Second Draft of NIST Cybersecurity Framework Published: HIPAA & HITECH Act Blog by Jonathan P. Tomes
The National Institute for Standards and Technology (“NIST”) has published its second draft of its revised Cybersecurity Framework (“the Framework”). Version 1.0 of the NIST .. read more
Neglect is Enough to Get One a HIPAA Civil Money Penalty! HIPAA & HITECH Blog by Jonathan P. Tomes
Under the terms of a resolution agreement, Anchorage Community Mental Health Services (“ACMHS”) had to pay $150,000 as a civil money penalty settlement and integrate .. read more
OCR Issues Revised Audit Protocol: HIPAA & HITECH Blog by Jonathan P. Tomes
In April 2016, the U.S. Department of Health and Human Services (“DHHS”) Office for Civil Rights (“OCR”) issued its updated Phase 2 Audit Protocol. Its .. read more
Are You Protected from Ransomware? HIPAA & HITECH Act Blog by Jonathan P. Tomes
I have been planning to write a blog post on ransomware since spring 2015 when I was a victim of ransomware. I got a message .. read more
Latest HIPAA Violation Settlement–$850,000 for a Stolen Laptop: HIPAA & HITECH Act Blog by Jonathan P. Tomes
I don’t understand why, with all the high six-figure and seven-figure resolution agreements (basically, settlements), covered entities do not provide adequate security for laptops and .. read more
Data Destruction and HIPAA Competence as Related to IT Support Companies: HIPAA & HITECH Act Blog by Jonathan P. Tomes with Guest Commentator Michael B. O’Hara, CISSP
Michael B. O’Hara’s narrative, part 1: Recently, my company, KB Computing, LLC, lost a managed services client. The reason, as it so often is, was .. read more
Latest HIPAA Settlement—a Lesson Still Not Learned: HIPAA & HITECH Act Blog by Jonathan P. Tomes
Although most civil money penalties (“CMPs”) to date have involved risk analysis—that is, failure to do one, failure to do a complete one, or failure .. read more
More on Texting! HIPAA & HITECH Act Blog by Jonathan P. Tomes
I continue to get questions about texting under HIPAA. The most recent questions were in an email as follows: If we require our employees to .. read more
You Don’t Just “Address” an Addressable Implementation Specification: HIPAA & HITECH Act Blog by Jonathan P. Tomes
Recently, a HIPAA consultant answered a question about whether one had to implement an addressable implementation specification. His answer was basically “no.” He must have .. read more
New $4.8 Million OCR Settlement for HIPAA Violations: HIPAA & HITECH Act Blog by Jonathan P. Tomes with Guest Commentator Attorney and EMR Legal Consultant Alice M. McCart
According to a press release issued May 7, 2014, by the Department of Health and Human Services (“DHHS”) Office for Civil Rights (“OCR”), “Two health .. read more
