Exploring the Causes of Healthcare Data Breaches

Pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), covered entities (e.g. healthcare providers and health plans) must notify the Department of Health and Human Services (“HHS”) of breaches of unsecured protected health information (“PHI”).1  The information provided to HHS provides organizations with a high level of insight concerning the types of breaches that occur in the healthcare industries.

The data collected by HHS concerning breaches affecting 500 or more individuals in 2014 shows that low-tech breaches remain the most common form of data loss in the health sector – surpassing more publicized hacking events….

causeshcdatabreach

How to Prepare for the Next Round of HIPAA Audits

Nearly two years after the Office of Civil Rights (“OCR”) first announced its preparation for another round of HIPAA audits, Phase II of OCR’s HIPAA audit program is finally underway.

On March 21, OCR began emailing various types of entities to verify their e-mail addresses and contact information.  OCR acknowledged that its email communication may be treated by email filters as spam, but has advised that it expects entities to check their junk or spam email folder for emails from OCR. Recipients have 14 days to verify their email address or provide OCR with updated primary and secondary contact information….

hipaa