ONC Report to Congress Identifies Gaps in Oversight of Privacy and Security of MHealth Technologies and Health Social Media
Earlier this month the U.S. Department of Health and Human Services (HHS), Office of the National Coordinator for Health Information Technology (ONC), released a report to Congress highlighting “large gaps” in policies and oversight surrounding access to and security and privacy of health information held by certain “mHealth technologies” and “health social media.”
The HIPAA violation in violation of a Business Associate Agreement (BAA) resulted from extensive PHI on an iPhone which “included social security numbers, information regarding diagnosis and treatment, medical procedures, names of family members and legal guardians, and medication information” according to a recent report from the Office for Civil Rights (OCR) of U.S. Department of Health and Human Services.
Following a recent U.S. government interagency report indicating that, on average, there has been an alarming 300 percent spike in daily ransomware attacks since early 2016 as compared with 2015, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) released new Health Insurance Portability and Accountability Act (“HIPAA”) guidance on ransomware.
The Office for Civil Rights (OCR) has obtained another big settlement from a covered entity resulting from a data breach.
For years, many questioned whether the HIPAA privacy and security rules would be enforced.
In light of the increasing number of high-profile ransomware attacks that have recently occurred and the threat these attacks pose to the health care industry in particular, the Office for Civil Rights (“OCR”) released guidance on July 11, 2016 regarding ransomware and HIPAA.
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced an agreement with Catholic Health Services of the Archdiocese of Philadelphia (CHCS), settling allegations that CHCS violated the Health Insurance Portability and Accountability Act (HIPAA) Security Rule by failing to protect electronic protected health information (ePHI).
The Office of Civil Rights (OCR) of the Department of Health and Human Services has moved forward with Phase 2 of its Health Insurance Portability and Accountability Act of 1996 (HIPAA) audit program.
“The FBI has reported an increase in ransomware attacks and media have reported a number of ransomware attacks on hospitals” and as a result the Office for Civil Rights (OCR) for the US Department of Health & Human Services (HHS) issued a Fact Sheet and report on July 11, 2016 entitled “Your Money or Your PHI: New Guidance on Ransomware.”