HHS OCR Settles HIPAA Security Rule Investigation with Top of the World Ranch Treatment Center
HHS OCR settled a HIPAA Security Rule investigation with Top of the World Ranch Treatment Center for failing to conduct adequate risk analysis following a phishing attack that compromised ePHI for 1,980 patients. The settlement marks OCR's 11th en...
My Take: Risk analysis isn't a nice-to-have document you dust off for audits—it's the thing that tells you phishing is coming and encryption matters. OCR keeps hammering this same nail because most covered entities still don't get it: if you haven't done a real risk analysis, you're just hoping nothing bad happens.