The Federal Trade Commission (FTC) recently issued Guidance to remind HIPAA compliant organizations that share and collect protected health information (PHI) for commercial activities that they must also comply with FTC Act disclosure requirements.
Recently, the Government Accountability Office (GAO) reviewed the U.S. Department of Health and Human Services’ (HHS) security and privacy oversight and identified significant gaps in the cybersecurity guidance provided by HHS to entities regulated by HIPAA.
Representatives from government and the private sector discussed the present state of healthcare cybersecurity, and experts discussed practical strategies for implementing the HIPAA Security Rule at the ninth annual “Safeguarding Health Information: Building Assurance through HIPAA Security” conference held from October 19–20, 2016 and co-hosted by the National Institute of Standards and Technology (NIST) and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR).
Covered Entities and Business Associates may be ringing in the New Year with the prospect of responding to on-site HIPAA audits by federal regulators.
There are arguments that there is a dearth of guidance by both the Office for Civil Rights (OCR) and Federal Trade Commission (FTC), so when guidance comes out, we listen.