- OCR: We Want to See Contingency Plans - they are warning providers that a contingency plan is and has always been required.
- Expert: Make Cybersecurity Enterprisewide - indicating that using a risk based approach is the right solution.
- Survey: Half of IT professionals say health data is less secure than a year ago - This survey shows up in many articles, not much really is new here either.
- Experts: Train Employees Not To Snoop; Fire Those Who Do - that simple.. the part that most fail on is the ‘fire those who snoop’. But there is good evidence when the patient is a VIP.
- N.M. Medicaid Breach Affects 9,600 - Loss of an ‘unencrypted’ laptop.
- Civil rights office steps up health privacy enforcement - The privacy complaints are arriving and will cause providers to make changes. Providers have had 7 years to react to HIPAA Security/Privacy, OCR is making it real now. (Note found 4 articles on this same topic by different people)
- More Security Guidance Needed - now that OCR is enforcing, the Providers want guidance.
- Watch for ‘Reasonably Anticipated’ Threats - blah blah
- Encrypt, Log and Audit -Yes a good thing to do, but not really the message in the article
The Office for Civil Rights (OCR) is responsible for issuing periodic guidance on the provisions in the HIPAA Security Rule. (45 C.F.R. §§ 164.302 – 318.) This series of guidance documents will assist organizations in identifying and implementing the most effective and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic protected health information. The materials will be updated annually, as appropriate.Yes, nothing new… Well, what is new is a market place realization that they just might need to take security and privacy seriously.