OCR Releases Guidance on Protecting ePHI from Cyber Threats

March 8, 2017 33 view(s)
OCR Releases Guidance on Protecting ePHI from Cyber Threats
The Office for Civil Rights (OCR), the entity within the Department of Health and Human Services (HHS) that enforces the Privacy, Security and Breach rules of HIPAA, has released new guidance advising covered entities and business associates on best practices for preventing and reporting cyber attacks. "Reporting and Monitoring Cyber Threats" advises companies that maintain ePHI (electronic protected health information) to report suspicious activity, including cybersecurity incidents, to the United States Computer Emergency Readiness Team (US-CERT). US-CERT is an organization within the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) that is responsible for analyzing and reducing cyber threats and vulnerabilities. Under HIPAA (Health Insurance Portability and Accountability Act), those entities that maintain ePHI must establish administrative procedures to safeguard such private medical and personal data. In its guidance, OCR also urges covered entities and business associates to monitor US-CERT's website regularly for information on new cyber vulnerabilities, or to subscribe to the agency's Weekly Vulnerability bulletins.
by

NOTE: The details in this blog are provided for informational purposes only. All answers are general in nature and do not constitute legal advice. If legal advice or other expert assistance is required, the services of a competent professional should be sought. The author specifically disclaims any and all liability arising directly or indirectly from the reliance on or use of this blog.

Comments
Leave your comment
Your email address will not be published
Leave your comment
Loading...
Options chevron-down
Contact Us
Compliance 101A
Categories chevron-down
Search the blog chevron-down

Recent Articles

Practical articles on HR, Safety, compliance, and people operations—written for real businesses, not legal textbooks.

prior overtime exemption rules
U.S. Department of Labor Officially Restores Prior Overtime Exemption Rules

On May 14th, 2026, the Wage and Hour Division (WHD) of the U.S. Department of Labor (DOL) announced it has officially rescinded the 2024 overtime exemption rules. Specifically, the WHD published a technical amendment to restore previous 2019 regulations that dictated overtime exemptions for...

Read more
NLRB General Counsel Takes Action to Tackle Current Case Backlog
NLRB General Counsel Takes Action to Tackle Current Case Backlog

On May 6th, the National Labor Relations Board (NLRB) and NLRB General Counsel Crystal Stowe Carey announced the bulk transfer of thousands of labor practice cases. Specifically, this action fulfills an initiative signed by the NLRB General Counsel earlier this year. Overall, the initiative...

Read more
Privacy Agency Invites Comments from Businesses on the CCPA’s Usage of Personal Data
Privacy Agency Invites Comments from Businesses on the CCPA’s Usage of Personal Data

Recently, the California Privacy Protection Agency (CPPA) issued a call for comments on the current state of personal data collection under the California Consumer Privacy Act (CCPA). Specifically, the invitation to deliver remarks was issued on April 20th, 2026. The information provided by the...

Read more
DOL Proposes New Joint Employer Rule To Unify Standards Under Federal Labor Laws
DOL Proposes New Joint Employer Rule To Unify Standards Under Federal Labor Laws

In April 2026, the U.S. Department of Labor issued a proposed rule to establish a single, clear standard for determining when joint-employer status applies under three major federal laws: the Fair Labor Standards Act (FLSA), the Family and Medical Leave Act (FMLA), and the Migrant and Seasonal...

Read more
DOL Updates Enforcement Approach for Employee Benefit Plans: What Employers Should Know
DOL Updates Enforcement Approach for Employee Benefit Plans: What Employers Should Know

The U.S. Department of Labor (DOL) recently announced a significant change in its enforcement of employee benefit plan rules. The DOL will now focus more closely on serious violations that harm workers and retirees, meaning compliant employers may face less scrutiny under the updated approach.

Read more
View All Articles