Healthcare Information Security

HIPAA Compliance

EHNAC, HITRUST Combine HIPAA Security Criteria, CSF Framework

October 19, 2016 - The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) are collaborating to streamline their accreditation and certification programs. EHNAC will replace its HIPAA-related privacy and security criteria with the HITRUST CSF provisions and controls, the two organizations explained in a statement. However, EHNAC will still maintain...


Attorneys Find Healthcare Cybersecurity Threats Increasing

by Elizabeth Snell

The majority of corporate healthcare attorneys have found that healthcare cybersecurity threats are increasing, and that they are being called upon more often to evaluate whether a security incident implicates reporting obligations. A survey...

ONC, OCR Revise HIPAA Security Risk Assessment Tool

by Elizabeth Snell

In an effort to ensure that healthcare organizations of all sizes can prepare for potential cybersecurity issues, the Office of the National Coordinator (ONC) and the Office for Civil Rights (OCR) recently updated the HIPAA Security Risk Assessment...

HHS Releases Updated HIPAA Cloud Computing Guidance

by Elizabeth Snell

The Department of Health and Human Services (HHS) recently released updated HIPAA cloud computing guidance to help covered entities and business associates understand how to take advantage of cloud computing while still remaining HIPAA compliant....

Are More State Data Breach Notification Laws Recognizing PHI?

by Elizabeth Snell

Federal regulations, such as HIPAA and the HITECH Rule, garner the majority of attention when it comes to the data breach notification process. However, state laws also exist, and tend to vary. Covered entities and business associates must ensure...

The Role of HIM Professionals in HIPAA Compliance

by Elizabeth Snell

Individuals in the health information management (HIM) field play a critical role in covered entities’ approaches to data security, especially HIPAA compliance. HIM professionals are often “acquiring, analyzing, and protecting digital...

Maintaining HIPAA Compliance across Digital, Paper Records

by David Harlow

Maintaining HIPAA compliance and numerous data privacy and security mandates is of paramount importance for healthcare organizations. Since HIPAA is not a one-size-fits-all regulatory regime, best practices for data privacy and security programs...

Monitoring Risk and Staying HIPAA Compliant

by Elizabeth Snell

Effectively monitoring and managing potential risk is a key area for any covered entity or business associate. No organization wants to lapse in staying HIPAA compliant, as the ramifications could be detrimental to patients and the business itself....

The Role of Nurses in HIPAA Compliance, Healthcare Security

by Kate Borten of The Marblehead Group

Nurses deal with private information all day every day, from nursing stations and offices to exam rooms to patient bedsides to operating rooms. However, due to their focus on a patient’s health and their constant contact with patient data,...

Why Healthcare Data Security, Compliance Issues Go Untreated

by Dave Brunswick of Cleo Communications

If there ever was a pulse of healthcare operations, it’s data. From patient enrollment forms, electronic health records, and health insurance information, the amount of electronic data flowing through the medical community increases every...

How HIPAA Compliance Can Help Against Ransomware Attacks

by Sheri Stoltenberg

As many as 4,000 ransomware attacks have occurred each day since January 1, 2016, with an increasing number of them targeting the healthcare industry. In one of the most costly attacks to date on a hospital, Hollywood Presbyterian Medical Center...

What Does Increased Patient Access Mean for HIPAA Compliance?

by Elizabeth Snell

More individuals than ever before now have electronic access to their own health information, according to a recent report from the American Hospital Association (AHA). However, organizations are required to offer patient access as part of their...

Desk Audits Begin for OCR Phase Two HIPAA Audits

by Elizabeth Snell

The Office for Civil Rights (OCR) officially launched phase two of its HIPAA audit program earlier this week, sending out notification letters to selected covered entities. The letters were sent out on July 11, according to an OCR email, with...

Ensuring HIPAA Compliance Before a Potential HIPAA Audit

by Clyde Bennett of Aldridge Health

Businesses and healthcare providers are facing increasing pressure to meet and maintain HIPAA compliance standards. The Office for Civil Rights (OCR) announced it will be performing a new round of random audits throughout 2016. Before 2016, 98...

Are Insurance Companies Liable for Possible HIPAA Violations?

by Elizabeth Snell

An appellate court recently ruled that an insurance company was required to defend a hospital in a class-action complaint that the hospital in question was responsible for potential HIPAA violations. The Travelers Indemnity Company of America...

OCR HIPAA Settlements Highlight PHI Disclosure, Compliance

by Elizabeth Snell

Understanding the proper safeguards when it comes to HIPAA compliance, following proper PHI disclosure methods, and implementing comprehensive business associate agreements are all key areas to keeping data secure, according to the 2016 OCR HIPAA...

HIPAA Minimum Necessary Standard Discussed in Hearing

by Elizabeth Snell

The National Committee on Vital and Health Statistics’ (NCVHS) subcommittee on privacy, confidentiality, and security held a hearing last week to help the Department of Health and Human Services (HHS) develop better guidance on the HIPAA...

How Do HIPAA Rules, Patient Privacy Apply in Emergencies?

by Elizabeth Snell

No healthcare organization wants to compromise patient privacy, and HIPAA rules were designed to ensure that this does not occur.   Covered entities of all sizes should understand how the HIPAA Privacy Rule applies in various situations....

Patients Allege Genetics Company Violated HIPAA Regulations

by Jacqueline Belliveau

Four patients have alleged that a genetic testing company violated HIPAA regulations after it initially refused to provide them with their complete genetic test results, reported an official press release from the American Civil Liberties Union,...

Is Patient Privacy Violated with New Wellness Program Rules?

by Jacqueline Belliveau

The recent revisions to the Americans with Disabilities Act (ADA) and the Genetic Information Nondiscrimination Act (GINA) violate patient privacy regulations, announced the American Society of Human Genetics (ASHG) in an official press release....


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks