Stay the Course: OCR Doubles Down on the Security Rule

Following on the heels of 2017, when the ransomware threat dominated headlines, recent, high-profile cyber extortion attacks against hospitals (not to mention an episode of Gray’s Anatomy) have reinforced that this threat is not going away. Given the events of the first few weeks of 2018, it’s unsurprising that OCR would choose their January newsletter to reiterate HHS’ guidance to covered entities and business associates on how to best secure information systems. Read the entire newsletter here.

The article contains useful guidance for anyone designing a cyber security program: Start by taking a risk-based approach, and don’t neglect fundamental defenses such as vulnerability management, business continuity, and threat monitoring.

Anyone who is familiar with HIPAA should recognize how closely OCR’s checklist matches what covered entities and business associates should already be doing to implement the appropriate safeguards required by the Security Rule. The newsletter represents the most recent example of HHS’s confidence in the fundamental strength of HIPAA as a framework for protecting the security and confidentiality of patient information in the face of evolving threats.

Interested in learning more about what you can do to approach Security Rule compliance with confidence? Let’s talk!

Tripp Stroud