Late last week, the HHS Office for Civil Rights (OCR) and Office of the National Coordinator for Health Information Technology (ONC) released a security risk assessment (SRA) tool designed to help health care providers conduct risk assessments as required by the HIPAA Security Rule. Under the Security Rule, health care providers must perform risk assessments […]
Health Information Security
LabMD’s Federal Court Actions Against the FTC Dismissed
LabMD is back in the news. This time, however, it’s not the FTC’s administrative action against LabMD that’s making headlines. (For information about the administrative action, please see our prior posts here and here.) Instead, LabMD’s federal court actions against the FTC – one in the United States Court of Appeals for the Eleventh Circuit and […]
HIPAA Audit Program Returning?
We previously blogged about the Office for Civil Rights’ (OCR) HIPAA Privacy, Security and Breach Audit Program (HIPAA Audit Program) on November 30, 2011, March 7, 2012, and June 26, 2012. On Monday, OCR published a notice in the Federal Register in which it essentially announces the return of its HIPAA Audit Program. In the notice, […]
House of Representatives Passes Health Exchange Security and Transparency Act of 2014: HR 3811 Would Require HHS to Notify Affected Individuals of a Breach of a Health Insurance Exchange Within 2 Days of Discovery
On Friday, January 10, 2014, the House of Representatives passed H.R. 3811, the “Health Exchange Security and Transparency Act of 2014” by a vote of 291 to 122. The bill was introduced on January 7, 2014 by Representative Joe Pitts (R-PA), and has a total of 75 cosponsors. Under the bill, the Secretary of Health […]
CMS Releases Updated HIPAA Security Risk Analysis Tipsheet for EHR Meaningful Use Program
The Centers for Medicare & Medicaid Services (CMS), in conjunction with the HHS Office for Civil Rights (OCR), has recently issued an updated tipsheet on conducting a security risk assessment for health care providers participating in CMS’s Electronic Health Records (EHR) Incentive Programs. To receive incentive payments through the program, providers must demonstrate meaningful use […]