Email continues to be a very common way for cyberattackers to enter health information systems and jeopardized privacy and security," said OCR Director Melanie Fontes Rainer. "Health care entities should identify potential risks and vulnerabilities to email accounts and train their workforce to protect health information in those accounts.
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a $548,265 civil monetary penalty against Children's Hospital Colorado, concerning violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules following receipt of breach reports in 2017 and 2020.
OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules, which set forth the requirements that covered entities (health plans, health care clearinghouses, and most health care providers), and business associates must follow to protect the privacy and security of protected health information (PHI).
The HIPAA Security Rule establishes national standards to protect and secure our health care system by requiring administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI (ePHI).
Collection
[
|
...
]