OCR Settles with University of Massachusetts Amherst for HIPAA Violations for Failure to Implement the Hybrid Entity Designation

November 28, 2016. On November 22, the Office for Civil Rights (“OCR”) of the U.S. Department of Health and Human Services (HHS) published a news release announcing a $650,000 settlement with the University of Massachusetts Amherst (“UMass”) for HIPAA Violations in a unit that had not been identified as a health care component and had failed to implement HIPAA Privacy and Security Rule safeguards.

Changes to Medicare and Medicaid EHR Incentive Programs Published in Today’s Federal Register

November 14, 2016. On November 10, 2016, we discussed the Security Measure Attestation Rules for the Certified EHR Meaningful Use Incentive Program in a prepublication version of this Final Rule—Electronic Health Record (EHR) Incentive Programs--published in today’s Federal Register under a much longer title covering a number of Centers for Medicare & Medicaid Services (CMS) rulemaking activities.

HIPAA Integrity® Links Its Security Compliance Tools Via Crosswalk to Cybersecurity Framework and NIST SP 800-53-4

November 11, 2016. We have reported in earlier blog postings about the National Institute of Standards and Technology (NIST) September 15, 2016, Cybersecurity initiative entitled: NIST Releases Baldridge-Based Tool for Cybersecurity Excellence: Comments Sought on Draft Guide to Enhance Cybersecurity Framework (posted October 18, 2016) and the NIST intention to release in March 2017 a 5th Revision of the Special Publication (SP) 800-53, Revision 4 entitled: Security and Privacy Controls for Federal Information Systems and Organizations (posted November 8, 2016).

CMS Clarifies Security Measure Attestation Rules for Certified EHR Meaningful Use Incentive Program

November 10, 2016. The Centers for Medicare & Medicaid Services (CMS) will publish in the Federal Register on Monday, November 14, 2016, a lengthy document—in prepublication format examined here--with a long title consisting of multiple components, one of which is entitled:   Electronic Health Record (EHR) Incentive Program.

NIST Publishes NICE Cybersecurity Workforce Framework Draft Publication for Public Comment

November 9, 2016. The National Institute of Standards and Technology (NIST) has published Draft NIST Special Publication (SP) entitled: National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NCWF) (SP 800-181, November 2016). The public comment period is from November 2, 2016-January 6, 2017, with instructions for submitting comment in the draft publication. The Abstract of the document is reproduced here:

NIST Updates Validated AES Algorithms and FIPS-140-2 Cryptographic Modules Lists; Announces March 2017 Revision 5 of NIST SP-800-53

November 8, 2016. On November 4, 2016, the National Institute of Standards and Technology (NIST) released an updated version of Advanced Encryption Standard Algorithm Validation List that describes “implementations which have been validated [through testing] as correctly implementing the [Advanced Encryption Standard (AES)] algorithm.” The implementations “consist of [descriptions of] software, firmware, hardware, and any combination thereof” by vendors that are responsible “to notify NIST of any necessary changes to its entry” in the updated document.

FTC and OCR Collaborate on HIPAA and FTC Regulations on “Sharing Consumer Health Information” in October 2016 Guidance

November 1, 2016. The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC) have jointly issued in October a guidance document entitled: Sharing Consumer Health Information? Look to HIPAA and the FTC Act.

Categories



Archives

  • October 2017 (1)
  • August 2017 (3)
  • July 2017 (1)
  • June 2017 (7)
  • May 2017 (12)
  • April 2017 (10)
  • March 2017 (2)
  • February 2017 (3)
  • January 2017 (4)
  • December 2016 (4)
  • November 2016 (7)
  • October 2016 (7)
  • September 2016 (2)
  • August 2016 (1)
  • July 2016 (3)
  • June 2016 (1)
  • May 2016 (1)
  • April 2016 (8)
  • March 2016 (6)
  • February 2016 (2)
  • December 2015 (1)
  • November 2015 (1)
  • October 2015 (4)
  • September 2015 (1)
  • June 2015 (8)
  • May 2015 (3)
  • April 2015 (2)
  • March 2015 (1)
  • November 2014 (1)
  • September 2014 (15)
  • August 2014 (6)
  • July 2014 (1)
  • June 2014 (13)
  • May 2014 (11)
  • April 2014 (13)
  • March 2014 (6)
  • February 2014 (12)
  • January 2014 (3)
  • December 2013 (1)