The Office of Civil Rights (OCR) at the Department of Health and Human Services (HHS) has issued a new fact sheet providing guidance to entities that have patient medical records covered under the Health Insurance Portability and Accountability Act (HIPAA).  The fact sheet identifies the types of information security measures that these entities should have in place to prevent a cyber or ransomware attack (www.hhs.gov; “FACT SHEET: Ransomware and HIPAA”).

Although not addressed to consumers, the FACT SHEET is worth reading for educational purposes. For example, the OCR HHS fact sheet underscores the notification obligations of an organization that experiences a ransomware breach.

Reading the OCR HHS FACT SHEET  will help consumers understand the kinds of security safeguards OCR HHS recommends for their medical providers as well as others in the health industry.  That way, in case of a breach, consumers can know what information they should receive and be pro-active if they haven’t gotten timely notification.