Under the Health Insurance Portability and Accountability Act (HIPAA), a covered entity that experiences a ransomware attack or other cyber-related security incident must take immediate steps to prevent or mitigate any impermissible release of protected health information (PHI).
The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has provided a
checklist to help HIPAA-covered entities determine the specific steps they must take in the event of a cyber-related security incident. This Compliance Overview outlines those steps and provides general information regarding which entities are subject to HIPAA and the type of data that must be protected under the law.
Employers with group health plans that are subject to HIPAA should become familiar with OCR’s checklist and other guidance for preventing and responding to cyber security breaches involving PHI. These employers should also ensure that they have procedures and contingency plans in place for responding to and mitigating the effects of any potential breach.
We Make it Easy
Let us take the stress out of managing employee benefits.
Schedule a Call
We’ll ask a few questions, review your current benefits and determine your goals.
Let us Do the Leg Work
Based on your needs and budget, we’ll research all available options and help you select the right plan for your employees and your business.
Bask in the Glory
When you’re confident due diligence has been done, and you’ve selected the right plan it’s time to sit back and relax - or get to everything else on your list.