Monday, August 22, 2016

The HHS Office for Civil Rights's July guidance indicating that ransomware attacks usually result in a HIPAA breach "is not a regulation.

... It is not binding. It is not law. It is certainly an indication of what OCR thinks and how they judge things, and if you want to go against what they think, you'll have to be prepared to fight for your rights. But it is not official. This is not how law gets made in this great country of ours."

— Jeff Drummond, a partner with Jackson Walker LLP in Dallas, told AIS's Report on Patient Privacy.

No comments:

Post a Comment