The U.S. Department of Health and Human Services Office of Civil Rights (OCR) released new online educational resources to help healthcare entities covered under the Health Insurance Portability and Accountability Act (HIPAA) to respond to a cyber-related security attack. The resources include a checklist and infographic, as well as ransomware guidance and cyber awareness newsletters issued by OCR.
OCR considers cyber-related security attacks of protected health information (PHI) to be reportable breaches under HIPAA, unless the information was encrypted or otherwise unreadable. Under HIPAA’s Security Rule, covered entities are required to adopt adequate means for safeguarding the confidentiality, integrity, and availability of PHI.
Additionally, all covered entities are expected to conduct a security risk assessment regularly to assess security vulnerabilities and the mechanisms currently in place to mitigate them, and then to determine what additional controls, if any, should be implemented.
For our OSHA Review Subscribers… A checklist to help dental offices conduct a HIPAA risk assessment is available from OSHA Review’s website, in the clients-only section under OSHA Review/Documents List.
Since 1992, OSHA Review, Inc. has provided dental professionals with comprehensive programs to support regulatory compliance and infection control. We are a registered continuing education provider in the state of California, specializing in Dental Practice Act, infection control, and OSHA training.