make it easier for doctors, hospitals, and payers to coordinate in delivering value-based care and...

Response to Spectre, Meltdown Cybersecurity Vulnerabilities Queried

by Fred Donovan

US lawmakers want answers from the Software Engineering Institute’s (SEI) CERT Coordination Center (CERT-CC) to questions about the industry's response to the Spectre and Meltdown cybersecurity vulnerabilities disclosed in...

CHIME Says Healthcare Cybersecurity Should Be Innovation Focus

by Fred Donovan

Healthcare cybersecurity should be one focus area of a public-private workgroup that HHS is suggesting to examine healthcare innovation and investment, argued the College of Healthcare Information Management Executives (CHIME) in its...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...