Two different HHS office items to note
Physicians Practice November 9, 2023
These notices from HHS illuminate the agency’s thinking on HIPAA.
Both the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and Office of the Inspector General (OIG) announced noteworthy items that healthcare industry participants should review.
First, on Oct. 31, OCR announced a settlement under HIPAA related to a ransomware attack, which impacted nearly 206,000 individuals. Doctors’ Management Services (DMS) agreed to pay $100,000 or approximately fifty cents ($0.50) per individual affected to settle the breach. Initially, the ransomware attack occurred in April 2017; however, DMS did not even detect the breach until nearly 20 months later in December 2018. OCR began its investigation in 2019.
None of the vulnerabilities that were exploited should be surprising,...