Are You Encrypting Your Laptops and Other Portable Devices? HIPAA & HITECH Act Blog by Jonathan P. Tomes
Although encrypting portable devices is not absolutely required by the Security Rule—that is, it is an addressable, not a required, implementation specification—another seven-figure penalty demonstrates .. read more
OCR Reveals Its Right of Access Enforcement Priorities: HIPAA & HITECH Act Blog by Jonathan P. Tomes
At a major annual HIPAA conference, Roger Severino, Director of the Department of Health and Human Services (“DHHS”) Office for Civil Rights (“OCR”), revealed its .. read more
PHI with No Cover Sheet Warning Left on a Desk—Who’s Liable? HIPAA & HITECH Act Blog by Jonathan P. Tomes
One of our EMR Legal clients and Veterans Press customers recently emailed me the following question: If a workforce member leaves a page from a .. read more
New Ransomware Policy Posted for Premium Members: HIPAA & HITECH Act Blog by Jonathan P. Tomes
Ransomware continues to be one of the most serious threats to health information and may be the most serious threat, so you may need a .. read more
Dental Practice Yelps to the Tune of $10,000 HHS OCR HIPAA Fine: HIPAA & HITECH Act Blog by Jonathan P. Tomes
A patient of Elite Dental Services of Dallas, Texas left a review of the practice on Yelp, a business directory service out of San Francisco. .. read more
HHS OCR Issues New Guidance for Malicious Workforce Threats: HIPAA & HITECH Act Blog by Jonathan P. Tomes
The 2018 Protected Health Information Data Breach Report found that 58 percent of security incidents resulted from insiders rather than outsiders, such as hackers. Discussing .. read more
Who’s the Biggest Ransomware Attack Target? YOU!: HIPAA & HITECH Act Blog by Jonathan P. Tomes
A recent, May 1, 2019, study by the endpoint security firm Cylance determined that the health care industry was the biggest target for malware attacks .. read more
Building Security—More Than Just Locks on the Doors: HIPAA & HITECH Act Blog by Jonathan P. Tomes
In this digital world, forgetting about something as low-tech as physical security of the building in which a covered entity or a business associate is .. read more
The State Attorney General Won’t Sue You for a HIPAA Violation, So You Won’t Be Sued, Right? Wrong: HIPAA & HITECH Act Blog by Jonathan P. Tomes
The initial conventional wisdom when HIPAA first came out was that a covered entity could not be sued for a HIPAA violation because it was .. read more
Changed HIPAA and HITECH Penalties—a Boon or a Trap for the Unwary: HIPAA & HITECH Act Blog by Jonathan P. Tomes
The Department of Health and Human Services (“HHS”) has announced a new penalty structure for the civil money penalties (“CMPs”) for HIPAA violations that apparently .. read more