When the OCR takes the mic, everybody listens. Learn more about what the OCR deemed important enough to send out updates for all health care organizations.

On June 30, the Office for Civil Rights (OCR) sent out a newsletter on file sharing and cloud computing.  This was an update to their guidance provided in October 2016.  The OCR reminds the public that cloud computing and file sharing can “Introduce additional risks to the privacy and security of electronic protected health information (ePHI) that organizations must identify as part of their risk analysis process.”  This is also a friendly reminder from the OCR to ensure you have a risk assessment conducted regularly.

The newsletter also provided information on a recent survey regarding file sharing and collaboration tools.  The survey suggests that about half of the organizations surveyed had experienced at least one file sharing data breach in the last two years. Survey respondents provided information on their biggest concerns for breaches.  Concerns included working with contractors and temporary employees; third parties accessing information they shouldn’t; broken security management processes; and, employees accidentally sharing information or exposing it in other ways.

Exposure of sensitive information can also come from misconfigured file sharing tools.  The OCR suggests that “vulnerability scans may help identify technical vulnerabilities such as missing patches, obsolete software, and misconfigurations of many common file sharing and collaboration tools.” Remember, our partner, MainNerve, can help you perform vulnerability scans to better protect your organization’s private information.

On July 6, the OCR let health care organizations know about a new Continuing Medical Education (CME) video available through Medscape.  This new video is meant to educate providers about the HIPAA right of access to ePHI.

One issue that many patients find during the course of care is that access to their own records can be difficult to obtain.  While Covered Entities and Business Associates need to protect patient information, the patient should be able to access their own health information.  The steps to gain that access should not be burdensome for the patient, and it should not be cost prohibitive.

To stay up-to-date on information coming from the OCR, join HIPAAgps today.