Compliance
RSSArticles
-
HHS Proposes Cybersecurity Requirements for Hospitals
The Department of Health and Human Services (HHS) recently released a concept paper outlining its cybersecurity strategy for the healthcare sector, focusing specifically on strengthening resilience for hospitals threatened by cyberattacks. HHS outlined four pillars for action, including new voluntary healthcare-specific cybersecurity performance goals.
-
Patient and Family Complaints Require Careful Response
Healthcare organizations should have processes for responding to complaints from patients and families. The nature and seriousness of the complaint will dictate how much of a response is required.
-
When a Privacy Breach Is Not a Breach
Language is important when talking about noncompliance with HIPAA. Not every instance of noncompliance is a breach.
-
Ransom Demands Decrease and More Companies Refuse to Pay
The number of ransomware victims opting to pay the ransom has fallen to a record low. At the beginning of 2019, 85% of ransomware victims paid a ransom. However, that figure fell to 46% in the middle of 2021 and 29% in the last quarter of 2023.
-
HHS Issues HIPAA Best Practices for Telehealth
The Department of Health and Human Services published a resource guide to assist telehealth providers in explaining the privacy and security risks to patients, but the guidance makes clear HIPAA does not require this education. However, the goal is for the resource guide to help providers who would like to discuss potential risks with the patient.
-
First HIPAA Settlement for Ransomware, Fine for Phishing
The Office for Civil Rights achieved two firsts recently: a settlement agreement related to a ransomware attack on a business associate and the first fine issued for a phishing attack. Both cases hold lessons for other covered entities.
-
Defense Decision Reinstated for Patient’s Failure to Provide Expert Testimony
An important lesson from this case focuses on a critical aspect of medical malpractice cases: causation. Generally, the legal standard is that the care provider’s conduct must have been a substantial factor in causing harm such that a reasonable person would consider the conduct to have contributed to the harm.
-
Mixed Defense Rulings Related to Patient’s Death Yield Lessons Regarding Experts
Factually, there was no dispute about the patient’s cause of death — it resulted from an infection. Legally, the defendant physician’s initial challenge to the plaintiff’s case was not to directly attack that factual premise itself, but to instead challenge the plaintiff’s experts.
-
Uptick in Surgical Fires Prompts Concern, Requires Action
A recent report on operating room fire safety warns that the risk of flash fires is a growing concern as hospitals see more use of high-tech and high-temperature devices in oxygen-rich settings.
-
Speedy Response to Concern During Daily Safety Call
The daily safety call at Luminis Health Anne Arundel Medical Center in Annapolis, MD, often identifies issues that need attention. Some problems take a while to address, but others can be resolved quickly.