Shearman & Sterling LLP multinational law firm headquartered in New York City, United States.

balance scale

Aug 09, 2016

HHS Releases Guidance on Privacy and Security Audits and Ransomware

Subscribe

Jump to...

 

If your organization operates in the healthcare industry, particularly if it qualifies as a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA), you may have noticed the recent flurry of activity from the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR).  First, HHS has recently launched phase two of its three-part audit of compliance with HIPAA privacy, security and breach notification rules.  Second, HHS has provided guidance on ransomware which states that the presence of ransomware is a “security incident,” which triggers breach disclosure obligations.  Organizations subject to HIPAA should review its security incident procedures in light of the upcoming audits and the ransomware guidance and even entities outside the healthcare industry may also benefit from reviewing these guidance documents since other agencies and governmental authorities may follow HHS’s lead in these interpretations.

View full memo, HHS Releases Guidance on Privacy and Security Audits and Ransomware

Authors and Contributors

Robert Masella

Partner

Mergers & Acquisitions

+1 212 848 5125

+1 212 848 5125

New York

Benjamin Petersen

Associate

Intellectual Property Transactions

+1 650 838 3706

+1 650 838 3706

Menlo Park