HHS Issues HIPAA Cyber Attack Response Checklist

OVERVIEW

Under the Health Insurance Portability and Accountability Act (HIPAA), a covered entity that experiences a ransomware attack or other cyber-related security incident must take immediate steps to prevent or mitigate any impermissible release of protected health information (PHI).

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has issued a checklist to help HIPAA-covered entities determine the specific steps they must take in the event of a data breach.

This document outlines those steps and provides general information regarding which entities are subject to HIPAA and the type of data that must be protected under the law.

ACTION STEPS

Employers that are subject to HIPAA should become familiar with the OCR’s checklist and other guidance for preventing and responding to cyber security breaches involving PHI. These employers should also ensure that they have procedures and contingency plans in place for responding to and mitigating the effects of any potential breach. Read More

  • Nip Seasonal Allergies in the Bud
    More than 50 million Americans suffer from allergies every year. In particular, springtime allergies...
    LEARN MORE
  • Balancing working from home and caregiving responsibilities
    For many across the country, working from home is their new reality for the...
    LEARN MORE
  • Understanding Your Kidney Health
    March is National Kidney Month, making it a great time to take charge of...
    LEARN MORE
  • Understanding the Value of a Learning Culture
    As employers evaluate how to combat today’s attraction and retention challenges, learning and development...
    LEARN MORE
  • Benefits Offerings to Avoid the Great Resignation
    Employees are walking away from their employers in record numbers; some are calling it...
    LEARN MORE
Recent News