Earlier this year, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued guidance indicating that, under most circumstances, a ransomware attack constitutes a reportable HIPAA breach. During a ransomware attack, protected electronic health information (ePHI) is considered breached because an unauthorized individual has control of the information. In their… Read More
Big or small, if you are a covered healthcare entity or business associate that handles protected health information (PHI) in any capacity, you should be aware that the U.S. Department of Health and Human Services Office for Civil Rights (OCR) is notably strengthening enforcement and sanctions related to the HIPAA Security and Privacy Rules. In… Read More
The verdict is in: after much deliberation, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) confirmed that a ransomware attack should be classified as a breach of electronic protected health information (ePHI) under HIPAA, unless there is substantial evidence to the contrary. As we touched on in our previous blog, the OCR… Read More
Joseph Abrenio, Delta Risk VP of Commercial Services, and Chris Evans, Delta Risk VP of Solutions, have co-authored the chapter “Cyber Health Crisis: How to Manage the Risk” for the 2016 edition of the Health Law Handbook. The Delta Risk VPs collaborated with Quarles & Brady Partner Jennifer L. Rathburn to develop a cyber security chapter focused on… Read More