07-12-2016 | Health Law Blog

HHS Office of Civil Rights Issues New Guidance on Ransomware and HIPAA

By: BrownWinick

With reports of ransomware attacks on the rise, it is imperative that covered entities and their business associates put in place information security measures to guard against the unauthorized use or disclosure of electronic protected health information. To help in this effort, the Office of Civil Rights of the U.S. Department of Health and Human Services has issued new guidance on how the privacy and security requirements of HIPAA can help protect against the threats created by ransomware attacks. The new guidance is available at http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf.

In light of this new guidance, now is a good time to review your organization’s HIPAA security risk assessment, information security policy, and security incident response plan.