Important Government Warnings about Ransomware: HIPAA & HITECH Act Blog by Jonathan P. Tomes
You may think that I am going overboard with all my recent blogs about ransomware. But I’m not. It is that much of a problem. .. read more
OCR Relaxes Telemedicine Enforcement During Coronavirus Pandemic: HIPAA & HITECH Act Blog by Jonathan P. Tomes
During the COVID-19 public health emergency, the U.S. Department of Health and Human Services (“HHS”) has authorized HIPAA covered entity providers to communicate with patients .. read more
Are You Encrypting Your Laptops and Other Portable Devices? HIPAA & HITECH Act Blog by Jonathan P. Tomes
Although encrypting portable devices is not absolutely required by the Security Rule—that is, it is an addressable, not a required, implementation specification—another seven-figure penalty demonstrates .. read more
A Masochist’s Guide to Getting a Huge, Painful HIPAA Penalty: HIPAA & HITECH Act Blog by Jonathan P. Tomes
A cynic might wonder whether some covered entities, and now business associates, want to become famous (perhaps infamous would be a better word) and break .. read more
HHS Civil Money Penalties (“CMPs”) Aren’t the Only Ones! And Do You Need Insurance? HIPAA & HITECH Act Blog by Jonathan P. Tomes
UCLA Health recently settled a class action lawsuit against it for $7.5 million. The plaintiffs were victims of a hack attack on UCLA’s network that .. read more
Reducing mIoT Risks: HIPAA & HITECH Act Blog by Jonathan P. Tomes
In two recent blogs, we have discussed how the Internet of Things (“IoT”) has become the mIoT—that is, the medical Internet of Things―and what this .. read more
HIPAA and NIST: What’s the Connection? HIPAA & HITECH Act Blog by Jonathan P. Tomes
The National Institute for Standards and Technology [“NIST”] first became involved with HIPAA when it published “An Introductory Resource Guide for Implementing the Health Insurance .. read more
Securing EHRs on Mobile Devices—New NIST Guidance: HIPAA & HITECH Act Blog by Jonathan P. Tomes
The single biggest category of DHHS civil money penalties involves loss or theft of EHRs on mobile devices. The only guidance in the Security Rule .. read more
DHHS Issues Reminder to Address Physical Security, Particularly Workstation Security: HIPAA & HITECH Act Blog by Jonathan P. Tomes
In May 2018, the U.S. Department of Health and Human Services (“DHHS”) Office for Civil Rights (“OCR”) issued its Cybersecurity Newsletter, “Workstation Security: Don’t Forget .. read more
NCCoE and NIST Guidelines for Ransomware Recovery: HIPAA & HITECH Act Blog by Jonathan P. Tomes
Little doubt exists that ransomware is a major threat to the availability of health information. Ransomware is a type of malicious software from cryptovirology, a .. read more