Final Enforcement Action from OCR for 2018 Revealed

The final HIPAA enforcement action for 2018 between Cottage Health and OCR reaffirmed yet again that entities must conduct a thorough and accurate Risk Assessment to assess and reduce risks and vulnerabilities to it's ePHI. ePHI is not found just in the EHR, but may be found on hard drives, medical modalities and devices, servers, email accounts, etc. Additionally, OCR once again has sent a costly reminder that Risk Assessment is not enough - you must then mitigate those risks or put compensating controls in place to prevent unauthorized access to ePHI. This resolution agreement was also another reminder that obtaining satisfactory assurances that your third party vendors WILL safeguard the


©2017 by CentraVance Consulting, LLC.