Top HIPAA-Compliant Fax Providers of 2023 – Grit Daily
Top HIPAA-Compliant Fax Providers of 2023 Grit Daily
Tele-Prescribing Flexibilities Extended Again In Second Temporary … – Mondaq News Alerts
Tele-Prescribing Flexibilities Extended Again In Second Temporary ... Mondaq News Alerts
OCR Issues Telehealth Guidance for Providers and Patients – HIPAA Journal
OCR Issues Telehealth Guidance for Providers and Patients
The HHS’ Office for Civil Rights has issued new guidance for healthcare providers to help them educate patients about privacy and security risks when using remote communications technologies for telehealth visits and recommendations for patients on how they can protect and secure their health information.
During the pandemic, healthcare providers massively expanded their telehealth services to ensure that patients could access the medical services they needed while reducing the risk of contracting COVID-19. OCR issued a Notice of Enforcement Discretion covering the good faith provision of telehealth services to make it easier for healthcare providers to provide telehealth services during the pandemic by using non-public-facing communications platforms that are not fully HIPAA compliant, such as platforms where vendors would not enter into business associate agreements. Now that the COVID-19 public health emergency has been declared over, OCR’s telehealth Notice of Enforcement Discretion has expired; however, OCR continues to support telehealth services, which have proven popular with both providers and patients.
Telehealth Privacy and Security Risks
Healthcare providers must ensure that the communications platforms they use for providing telehealth services support HIPAA compliance. Even when ‘HIPAA-compliant’ platforms are used for telehealth there are still privacy and security risks that must be addressed and reduced to a low and acceptable level. In the summer of 2022, ahead of the telehealth flexibilities coming to an end, OCR issued guidance for healthcare providers on HIPAA and audio-only telehealth services.
While HIPAA does not require healthcare providers to educate patients about the privacy and security risks associated with telehealth, a Government Accountability Office (GAO) review of the Medicare telehealth services provided during the COVID-19 – Medicare Telehealth: Actions Needed to Strengthen Oversight and Help Providers Educate Patients on Privacy and Security Risks – recommended OCR issue guidance to help healthcare providers explain the privacy and security risks associated with telehealth services to patients.
During the review, GAO identified numerous complaints that had been made about the use of non-compliant technology during the pandemic, more than 3 dozen complaints had been filed about the presence of third parties during appointments, and there were instances where providers shared PHI without obtaining patient consent. GAO concluded that there was a need for additional education and outreach to help providers explain the privacy and security risks to patients associated with telehealth to make sure that those risks are fully understood. OCR concurred with the recommendation and agreed to publish new guidance.
New OCR Telehealth Privacy and Security Resources
Two guidance resources were published by OCR on October 18, 2023. The first guidance document is for healthcare providers to help them educate patients about the privacy and security risks associated with remote communication technologies, and the second guidance document is for patients and offers tips on privacy and security when taking advantage of telehealth services.
The provider guidance – Educating Patients about Privacy and Security Risks to Protected Health Information when Using Remote Communication Technologies for Telehealth – offers suggestions for healthcare providers to help them discuss the telehealth options offered, the potential risks to protected health information associated with remote communications technologies, the privacy and security practices of vendors telehealth communication tools, and the applicability of civil rights laws.
The patient guidance – Telehealth Privacy and Security Tips for Patients – offers recommendations for patients on how they can protect and secure their protected health information, such as the importance of conducting telehealth visits in private settings, activating multi-factor authentication, using encryption, and avoiding using public Wi-Fi networks.
“Telehealth is a wonderful tool that can increase patients’ access to health care and improve health care outcomes,” said OCR Director Melanie Fontes Rainer. “Health care providers can support telehealth by helping patients understand privacy and security risks and effective cybersecurity practices so patients are confident that their health information remains private.”
The post OCR Issues Telehealth Guidance for Providers and Patients appeared first on HIPAA Journal.
False Claims Act Case Unsealed Against Cerebral, Showing … – Mondaq News Alerts
False Claims Act Case Unsealed Against Cerebral, Showing ... Mondaq News Alerts
236,000 Individuals Affected by Fairfax Oral and Maxillofacial … – HIPAA Journal
236,000 Individuals Affected by Fairfax Oral and Maxillofacial Surgery Ransomware Attack
Fairfax Oral and Maxillofacial Surgery in Virginia has confirmed that the protected health information of up to 235,931 individuals was potentially compromised in a ransomware attack in May 2023. The security incident was detected on May 16, 2023, when files were encrypted on its systems. The forensic investigation determined that an unauthorized third party had access to its network between May 15 and May 16, 2023.
According to the breach notification submitted to the Maine Attorney General, the investigation did not find any evidence of data theft, although the possibility that files were stolen could not be ruled out. The review of the files on the affected parts of the network determined they contained information such as names, driver’s license numbers, health insurance information, medical history information, and for some individuals, Social Security numbers. Fairfax Oral and Maxillofacial Surgery said it has taken steps to reduce the risk of this type of incident occurring in the future, including enhancing its technical security measures. A complimentary one-year membership to the Experian IdentityWorksSM Credit 3B service has been offered to the affected individuals.
Henwood Family Dentistry Says 7,300 Patients Affected by Cyberattack
Borgfeld Dental Center PLLC, doing business as Henwood Family Dentistry in San Antonio, TX, has recently announced that the protected health information of 7,300 patients was potentially accessed by unauthorized individuals in August. The security breach was detected on August 17, 2023, and the forensic investigation determined that access was gained to a desktop computer via a remote-access tool, and the credentials for a user account were used to access its network.
Henwood Family Dentistry said it is aware that one of its patients has been contacted directly by the attacker, and has advised patients not to engage with the attacker if they are contacted. The Federal Bureau of Investigation has been notified about the attack and is investigating. The types of data exposed varied from individual to individual and may have included one or more of the following: full name, date of birth, address, telephone number, email address, Social Security number, driver’s license number, government-issued identification number, health insurance information, and/or information regarding dental/orthodontic care.
Henwood Family Dentistry said it took several mitigation steps, including blocking the unauthorized access, changing passwords, replacing the hard drives of the affected computers, and has reviewed its security strategies and systems to identify possible enhancements. Affected individuals have been offered complimentary credit monitoring and identity theft protection services.
Piedmont Healthcare Affected by Cyberattack on Administrative Services Provider
Piedmont Healthcare, Inc., a 23-hospital health system serving the southeast United States, was affected by a cyberattack on its claims processing and administrative services provider, Pharm-Pacc. The attack was detected on March 24, 2023, and on or around March 15, 2023, it was confirmed that protected health information stored on Pharm-Pacc’s systems was accessed. Piedmont Healthcare was notified it was affected on July 14, 2023. Pharm-Pacc has offered the affected individuals 12 months of credit monitoring, fraud consultation, and identity theft restoration services. 895 Piedmont patients are known to have been affected.
Surround Care Impacted by Navvis & Company Cyberattack
Surround Care, LLC, a wholly owned subsidiary of Navvis & Company, has confirmed that the protected health information of 917 individuals has been exposed in a cyberattack. The attack was detected on July 25, 2023, and the forensic investigation confirmed that an unauthorized third party had access to its network between July 12, 2023, and July 25, 2023. The exposed information included names, dates of birth, Medicaid/Medicare ID numbers, health plan information, medical treatment information, medical record numbers, patient account numbers, case identification numbers, provider/ doctor information, health record information, and for some individuals, Social Security numbers. Surround Care said no evidence of any identity theft or fraud has been identified in connection with this incident.
MOVEit Hacking Victims
Many HIPAA-covered entities and business associates have reported being affected by the mass exploitation of a zero-day vulnerability in Progress Software’s MOVEit file transfer solution in May 2023. IBM and San Diego Pace have now confirmed that they were affected.
IBM
IBM has started notifying 630,755 individuals that some of their protected health information was stolen by the Clop group when it exploited the MOVEit vulnerability in late May. The attack on IBM also affected the Missouri Department of Social Services (DSS), which reported that names, department client numbers, dates of birth, benefit eligibility status or coverage, and medical claims information, were compromised in the attack. The Colorado Department of Health Care Policy & Financing (HCPF) was also affected and said the protected health information of 4,091,794 individuals was stolen. In total, the data of more than 10 million individuals is believed to have been stolen in the attack on IBM.
San Diego PACE
San Diego PACE, a specialized health plan for individuals over 55 years of age, has confirmed that the information of some of its members has been stolen in a cyberattack on one of its vendors. Cognisight is a business associate that provides healthcare management services to San Diago PACE and uses Progress Software’s MOVEit solution for file transfers. The MOVEit solution was compromised in late May and on June 5, 2023, it was confirmed that some plan member data had been stolen. The delay in issuing notifications was due to the time taken to review the affected files and obtain up-to-date contact information. Affected individuals have been offered complimentary credit monitoring services.
The post 236,000 Individuals Affected by Fairfax Oral and Maxillofacial Surgery Ransomware Attack appeared first on HIPAA Journal.
WHO outlines considerations for regulation of artificial intelligence … – World Health Organization
WHO outlines considerations for regulation of artificial intelligence ... World Health Organization
Finding a Health Equity Partner for Language Services – Healthcare IT Today
Finding a Health Equity Partner for Language Services Healthcare IT Today