Copyright 2016, American Health Lawyers Association, Washington, DC. Reprint permission granted.
Jeff Duncan Brecht authored an article for the latest edition of Health Care Liability & Litigation, a semi-annual publication of the American Health Lawyers Association, titled “OCR’s 2016 Ransomware ‘Guidance’: A Health Care Provider’s New Best Friend?” The article discusses the implications of the U.S. Department of Health and Human Services Office for Civil Rights (OCR) 2016 Fact Sheet; specifically, the conditions under which a breach of protected health information is presumed to have occurred.
Now, under OCR’s 2016 guidelines, it appears that providers infected with ransomware must instead start with the presumption that PHI was breached. This means that, where ransomware has historically been considered by many to be a (potentially costly) annoyance to providers, 25 OCR’s new automatic HIPAA breach presumption could make ransomware attacks even more costly, from both a financial and a public relations perspective. It is possible that OCR’s 2016 HIPAA guidelines could cause providers to conclude that more ransomware attacks are breaches.
Before proceeding, please note: If you are not a current client of Lane Powell PC, please do not include any information in this email that you or someone else considers to be confidential or secret in nature. Prior to the establishment of a lawyer-client relationship, unsolicited emails from non-clients containing confidential or secret information cannot be protected from disclosure.