Please allow us 24hrs to upgrade your status, you will recieve an email when your account has been verified, please contact 1.800.427.6568
Under the Health Insurance Portability and Accountability Act (HIPAA), a covered entity that experiences a ransomware attack or other cyber-related security incident must take immediate steps to prevent or mitigate any impermissible release of protected health information (PHI).
The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a checklist to help HIPAA-covered entities determine the specific steps they must take in the event of a data breach.
Entities subject to HIPAA should become familiar with the OCR’s checklist and other guidance for handling cyber security breaches involving PHI. These entities should also ensure they have plans for mitigating the effects of breaches.
OCR Quick-response Checklist
In the event of a cyber attack or similar emergency, a covered entity must do the following:
HIPAA regulations also require covered entities to report certain cyber-related security incidents to affected individuals, the OCR and other agencies. In general, a reportable breach occurs anytime PHI was accessed, acquired, used or disclosed.
For more information about this rule and its potential impact on your company, please contact GBS Benefits, Inc.
Since 1989, we have been building partnerships by providing reliable, quality service. As the region’s largest benefits firm, we represent local and national companies, school districts, associations, and government entities.Contact Us