OCR Reminds Covered Entities and Business Associates to Check Their Spam!
As we know, the Phase II HIPAA audits are underway for both Covered Entities and Business Associates. In Ober|Kaler’s recent webinar, HIPAA Audits Have Arrived (Again), Jim Wieland and Emily Wein cautioned that OCR’s notification letters regarding audit selection may be erroneously categorized as spam. This concern was validated by a recent message from OCR containing the same warning. Therefore all Covered Entities and Business Associates should search their spam or junk folders for messages from OSOCRAudit@hhs.gov. Covered Entities and Business Associates that do not get the notification or do not respond may still be selected, and such nonresponse will drive OCR to look at publicly available information to answer its initial questions. This also denies the Covered Entity or Business Associate the ability to craft its responses to the initial audit questions, which could create a disadvantage.
650,000 Record Breach: OCR Cautions Covered Entities with Electronic Health Records
In the wake of news that a hacker has accessed over 650,000 medical records, CMS has issued an MLN Matters, Protecting Patient Personal Health Information, to remind physicians and physician practices to report breaches and to keep track of their Business Associates. All Covered Entities should ensure that all Business Associates know of their obligation to report actual or potential security breaches. OCR specifically focuses such caution on Business Associates who provide or support hardware or software related to electronic health records.
|Health Law Alert® is not to be construed as legal or financial advice, and the review of this information does not create an attorney-client relationship.
Ober|Kaler also offers Payment Matters, which focuses on Medicare and Medicaid payment issues. Subscribe here.
Copyright© 2016, Ober, Kaler, Grimes & Shriver