Lexology November 13, 2023
Hall Render Killian Heath & Lyman PC

The U.S. Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”) recently released updated guidance in its October 2023 Cybersecurity Newsletter emphasizing the importance of sanction policies in maintaining HIPAA compliance. This guidance builds upon a threat brief previously issued in August 2022 by HHS’ Health Sector Cybersecurity Coordination Center (“HC3”). The 2022 HC3 brief outlined various methods hackers use to gain access to health care systems and data, along with recommendations for protective measures. This latest OCR guidance provides further recommendations for establishing effective sanction policies, offering valuable insights for organizations looking to bolster their HIPAA and organizational policy compliance.

Background

Under the HIPAA Privacy, Security, and Breach Notification Rules (“HIPAA Rules”), covered entities and business...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Govt Agencies, HHS, HIPAA, Provider
Related Articles:
Addressing The HIPAA Blind Spot For Crisis Pregnancy Centers
6 Important Takeaways for HIPAA Covered Entities and Business Associates from 2024 NIST HHS OCR Conference
HHS settles 2 ransomware investigations as attacks rise
Safeguarding Health Information: Takeaways from HHS and NIST 2024 HIPAA Security Conference
White House OMB is reviewing proposed cybersecurity updates to HIPAA

Share This Article