chevron-down Created with Sketch Beta.
October 27, 2023

HHS Office for Civil Rights Releases Cybersecurity Newsletter Regarding Sanction Policies and HIPAA Compliance

In the October edition of the U.S. Department of Health and Human Services Office for Civil Rights (OCR) cybersecurity newsletter, OCR published a memo regarding the use of “sanction policies” to support HIPAA compliance. Sanction policies establish a framework for HIPAA-regulated entities to sanction employees who violate the entities’ privacy policies and procedures. Reiterating thatHIPAA requires regulated entities to adopt sanction policies, OCR’s newsletter provides guidance on how the policies function, and what the policies should look like.

The material in all ABA publications is copyrighted and may be reprinted by permission only. Request reprint permission here.