In June, the U.S. Department of Health and Human Services' Office for Civil Rights ("OCR") issued guidance on reducing risks that software poses to electronic protected health information ("ePHI"), such as installing patches or restricting network access as appropriate on all types of devices that store ePHI, including phones, computers, servers, and routers. The OCR pointed to the United States Computer Emergency Readiness Team and Health Insurance Portability and Accountability Act ("HIPAA") Administrative Safeguards as additional resources.
OCR Issues Guidance On Unpatched Software Risks To ePHI
Jones Day
Contributor
Jones Day is a global law firm with more than 2,500 lawyers across five continents. The Firm is distinguished by a singular tradition of client service; the mutual commitment to, and the seamless collaboration of, a true partnership; formidable legal talent across multiple disciplines and jurisdictions; and shared professional values that focus on client needs.
In June, the U.S. Department of Health and Human Services' Office for Civil Rights ("OCR") issued guidance on reducing risks that software poses to electronic protected health information ("ePHI"),
