If you are the victim of ransomware or have cyber threat indicators to share
If you or your organization is the victim of a ransomware attack, please contact law enforcement immediately.
Contact your FBI Field Office Cyber Task Force, at https://www.fbi.gov/contact-us/field-offices/field-offices , immediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
For further analysis and healthcare-specific indicator sharing, please also share these indicators with the HHS Healthcare Cybersecurity and Communications Integration Center (HCCIC) via email to HCCIC_RM@hhs.gov
The HHS Office of Civil Rights (OCR) has issued a new FAQ clarifying that the HIPAA Privacy Rule permits disclosures to loved ones regardless of whether they are recognized as relatives under applicable law. The FAQ, while applicable in a variety of circumstances, was developed in large part to address confusion following the 2016 Orlando nightclub shooting about whether and when hospitals may share protected health information with patients’ loved ones. In particular, the FAQ makes clear that the potential recipients of information under the relevant permissive disclosure provisions of the law are not limited by the sex or gender identity of the person.
In tandem, OCR is updating its existing Guidance on several provisions within the HIPAA Privacy Rule that recognize the integral role that a spouse often plays in a patient’s health and health care. Consistent with a recent Supreme Court decision, OCR is issuing updated guidance that makes clear that the terms marriage, spouse, and family member include, respectively, all lawful marriages (whether same-sex or opposite-sex), lawfully married spouses and the dependents of all lawful marriages, and clarifies certain rights of individuals under the Privacy Rule.
On November 1, 2016 CMS will hold an Open Door Forum conference call on the removal of Social Security Numbers from Health Insurance Claim Numbers (HICN). HICNs will be replaced by randomly created Medicare Beneficiary Identifiers (MBIs) starting in 2018. For more information see https://nwrnbulletins.wordpress.com/2016/09/29/mbi-replaces-hicn/ .
The call well be held at 11am PDT, 800-837-1935, conference ID 98745631. For TTY services, dial 800-855-2880. CMS requests that participants dial in at least fifteen minutes before the scheduled start time.
CMS has also advised that between now and 2018, all patients and facilities should make sure that their mailing addresses are kept current. MBIs will be mailed to patients, and facilities will have to ask patients for their MBI. Patient addresses in the Medicare, SSA, and CROWNWeb databases should all agree, with a correct and complete address to which the US Postal Service delivers.
Over the next three years, CMS will replace their traditional Health Insurance Claim Number (HICN) patient identifiers with a new Medicare Beneficiary Identifier (MBI). New Medicare Cards will be sent to all Medicare beneficiaries starting in April 2018, and all providers will be expected to have modified their software to accept MBIs by then. Between April 2018 and December 2019, either the HICN or the MBI will be accepted by CMS. After December 2019, the HICN will no longer be accepted.
Medicare acknowledges Consumer Protection Week by publishing a table of guidelines to help medical consumers make important choices about finances, health, privacy, and more, in their “Five Ways to Become an Informed Medical Consumer” post on the official Medicare Blog. Each of the Five Ways links to in-depth information. Find the post at http://blog.medicare.gov/2016/03/07/informed-medicare-consumer/ .
Another effort to increase protections for medical consumers is the CDC Foundation Safe Injection Practices Coalition’s “One and Only Campaign,” using the motto “One Needle, One Syringe, Only One Time.” You can find a great deal more information about this campaign at http://www.oneandonlycampaign.org/ .