General

In today's landscape of increasing cyber threats and breaches involving electronic protected health information (ePHI), it's crucial for HIPAA-covered entities and their business associates (collectively known as "regulated entities") to prioritize not only the digital but also the physical security of their ePHI. While much attention is given to safeguarding against digital breaches caused by hacking, malware, or ransomware, the physical security of facilities housing ePHI can sometimes be overlooked. However, ensuring the confidentiality, integrity, and availability of ePHI requires vigilant protection of the physical premises where this data is stored. Recent studies reveal a concerning gap in security priorities: only [...]

Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced the imposition of a civil monetary penalty of $115,200 on American Medical Response (AMR), a provider of emergency medical services nationwide. This penalty resulted from an investigation triggered by a complaint that AMR had failed to provide a patient with timely access to their medical records. Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, individuals or their personal representatives are entitled to timely access to their health information within 30 days, with a potential extension of another 30 days, for [...]