Big or small, if you are a covered healthcare entity or business associate that handles protected health information (PHI) in any capacity, you should be aware that the U.S. Department of Health and Human Services Office for Civil Rights (OCR) is notably strengthening enforcement and sanctions related to the HIPAA Security and Privacy Rules. In… Read More
The verdict is in: after much deliberation, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) confirmed that a ransomware attack should be classified as a breach of electronic protected health information (ePHI) under HIPAA, unless there is substantial evidence to the contrary. As we touched on in our previous blog, the OCR… Read More