Healthcare Information Security

HHS

HSCC Wants Healthcare Cybersecurity Waiver to Anti-kickback Rules

October 29, 2018 - The Healthcare Sector Coordinating Council (HSCC) asked the HHS OIG for a waiver to the anti-kickback rules to enable the donation of healthcare cybersecurity technology and services to improve the cybersecurity of smaller healthcare providers, protect patient safety and data, and promote secure data exchange. In developing the exception, the HSCC recommended that OIG work with public...


More Articles

Another Major Storm, Another HHS HIPAA Privacy Rule Waiver

by Fred Donovan

HHS Secretary Alex Azar has issued another HIPAA Privacy Rule waiver for US territory the Northern Marianas Islands, which was devastated by Super Typhoon Yutu this week. Super Typhoon Yutu was a Category 5 storm when it hit the Northern...

Mistakes, Not Hacks, Make Up Bulk of Medicaid Data Breaches

by Fred Donovan

Most of the Medicaid data breaches that state agencies and their contractors reported in 2016 disclosed information about a single individual and often resulted from misdirected letters or faxes, according to a report released last week by...

Azar Issues 2nd HIPAA Privacy Rule Waiver in As Many Months

by Fred Donovan

As in the case of Hurricane Florence, HHS Secretary Alex Azar has waived sanctions and penalties under certain HIPAA Privacy Rule provisions for areas impacted by Hurricane Michael. The waiver is intended to enable greater information...

OIG Forms Team to Protect HHS, Boost Cybersecurity Best Practices

by Fred Donovan

The HHS OIG has formed a multidisciplinary cybersecurity team composed of auditors, evaluators, investigators, and attorneys from various HHS agencies to help protect department data and systems and foster cybersecurity best practices...

HHS Still Leads in DMARC Implementation To Stop Phishing Attacks

by Fred Donovan

With the Oct. 16 deadline looming, HHS continues to lead in securing the most domains of any federal agency as part of the DMARC protocol implementation, which is designed to prevent phishing attacks from succeeding. As of Sept. 14, HHS...

Azar Waives HIPAA Privacy Rule Sanctions for Hurricane Response

by Fred Donovan

HHS Secretary Alex Azar has waived sanctions and penalties under certain HIPAA Privacy Rule provisions that apply to hospitals to enable greater sharing of information in response to Hurricane Florence making landfall on the East...

OIG Faults Maryland for Inadequate Medicaid Data Security

by Fred Donovan

The HHS Office of Inspector General (OIG) has found that Maryland’s Medicaid data security program has failed to secure sensitive data and information systems. An OIG audit released August 14 concluded that numerous, significant...

OCR Levies Close to $80M in HIPAA Privacy Rule Fines

by Fred Donovan

OCR has assessed close to $80 million in fines in 55 cases of HIPAA Privacy Rule violations since the rule took effect in April 2003, according to data on the HHS website. OCR has received 184,614 HIPAA complaints and has initiated 902...

HHS Leads Federal Agencies in Email Security Implementation

by Fred Donovan

HHS has secured the most domains of any federal agency as part of the DMARC email security protocol implementation mandated by the Department of Homeland Security (DHS), according to a study by email security firm Agari. The Domain-based...

HHS Pushes for Changes to HIPAA Privacy Rule, 42 CFR Part 2

by Fred Donovan

In the next few months, HHS plans to issue requests for information (RFIs) about changing the HIPAA Privacy Rule and 42 CFR Part 2 to make it easier for doctors, hospitals, and payers to coordinate in delivering value-based care and...

Response to Spectre, Meltdown Cybersecurity Vulnerabilities Queried

by Fred Donovan

US lawmakers want answers from the Software Engineering Institute’s (SEI) CERT Coordination Center (CERT-CC) to questions about the industry's response to the Spectre and Meltdown cybersecurity vulnerabilities disclosed in...

CHIME Says Healthcare Cybersecurity Should Be Innovation Focus

by Fred Donovan

Healthcare cybersecurity should be one focus area of a public-private workgroup that HHS is suggesting to examine healthcare innovation and investment, argued the College of Healthcare Information Management Executives (CHIME) in its...

Michigan Medicine Admits to Healthcare Data Breach in Laptop Theft

by Fred Donovan

University of Michigan’s Michigan Medicine announced June 25 that around 870 patients were affected by a healthcare data breach that involved the theft of an unencrypted laptop with PHI from an employee’s car. The theft...

Recent WannaCrypt Ransomware Attack Not Really Ransomware

by Fred Donovan

When you mention the word WannaCry, health IT security folks break into a cold sweat. They remember the havoc that the WannaCry ransomware attack wreaked on the healthcare industry last year. Cybercriminals claiming to be from the...

Congress Turns Up Heat on HHS About Cybersecurity Threat Report

by Fred Donovan

Congress is taking HHS to task about problems with the department’s cybersecurity threat report required by the Cybersecurity Information Sharing Act of 2015. The HHS Cyber Threat Preparedness Report (CTPR) “omitted or lacked...

Feds Need to Do Better Job With EHR Data Security, Privacy

by Fred Donovan

The US federal government needs to do a better job at EHR data security and privacy, concluded a federal IT systems audit by the Government Accountability Office (GAO) released May 23. The federal government also must ensure privacy is...

Judge Upholds Doc’s Conviction for Criminal HIPAA Violation

by Fred Donovan

US District Judge Mark G. Mastroianni upheld May 16 a federal jury’s earlier conviction of Rita Luthra, a Springfield, Massachusetts-based gynecologist, for a criminal HIPAA violation and obstructing a criminal healthcare...

Massachusetts Physician Convicted of Criminal HIPAA Violation

by Fred Donovan

A federal jury has convicted Rita Luthra, a Springfield, Massachusetts-based gynecologist, of a criminal HIPAA violation and obstructing a criminal healthcare investigation, US Department of Justice (DoJ) announced April 30. DoJ alleged...

SamSam Ransomware Attackers Target Healthcare Providers

by Fred Donovan

So far this year, there have been at least eight cyberattacks on healthcare and government organizations employing the SamSam ransomware, the Department of Health and Human Services (HHS) said in a report released March 30. SamSam...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...