Posts

Showing posts with the label hacking incidents

OCR’s Risk Analysis Initiative: Lessons From Recent HIPAA Enforcement Actions

Health care organizations are under pressure to shore up their cybersecurity response efforts. Much of this pressure is coming from the  US  Department of Health and Human Services Office for Civil Rights ( OCR ) , which has made clear through recent enforcement actions that conducting a proper risk assessment under the Health Insurance Portability and Accountability Act ( HIPAA ) Security Rule is not optional. These enforcement actions ratcheted up during the Biden Administration and have continued during the Trump Administration, signaling that risk analysis remains a top compliance priority for organizations charged with complying with HIPAA. HIPAA’s Risk Assessment Requirement and Why It Matters Under the HIPAA Security Rule (as codified in 45 C.F.R. § 164.308), all HIPAA covered health care providers, health plans, health care clearinghouses (covered entities), and their business associates (collectively, regulated entities) must “[c]onduct an accurate and thorough a...