Last week, I blogged about a recent U.S. Department of Health and Human Services Office of Civil Rights (OCR) announcement on its push to investigate smaller breaches (those involving fewer than 500 individuals).
Entities with smaller breaches hoping to fly under the radar may be out of luck.
What you might have thought was not a big breach (or a big deal in terms of HIPAA compliance), might end up being a big headache for covered entities and business associates.
The Department of Health and Human Services Office for Civil Rights (OCR) is the federal agency tasked with investigating data breaches involving protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA).
Phase 2 of the HIPAA audits is fully underway, and covered entities now can take a breath if they have not received a desk audit request.But we still are at the beginning of Phase 2, with more to come.
OCR to Focus More Investigative Resources On Smaller HIPAA Breaches with Less Than 500 Individuals Affected
The Department of Health & Human Services (DHHS) Office of Civil Rights (OCR) recently announced it will devote more resources to investigate smaller HIPAA breaches.
On August 4, 2016, the Office of Civil Rights of the U.S. Department of Health and Human Services (“OCR”) announced that it had reached the largest monetary settlement to date from a single entity for breaches of the Health Insurance Portability and Accountability Act (“HIPAA”).
Anytime we conduct a training, we can’t help but turn blue in the face repeating over and over again the importance of conducting an accurate and thorough risk analysis of electronic PHI (ePHI).