Tag: HIPAA

Health Industry Cybersecurity Practices

Health and Human Services (HHS) released the Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients publication that aims to provide voluntary cybersecurity practices to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems. The guide is available at Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients.

The guide includes:

HIPAA Settlement Underscores the Vulnerability of Unpatched and Unsupported Software

From HHS, a bulletin concerning a settlement following a malware incident in 2011 that might have been avoided had the covered entity updated and patched their software: Anchorage Community Mental Health Services (ACMHS) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule with the Department of Health and Human Services (HHS), Office for Civil Rights (OCR). ACMHS will pay $150,000 and adopt a corrective action plan to correct deficiencies in its HIPAA compliance program. ACMHS is a five-facility, nonprofit organization providing behavioral health care services to children, adults, and families in Anchorage, Alaska.

Source: HIPAA Settlement Underscores the Vulnerability of Unpatched and Unsupported Software

Related: Resolution Agreement (PDF)