Paubox Weekly: HHS OCR back with random HIPAA audits

Hello world,

Today’s Paubox Weekly is 571 words - a 2 minute read.

Want to get this type of content delivered to your inbox every Friday? Subscribe to Paubox Weekly. 

1. HHS OCR back with random HIPAA audits

The US Department of Health and Human Services’ Office for Civil Rights has announced that it will revive its HIPAA compliance program after a seven-year hiatus.

What was said: OCR director Melanie Fontes Rainer said the "OCR intends to initiate audits of HIPAA-regulated entities later this year."

In the know: Some experts believe that HHS OCR has violated the HITECH Act because it did not conduct annual periodic audits as required by law.

86% of covered entities failed the risk analysis audit

2. Meet us at ViVE and HIMSS

We'll be at both ViVE and HIMSS this year! Stop by, meet the Paubox team, and pick up some Paubox swag.

Why it matters: ViVE 2024 is set to be a groundbreaking event for digital health innovators and HIMSS is the most influential health information technology event of the year, attended last year by 35,000+ professionals.

The details:

• We'll be at booth #1450 at ViVE 2024 in Los Angeles from February 25 to 28.
• Come visit us at booth #835 at HIMSS24 in Orlando, March 11-15.

3. Nationwide pharmacy delays following Change Healthcare hack

A cyberattack on Change Healthcare has caused widespread disruptions, affecting pharmacies and patient care across the nation, and appears to be ongoing.

Why it matters: The attack's impact on Change Healthcare's systems led to delays and challenges for pharmacies in fulfilling prescriptions, directly impacting patients.

Still working to restore affected services

4. NIST finalizes HIPAA Security Rule guidance amidst rising breach stats

Amid escalating healthcare data breaches, the National Institute of Standards and Technology (NIST) has revealed updated HIPAA Security Rule implementation guidance.

The backstory: Audits by the OCR in 2016 and 2017 uncovered widespread noncompliance, particularly in risk analysis and risk management areas.

No audited entities achieved full compliance

5. INTEGRIS Health criticized for response to 2M+ data breach

INTEGRIS Health is under fire for how they handled communication of a cyberattack in Nov. 2023, exposing sensitive patient data of 2.3 million individuals.

What happened: They updated the breach notice on February 6, 2024, incorporating language that some critics argue minimizes the seriousness of the incident and the organization's obligation to notify affected individuals.

Escalated when hackers contacted patients directly

Community links

• Paubox Kahikina Scholarship Zoom social mixer - February 2024. Link
• Leap year and the looming breach notification deadline. Link
• Conspiracy to sell patient data case reaches sentencing. Link
• Employers and HIPAA: What you need to know. Link
• Paubox Kahikina Scholarship Recipient 2022: Shaley Yoshizu. Link
• What is a worm virus? Link
• The importance of policies and procedures in healthcare. Link
• What is identity access management? Link
• Does HIPAA allow sharing with law enforcement? Link
• Patient consent and social media marketing for physical therapists. Link

Good reads from around the web

• FTC slams Avast with $16.5 million fine for selling users' browsing data. Link
• Artificial intelligence is making critical health care decisions. The sheriff is MIA. Link
• Pharmacy delays across US blamed on nation-state hackers. Link
• LEAP, don't run, to make this year's deadline: HIPAA small breach notifications due February 29. Link
• Six things we learned from the LockBit takedown. Link

What happened last week