Feds Issue HIPAA Guidance on Employee Sanctions, Telehealth>
Info Security – Marianne Kolbasuk McGee
The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued new guidance on sanction policies for employees who violate the Health Insurance Portability and Accountability Act (HIPAA).
The aim of the guidance is to improve data protection and increase accountability in healthcare organizations.
Sanction policies are viewed as a crucial tool to address intentional actions by malicious insiders and failures to comply with policies and procedures.
By imposing consequences on employees who violate HIPAA rules, organizations can create a culture of compliance and enhance cybersecurity awareness.
The OCR emphasizes that both the HIPAA Privacy Rule and Security Rule require covered entities and business associates to have sanction policies.
However, specific penalties for individual offenses or particular sanction methodologies are not prescribed by the regulations.
Training employees on sanction policies can promote compliance and increase cybersecurity vigilance by informing them about prohibited actions and the potential consequences.
The OCR reminds entities that they have previously taken enforcement actions against organizations that failed to impose sanctions on workforce members who improperly disclosed patients’ protected health information.
In addition to the guidance on sanction policies, the OCR also released two new guidance documents related to telehealth.
The documents focus on educating healthcare providers and patients about privacy and security risks associated with using telehealth technologies, as well as providing suggestions to mitigate these risks.
Although the guidance aims to improve telehealth privacy and security practices, there is some confusion surrounding HIPAA requirements in the context of telehealth.
It is hoped that the OCR will use enforcement actions judiciously, focusing on situations where there are significant concerns about security practices rather than minor or generally well-implemented programs.
Link: https://www.careersinfosecurity.eu/feds-issue-hipaa-guidance-on-employee-sanctions-telehealth-a-23374
Feds Issue HIPAA Guidance on Employee Sanctions, Telehealth
Categories:
Tags: