What takeaways can we glean from two years of OCR HIPPA Right of Access Initiative enforcement?
This guidance serves as an important reminder of the steps an organization should take to protect the personal information and other sensitive data that it holds from a ransomware event.
The Aultman Health Foundation (Aultman), an Ohio-based health system with more than 7,000 employees, announced that the patient records of more than 7,000 patients may have been accessed by an employee without authorization for whom such access was outside their job duties.
OCR, in its nineteenth Right of Access Initiative settlement, again emphasizes that health care providers of any size must ensure timely patient access to medical records.
Georgia clinical laboratory agrees to a robust Corrective Action Plan and $25,000 settlement amount for “systemic noncompliance” with the HIPAA requirements.
Failing to provide patients with timely access to their health information can lead to fines and other enforcement actions for health care providers.
The Office of National Coordinator for Health IT (“ONC”) has set forth new information blocking regulations in the Cures Act.
Enforcement action serves as a reminder to health plans, as well as health care providers and business associate vendors, to implement security protections on an enterprise-wide level.