Now more than ever, workplace wellness programs are becoming increasingly popular among employers. A common concern many employers have is how to design a meaningful workplace program intended to improve the health of participating employees while complying with HIPAA’s privacy and security rules. Although employers are not covered entities, HIPAA may apply to an employer’s
Jocelyn Samuels
Three-Month Delay Means Health Network Must Pay
By Jean Tomasco on
A delay in reporting a HIPAA violation can result in a significant monetary penalty. That was the message sent by the Office for Civil Rights (OCR), which recently announced the first HIPAA settlement based on the untimely reporting of a breach of unsecured protected health information (PHI). According to the OCR, Presence Health (a large…
OCR Alerts Listservs About Fake Phishing Email to Covered Entities and Business Associates
By Linn Foster Freedman on
Posted in Cybersecurity
On November 28, 2016, the Office for Civil Rights (OCR) issued an Alert to its listservs that a phishing email is being circulated on “mock HHS Departmental letterhead under the signature of OCR”s Director, Jocelyn Samuels” to employees of HIPAA covered entities and business associates.
The email looks official and tells the recipient that it…