The Biden administration's fiscal 2022 proposed budget for the Department of Health and Human Services calls for an increase in spending to protect HHS from
LinkedIn
HIPAA compliance is a complex cybersecurity standard with onerous consequences for failure. Securing Protected Health Information (PHI) at rest and in transit is the critical piece that is too often neglected until it leads to breaches of HIPAA requirements.
HIPAA’s Final Omnibus Rule in 2013 doubled the maximum fine for a single violation of HIPAA from $25,000 to $50,000 per compromised patient record. Meaning the potential penalty for failing to secure PHI adequately could run into the hundreds of millions of dollars, even for a breach of just a few thousand records. Adequately securing data per HIPAA requirements is a bet-the-business exercise in security sufficiency and knowing whether security measures were performed to HIPAA’s high standards is a necessity.
Exclusive Interview: New HHS ONC Leader on Health Data Security
Compliance
Compliance
Compliance
HealthInfoSec) • May 7, 2021
Micky Tripathi, national coordinator for health IT at HHS
As patients more commonly use smartphones and APIs to access their health information, critical security and privacy considerations need to be top of mind, says Micky Tripathi, the new Department of Health and Human Services national coordinator for health IT. There are real concerns, Tripathi says in a video interview with Information Security Media Group. The challenge that we have is that we are putting into place and encouraging the use of technologies that we believe have an overarching benefit of patients being able to have more access and control over their health information - to use it for purposes that will benefit themselves. But that doesn t mean that there aren t some risks along the way … and
New Regs Aim to Improve Patient Records Access, Sharing
HealthInfoSec) • April 8, 2021 Get Permission
Long-awaited federal information blocking and health IT interoperability regulations under the 21st Century Cures Act went into effect this week. They are designed to give patients improved access to their records, including via smartphone apps, and make it easier for organizations to share records in an effort to improve treatment.
The Department of Health and Human Services Office of the National Coordinator for Health IT, in a blog post said the Monday compliance deadline for the regulations, which were issued in March 2020, marked a new day for interoperability.
The Complaint
HHS OCR says that in June 2019, it received a complaint alleging that Sharp failed to take timely action in response to a patient s records access request directing that an electronic copy of protected health information in an electronic health record be sent to a third party.
OCR says it provided Sharp with technical assistance on the HIPAA right of access requirements. But in August 2019, OCR received a second complaint alleging that Sharp still had not responded to the patient s records access request.
OCR initiated an investigation, and Sharp eventually provided access to the requested records.
Corrective Actions
As in OCR s 15 previous right of access settlements with other entities, in addition to the monetary settlement, Sharp will undertake a corrective action plan that includes two years of monitoring.