Healthcare Information Security

HIPAA and Compliance News

ONC: HIPAA Regulations Help, Not Hinder Interoperability

February 5, 2016 - It is a common misconception that HIPAA regulations hinder covered entities’ ability to move patient information, according to a recent blog post by ONC Chief Privacy Officer Lucia Savage, J.D. and ONC Privacy Analyst Aja Brooks, J.D. Contrary to the widely believed misconception, HIPAA enables interoperability in many ways, according to the duo. Along with protecting PHI, HIPAA allows...


Articles

Home Health Provider to Pay $240K in HIPAA Violation Fines

by

Lincare, Inc., will need to pay $239,800 in fines for a HIPAA violation, according to a notice from the Office for Civil Rights. This decision comes from an Administrative Law Judge (ALJ) at the Department of Health and Human Services following...

Are You Prepared for the OCR HIPAA Audits?

by

If Paul Revere were alive today, instead of warning, “The British are coming!” he might proclaim to healthcare organizations, “The auditors are coming! Be prepared!” Although the HITECH Act audit requirement became effective...

What are Top HIPAA Compliance Concerns, Obstacles?

by

Maintaining HIPAA compliance should always be a key area for leaders in the healthcare industry, but as technology continues to evolve, there are numerous factors coming into play that could affect how organizations keep patient data secure....

Understanding Physical Safeguards, Healthcare Data Security

by

When creating strong healthcare data security measures, physical safeguards serve as a primary line of defense from potential threats. The Department of Health & Human Services (HHS) defines physical safeguards as the following: Physical...

HIPAA Regulation Updates Bring Mixed Reactions, Concerns

by

The executive order from earlier this month that brought forth changes to HIPAA regulations has been met with both positive and negative reactions thus far. Some groups state the modifications will help reduce violence and firearm injuries, while...

Are Better HIPAA Guidelines Needed for Health Apps, Devices?

by

The recent OCR HIPAA guidelines discussing patient access to health records is a positive step forward, according to one association, but more needs to be done to ensure better regulations for health apps and device companies. ACT | The App Association...

HHS Releases Patient Right of Access Under HIPAA Fact Sheet

by

Earlier this week the Department of Health and Human Services (HHS) released a fact sheet outlining important points in HIPAA regulations about patient right of access to their own health information. Office for Civil Rights (OCR) Director Jocelyn...

FAS Discusses Federal and State Data Breach, Security Laws

by

It seems as though 2015 was the year of the data breach, especially in the healthcare industry. As a means to regulate these data breaches and ensure adequate notification to individuals whose information had been compromised, several pieces...

HIPAA Privacy Rule Changes Proposed for Background Checks

by

The Department of Health and Human Services (HHS) announced potential modifications to the HIPAA Privacy Rule in an effort to improve the background check process individuals go through in order to purchase a firearm.   Under the changes,...

How Administrative Safeguards Can Prevent Data Breaches

by

Preventing healthcare data breaches is a common goal for covered entities of all sizes. It can be easy to let the importance of administrative safeguards fall behind other areas, such as concerns over hacking and stolen devices, but organizations...

Lessons Learned From the 2015 OCR HIPAA Settlements

by

Maintaining HIPAA compliance should always be a top priority for covered entities and their business associates, but this is not always a simple feat to accomplish. The 2015 OCR HIPAA settlements are all examples of how a seemingly simple oversight...

Stage 3 Meaningful Use Overlaps With HIPAA, CHIME Says

by

Stage 3 Meaningful Use requirements are burdensome, and more time is needed for healthcare providers to properly adjust, the College of Healthcare Information Management Executives (CHIME) said in a recent letter to the Centers for Medicare &...

Lack of Risk Assessment Key in UWM $750K HIPAA Settlement

by

The University of Washington Medicine (UWM) recently agreed to a $750,000 fine as part of a HIPAA settlement, which was the result of a 2013 incident. UWM filed a breach report to OCR November 27, 2013, where an email containing malicious malware...

Lawyers Break Down 2016 HIPAA Audits, Connected Devices

by

The increase in connected medical devices and the reportedly upcoming second round of OCR HIPAA audits are some of the top areas to watch next year in terms of healthcare data privacy and security, according to lawyers who specialize in the industry....

State HIPAA Settlement Reached in URMC Data Breach Case

by

New York Attorney General Eric T. Schneiderman reached a HIPAA settlement with the University of Rochester Medical Center (URMC), following a healthcare data breach from last spring that compromised approximately 3,400 patients’ PHI. As...

Lahey Hospital Agrees to $850K OCR HIPAA Settlement

by

Lahey Clinic Hospital, Inc. (Lahey) agreed to an OCR HIPAA settlement that stemmed from a 2011 incident where an unencrypted laptop was stolen, potentially compromising the PHI of 599 individuals. Lahey was fined $850,000 as part of the settlement...

The OCR HIPAA Compliance Audits Procedure: A Review

by

The Department of Health & Human Services (HHS) Office for Civil Rights (OCR) has reportedly begun to implement its next round of HIPAA compliance audits, set to take place in the early part of 2016. Earlier this week, HealthITSecurity.com...

Reviewing HIPAA Compliance Enforcement Actions

by

With the next round of OCR HIPAA audits reportedly set to take place next year, no healthcare organization can assume that it will not be affected. To the same effect, business associates must also ensure that they are in full HIPAA compliance....

PHI Data Breach Leads to $90K Agreement for Conn. Hospital

by

A PHI data breach that took place in 2012 recently resulted in a Connecticut hospital and one of its contractors having to pay $90,000 to the state. Hartford Hospital and EMC Corporation both signed an agreement saying they would pay the state...

Continue to site...