Posts

Showing posts with the label Cloud platforms

OCR Announces HIPAA Enforcement Action Against Self-Funded Group Health Plan

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently  announced  a HIPAA enforcement action against an employer-sponsored group health plan. The action resulted in a payment to HHS of $245,000 and a two-year corrective action plan. While HIPAA enforcement is common in the healthcare sector, actions directly against employer-sponsored group health plans are not as common. This case,  coupled with DOL guidance for ERISA fiduciaries concerning cybersecurity , underscores a growing regulatory focus not only on traditional healthcare entities, but also on the plans and ecosystems maintained by employers under ERISA. The Incident: Ransomware, Unauthorized Access, and Plan Data According to the breach notification sent to affected individuals, the plan sponsor experienced a security incident back in 2021 involving encryption of systems and unauthorized access to sensitive data . The data included names and Social Security numbers, along ...