Category: HIPAA Information


Ransomware: Are You Protected?

15th May

On May 12, 2017 The Department for Homeland Security released the following report:

US-CERT has received multiple reports of WannaCry ransomware infections in several countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee access will be restored.

Can HIPAA compliance help covered entities and business associates prevent infections of malware, including ransomware?

Yes. The HIPAA Security Rule requires implementation of security measures that can help prevent the introduction of malware, including ransomware. Some of the required security measures include:

• implementing a security management process, which includes conducting a risk analysis to identify threats and vulnerabilities to electronic protected health information (ePHI) and implementing security measures to mitigate or remediate … Read More »


No Business Associates Agreement? $31K Mistake

Posted by kentuckyrec in HIPAA Information. No Comments

25th April

From the HHS Office of Civil Rights on April 20, 2017: No Business Associate Agreement? $31K Mistake

The Center for Children’s Digestive Health (CCDH) has paid the U.S. Department of Health and Human Services (HHS) $31,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule and agreed to implement a corrective action plan. CCDH is a small, for-profit health care provider with a pediatric subspecialty practice that operates its practice in seven clinic locations in Illinois.

In August 2015, the HHS Office for Civil Rights (OCR) initiated a compliance review of the Center for Children’s Digestive Health (CCDH) following an initiation of an investigation of a business associate, FileFax, Inc., which stored records containing protected health information (PHI) for CCDH. While CCDH began disclosing PHI to Filefax in 2003, neither party could produce a … Read More »


Kentucky REC FREE HIPAA Security Webinar – April 11

Posted by billpowell in HIPAA Information, News. No Comments

27th March

Register today to learn about your required Security Risk Analysis. Stay compliant!

Please join us for a discussion on HIPAA Security Rule basics and best practices. We will cover tips, tools, and tactics for implementing thorough compliance in 2017.

The Kentucky REC Privacy and Security experts will be hosting a webinar to share the requirements and processes for completing an annual Security Risk Analysis. Our expert panel will discuss the required/addressable standards of the HIPAA Security Rule and defensible steps that practices can take to ensure they are meeting all compliance requirements.  In this conversation our experts will ensure that organizations are equipped with compliance best practices and the most up-to-date methods for completing a Security Risk Analysis. In addition, our experts will cover the Office of Civil Rights (OCR) audit protocols, highlighting how the Office of Inspector General (OIG) concentrates their … Read More »


OCR Publishes Guidance Regarding Audit Controls

Posted by kentuckyrec in HIPAA Information. No Comments

24th January

From HHS OCR Cyber Newsletter:  Understanding the Importance of Audit Controls

Covered Entities and Business Associates should make sure that they appropriately review and secure audit trails, and they use the proper tools to collect, monitor, and review audit trails. Protecting audit logs and audit trails prevent intruders from tampering with the audit records and protecting their integrity. Not safeguarding audit logs and audit trails can allow hackers or malevolent insiders to cover their electronic tracks, making it difficult for Covered Entities and Business Associate to not only recover from breaches, but to prevent them before they happen.

According to the National Institute of Standards and Technology (NIST), audit logs are records of events based on applications, users, and systems, and audit trails involve audit logs of applications, users, and systems. Audit trails’ main purpose is to maintain a record of system … Read More »


CMS Update: QRDA-III Instructions for 2017 ECs Now Available

10th January

The Centers for Medicare & Medicaid Services (CMS) has published Version 0.1 of the 2017 CMS Implementation Guide for Quality Reporting Document Architecture Category III (QRDA-III) Eligible Clinician Programs with schematrons and sample files. As CMS continues to build the submission portal for eligible clinician reporting, ongoing testing and feedback from stakeholders is essential. As part of this process, CMS encourages partners and stakeholders to utilize these tools and provide feedback on an ongoing basis. CMS has made the guide, schematrons and sample files available for a public comment period on the ONC QRDA JIRA Issue Tracker until April 1, 2017. A JIRA account is required to comment. You can find the implementation guide and supplemental documents on the CMS eCQM Library and the Electronic Clinical Quality Improvement (eCQI) Resource Center. Additional information pertaining to eligible clinician reporting can be found on … Read More »