by the Healthcare Information and Management Systems Society, more than two-thirds of health care organizations had a “significant” incident in the previous year — mostly phishing or ransomware attacks.A recent report
The Biden administration official who runs the Office for Civil Rights, Melanie Fontes Rainer, said her investigators have to pick their battles because they are “under incredible resource constraints and incredibly overworked.” For the most part, that’s what the office does, but fines are always a possibility and Fontes Rainer said more resources will yield more enforcement that will encourage health care organizations to meet their obligations under HIPAA. Tim Noonan, a high-ranking official under Fontes Rainer, also expects it will bolster the agency’s ability to offer guidance and technical assistance.
In January 2021, the 5th Circuit Appeals Court struck down a $4.3 million penalty that the Office for Civil Rights had assessed the University of Texas M.D. Anderson Cancer Center over data breaches. The court called it “arbitrary” and “capricious,” giving ammunition to critics of the office’s enforcement efforts.
I have your data.