NuLLFiX

OCR has been made aware of postcards being sent to health care organizations disguised as official OCR communications, claiming to be notices of a mandatory HIPAA compliance risk assessment.  The postcards have a Washington, D.C. return address, and the sender uses the title “Secretary of Compliance, HIPAA Compliance Division.” The postcard is addressed to the health care organization’s HIPAA compliance officer and prompts recipients to visit a URL, call, or email to take immediate action on a HIPAA Risk Assessment.  The link directs individuals to a non-governmental website marketing consulting services. The postcard below is not from HHS/OCR.  HIPAA covered entities [...]

This past week the Certification Commission for Health Information Technology (CCHIT) announced that it will be ending its service to the health IT community. The CCHIT organization spearheaded the creation of testing and certifications for health IT professionals. The organization decided to close down their operations due to the unforeseeable timing of new legislation and requirements in the future. For further explanation, read here. CCHIT announced that all of their staff are involved in the transition and work will be done on November 14, 2014. The HIMSS Foundation will be receiving all of the remaining assets of the CCHIT.

Today, the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS) issued additional guidance reminding covered health care providers that the HIPAA Privacy Rule does not permit them to give media and film crews access to facilities where patients’ protected health information (PHI) will be accessible without the patients’ prior authorization. The guidance explains that even during the current COVID-19 public health emergency, covered health care providers are still required to obtain a valid HIPAA authorization from each patient whose PHI will be accessible to the media before the media is given access to that PHI.  The [...]