HHS Office for Civil Rights Issues Telehealth HIPAA Guidance during COVID-19 Emergency

On March 17, 2020, the Office for Civil Rights (“OCR”), the agency within the Department of the United States Health & Human Services (“HHS”) responsible for enforcement of HIPAA, issued the following guidance: “Notification of Enforcement Discretion for telehealth remote communications during the COVID-19 nationwide public health emergency.” Pursuant to Telehealth regulatory waivers issued by the HHS Centers for Medicare & Medicaid Services (“CMS”) effective during the COVID-19 Public Health Emergency (“PHE”), providers can use telehealth at any location including in a patient’s home. As more fully explained in its Telehealth Fact Sheet March 17, 2020, HHS stated:

“The provider must use an interactive audio and video telecommunications system that permits real-time communication between the distant site and the patient at home. …  It is imperative during this public health emergency that patients avoid travel, when possible, to physicians’ offices, clinics, hospitals, or other health care facilities where they could risk their own or others’ exposure to further illness.” Continue reading

CMS Proposed Rule on Hospital EHR “Electronic Patient Event Notifications”

By Kathie McDonald-McClure and Margaret Young Levi

Doctor Speaking with Patient

Summary: CMS proposes new Medicare Conditions of Participation (CoPs) for hospitals that will require the hospital EHR to send electronic event notifications to post-acute care providers when a patient has been admitted, discharged, or transferred.  What must hospitals do, and how much time is needed, to operationalize the new CoPs, considering a process will need to be developed that identifies providers who should and can receive these event notices? What will be required, and how much time is needed, to reconfigure EHRs to send the notifications and demonstrate compliance with the multiple facets of the CoP?  Will PAC providers be obligated to operationalize the receipt and use of these notifications under the IMPACT Act?  CMS is seeking stakeholder input on its proposal, including a reasonable time frame for implementation. Comments are due June 3, 2019.* Continue reading

Massive malicious email campaign spoofs Google Docs to hijack Gmail accounts

A massive email phishing campaign started Wednesday afternoon.  The email attacks target Google accounts but have spread to other email accounts as people have been tricked into clicking on the link in the email and have unwittingly supplied their Google account access credentials and access to their contacts.

The reports of the malicious emails are coming from people across a range of industries. The emails contain what looks like a link to a Google Docs and appears to come from someone you know. These emails, however, are malicious and are designed to trick the recipient in a way that allows the cybercriminal to hijack email accounts or infect the user’s computer.

If you receive an email with a link to Google Docs, BEWARE!  These emails are designed to look like they come from a trusted or known source.  Do not click on any links in emails that you were not expecting.

A screen shot of one of the Google Docs phishing emails is shown below. If you receive one of these emails, delete it ASAP.  If you use Gmail or Google Inbox, consider activating the 2-factor authentication feature to secure your account.

Several major news organizations and cable networks are reporting on this story.  For the most up-to-date news on this developing story, use your favorite internet search engine to search for “google phishing email scam”.

A sample Google Docs phishing email.  The form and style of the email may vary from this sample.Sample Google Docs Phishing Email

To read Google’s Gmail Help on phishing emails, use your preferred internet search engine and search for: “Google Help and how to avoid and report phishing emails”.

If you are attacked by malware or a phishing email that compromises your organization’s privacy and security, Wyatt’s experienced Data Security Incident Response Team is ready to help.

Can blockchain technology solve healthcare IT security and interoperability challenges?

On March 20-21, 2017, multiple healthcare technology companies came together in Washington, D.C. to host The Healthcare Blockchain Summit.  Blockchain, the technology that underpins bitcoin technology, keeps data secure in a “distributed, encrypted ledger” while allowing control over who can access that ledger.  This is the hottest technology being discussed today as a way to secure confidential or sensitive data.

The on-line technology publication, Wired, describes blockchain’s security method in a February 1, 2017 article as follows: “Rather than having one central administrator that acts as a gatekeeper to data—a list of digital transactions—there’s one shared ledger, but it’s spread across a Continue reading