OCR: Cybersecurity needs to be a priority

Data security is a hot topic across all sectors of business—and healthcare is no exception. Federal regulators urged healthcare organizations to have plans in place to deal with security issues such as data breaches involving patient and business information.

The U.S. Department of Health & Human Services’ Office for Civil Rights (OCR) released a May 3 alert that discussed cybersecurity in terms of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

The OCR statement said most HIPAA-covered entities do not expect to be notified of security breaches. Also, they think managing such cybersecurity concerns are difficult and that it's nearly impossible to determine the readiness of business associates.

"As such, covered entities and business associates should consider how they will confront a breach at their business associates or subcontractors, respectively," the OCR statement read. "For example, since the Office of Personnel Management (OPM) had a data breach in 2015, OPM has been drafting new contract rules on reporting security incidents."

That breach affected more than 21 million individuals.

In the wake of OCR’s statement, the Brookings Institute released a report calling for federal agency to share more detailed reports related to data breaches.