Healthcare Information Security

HIPAA Compliance

HIPAA Business Associate Agreements: What Needs to be Included?

by Elizabeth Snell

Healthcare organizations should take the time to review the regulations for HIPAA Business Associate Agreements. The deadline for all HIPAA business associate agreements (BAAs) to be up to date and in line with the regulations set forth by the...

Fla. Court: HIPAA Not Violated in Malpractice Reform

by Elizabeth Snell

A federal appeals court ruled that it is not a HIPAA violation for physician defendants to have equal access to plaintiffs’ health information. Physician defendants can have equal access to plaintiffs’ health information, as it is not in...

Key HIPAA Compliance Resources for Healthcare Providers

by Sponsored Content

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was designed to improve the efficiency and effectiveness of the nation’s healthcare system. However, it is important for healthcare organizations to remain current on any...

West Virginia REC offers provider security, privacy tips

by Patrick Ouellette

The Office of the National Coordinator for Health Information Technology (ONC) shared news this week that Regional Extension Centers (RECs) have aided more than 100,000 healthcare organizations in EHR adoption and Stage 1 Meaningful Use attestation....

Updating HIPAA BAAs before Sept. 23, 2014: Compliance tips

by Patrick Ouellette

With fall quickly approaching, the last compliance piece to the HIPAA Omnibus Rule is coming up quick as well. As of September 23, 2014, all HIPAA business associate agreements (BAAs) must be up to date and in line with the regulations set forth...

UC Davis Health creates EHR, user access provisioning tool

by Patrick Ouellette

UC Davis Health System (UCDHS) recently published a study that detailed how it created a new tool that has improved clinical efficiency, user access provisioning and EHR security. UC Davis Health System was an early EHR adopter, but it had previously...

Healthcare cybersecurity, compliance: Avoidable breaches

by Patrick Ouellette

It’s safe to say that many healthcare IT security and compliance professionals read data breach headlines with great interest in that they’re both relieved it’s not their organization and are already thinking of what they can...

How healthcare can learn from retail’s IT security mistakes

by Patrick Ouellette

There’s little doubt the healthcare industry’s perception of security and compliance has changed to a serious one within the past few years. While regulatory demands and business needs are certainly strong drivers, what should healthcare...

How RECs can help providers with HIPAA education, awareness

by Patrick Ouellette

When small providers try to fill gaps in working toward maintaining HIPAA compliance, many healthcare experts see Regional Extension Centers (RECs) as valuable educational assets. There are 62 RECs across the United States that are working with...

HIPAA Omnibus Rule webcast: New regulation considerations

by Patrick Ouellette

Most experienced healthcare professionals know that there is no beginning or end to HIPAA compliance. Organizations must be continually working toward compliance while being able to show evidence of compliance. The HIPAA Omnibus Rule was released...

How healthcare providers should reinvest in IT security

by Patrick Ouellette

For years, Reza Chapman, who works in the Health Care Advisory Services practice at EY (formerly Ernst & Young), has seen healthcare organizations not invest as much as needed in IT security. As a result of HIPAA Omnibus Rule requirements...

Evidence of HIPAA compliance tips for healthcare providers

by Patrick Ouellette

Just last week, the Department of Health and Human Services (HHS) revealed $4.8 million worth of HIPAA fines for New York and Presbyterian Hospital and Columbia University. And Mac McMillan, CEO of CynergisTek, Inc., recently told

How will OCR fill HIPAA enforcement leadership openings?

by Patrick Ouellette

Now that Susan McAndrew, former Deputy Director for Health Information Privacy at the Office for Civil Rights (OCR), has retired, what will be the short and long-term effects within OCR? It’s important to note that McAndrew’s retirement...

Office for Civil Rights veteran Susan McAndrew retires

by Patrick Ouellette

Susan McAndrew, former Deputy Director for Health Information Privacy at the Office for Civil Rights (OCR), officially retired from Federal service on Friday, May 2, 2014. McAndrew was responsible for implementing and enforcing the HIPAA Security...

OIG report looks into Medicaid agency HIPAA BAA compliance

by Patrick Ouellette

A recent Office of Inspector General (OIG) report concentrated on how all 56 Medicaid agencies handle outsourcing administrative functions offshore, including whether they have HIPAA business associate agreements (BAAs) in place. The OIG found...

Unifying healthcare providers’ HIPAA and fundraising needs

by Patrick Ouellette

Ensuring that privacy and security needs don’t deter from a healthcare organization’s business initiatives, and vice-versa, requires the organization to have a strong understanding of the HIPAA Omnibus rule’s terminology. For...

Office for Civil Rights: HIPAA audits to be narrower in scope

by Patrick Ouellette

Details of the second phase Department of Health and Human Services (HHS) Office for Civil Rights (OCR) HIPAA audits are beginning to filter through and healthcare organizations would be smart to pay attention to OCR’s audit plans. It’s...

TigerText’s HIPAA guarantee: Provider, vendor ramifications

by Patrick Ouellette

Most healthcare professionals will agree that there are more secure messaging options out there than they can count. With different vendors competing against each other for hospital and provider business with their own versions of mobile platforms...

HHS, Medscape activity offers EHR privacy, security tips

by Patrick Ouellette

As the Department of Health and Human Services (HHS) reminded the HIMSS14 audience of a few months ago, HHS has been making concerted efforts to offer providers as many HIPAA related resources as possible. One of the latest pieces of content...

Involving nurses in mHealth strategy may boost security

by Patrick Ouellette

When considering how clinical and innovation requirements fit into their mobile strategy, some organizations don’t consider nurses’ needs as well. Spyglass Consulting Group recently released “Point of Care Communications for...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks