Healthcare Security & Compliance News

Analysis: HITECH Stage 3 Security Rules

by Randy Homa on March 24, 2015

Concerns Voiced Over Narrower Risk Assessment Proposal Some security experts are concerned that narrower risk assessment requirements in a proposed rule for Stage 3 of the HITECH Act “meaningful use” electronic health records incentive program could confuse healthcare organizations about the importance of conducting a broader risk assessment as required under HIPAA. On March 20, the […]


A Roadmap for National Health Data Exchange

by Randy Homa on February 2, 2015

HHS Outlines Key Privacy, Security Issues Federal regulators have unveiled a draft roadmap for achieving nationwide secure health data exchange built on interoperable electronic health records systems within the next three years. The idea behind the plan, unveiled by the Department of Health and Human Services’ Office of the National Coordinator for Health IT, is to make […]


HIPAA Audits Are Still on Hold

by Randy Homa on January 16, 2015

OCR Director Reveals Enforcement Plans for 2015 The unit of the Department of Health and Human Services that enforces HIPAA still has plenty of work to do before it can launch its long-promised next round of HIPAA compliance audits, as planned for this year. The HHS Office for Civil Rights has yet to develop a revised […]


$150K HIPAA Fine for Unpatched Software

by Randy Homa on December 10, 2014

OCR Imposes Penalty on Alaska Mental Health Provider Federal regulators are sending a powerful message about the importance of applying software patches by slapping an Alaska mental health services providers with a $150,000 HIPAA sanction. The Department of Health and Human Services’ Office for Civil Rights says Anchorage Community Mental Health Services’ failure to apply software patches […]


Medical Device Security: A Higher Profile

by Randy Homa on October 23, 2014

White House Official Highlights Issue; Investigation Under Way White House Cybersecurity Coordinator Michael Daniel says medical device manufacturers need to do a better job of baking cybersecurity into the development of their products, just as manufacturers in other industries consider potential safety concerns in their designs. “I think it goes back to some of the root […]


OCR: Conduct Risk Analysis – Or Else

by Randy Homa on September 25, 2014

HIPAA Enforcer Emphasizes Importance of Assessments As federal regulators ramp up HIPAA enforcement activities, including soon-to-be-restarted compliance audits, there is one clear and familiar theme that officials are still hammering home: You must conduct a comprehensive and timely risk assessment – or face the consequences. In one of her first public appearances since taking on the role […]

{ 0 comments } Security Fixes Promised

by Randy Homa on September 22, 2014

CMS Administrator Pledges Completion by Nov. 15 The Centers for Medicare and Medicaid Services will carry out 28 recommendations made by a government watch-dog agency to improve the security of before the next open enrollment period for Obamacare begins Nov. 15 (see GAO: Has Security Flaws). CMS Adminstrator Marilyn Tavenner made that promise […]


HIPAA Audits: A Revised Game Plan

by Randy Homa on September 22, 2014

More On-Site Audits Planned, But All Audits on Hold for Now Federal regulators are delaying the start of phase two of the HIPAA audit program until the agency responsible for enforcement finishes the roll-out of technology that will allow audited organizations to submit data via a Web portal. And once the program resumes, the Department of […]


NEW YORK (CNNMoney) No industry has been hit harder by hacking and data breaches than health care. By Jose Pagliery  @Jose_Pagliery August 20, 2014: 11:06 AM ET Recent numbers show 90% of health care organizations have exposed their patients’ data — or had it stolen — in 2012 and 2013, according to privacy researchers at the Ponemon Institute. […]


Examining FTC’s Data Security Enforcement

by Randy Homa on July 29, 2014

House Panel Scrutinizes Healthcare Investigations Is the Federal Trade Commission overstepping its regulatory authority – and using questionable sources of information – in pursuing data security enforcement actions against companies, including healthcare entities, for alleged unfair and deceptive trade practices? Members of the House Committee on Oversight and Government Reform considered that and other questions during […]