The Department of Health and Human Services is lowering its top fines for less egregious HIPAA violations. Meanwhile, it’s pledging to make a “big push” to enforce patients’ right to access their health records. HHS will keep its revised interpretation of the HITECH Act penalty caps in mind “for all enforcement operations,” says Roger Severino, director of the HHS Office for Civil Rights, which enforces HIPAA.
The agency says threat actors are targeting organizations' IT help desks with phone calls from a local area code claiming to be revenue cycle or administrator employees. After gaining access, they divert legitimate payments.