HIPAA Blog

2017 is Raising the Bar for Annual HIPAA Breaches

HIPAA News

This week MSPmentor published an article online regarding the current pace of HIPAA breaches potentially doubling that of 2016. According to the article, the 66 percent increase – thus far – is driven by a sharp rise in the number of incidents designated as “Hacking/IT Incident,” which were up 82 percent, to 104 in 2017. The second most common cause for a HIPAA breach this year was unauthorized access or disclosure, which totaled 69 cases. An MSPmentor review of records maintained by the U.S. Department of Health and Human Services Office of Civil Rights (OCR) suggests hackers are stepping up attacks against healthcare targets, which hold the holy grail of data: Detailed medical information.

For the full article visit MSPmentor’s website here.

For daily HIPPA News visit our HIPAA News sidebar at https://hipaanews.net.

If you would like to receive an email update every time HIPAA news posts a blog, sign up on our website at https://hipaanews.net or follow us on Facebook at https://www.facebook.com/hipaanews.

Ensuring Availability of HIPAA During Natural Disasters

This week Mondaq published an article online regarding the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reminded health care providers of the importance of ensuring the availability and security of health information during and after natural disasters.

According to the article, OCR recently published a bulletin during Hurricane Harvey discussing how the HIPAA Privacy Rule applies to sharing protected health information (PHI) during natural disasters. Recirculated while Irma was looming, the guidance document reminds health care providers that HHS may waive sanctions and penalties against a covered hospital for certain activities (e.g., obtaining a patient’s agreement before speaking with family or friends involved in the patient’s care) during an emergency. However, the waiver is limited to certain hospitals located within an emergency area and for a specific period of time. More importantly, OCR noted in the bulletin that the Privacy Rule still applies to covered entities and their business associates during such emergencies, but the Privacy Rule does allow the disclosure of PHI without the patient’s consent for the patient’s treatment or public health activities. Covered entities may also share PHI with a patient’s family or friends identified by the patient as being involved in their care, but OCR recommends that the covered entities obtain verbal permission or otherwise confirm that the patient does not object to sharing the information with these individuals.

For the full article visit Mondaq’s website here.

For daily HIPPA News visit our HIPAA News sidebar at https://hipaanews.net

If you would like to receive an email update every time HIPAA news posts a blog, sign up on our website at https://hipaanews.net or follow us on Facebook at https://www.facebook.com/hipaanews