Healthcare Information Security

HIPAA and Compliance News

Are More State Data Breach Notification Laws Recognizing PHI?

September 26, 2016 - Federal regulations, such as HIPAA and the HITECH Rule, garner the majority of attention when it comes to the data breach notification process. However, state laws also exist, and tend to vary. Covered entities and business associates must ensure they adhere to their state’s requirements for data breaches, along with the federal regulations. As technology continues to evolve, and medical...


Articles

The Role of HIM Professionals in HIPAA Compliance

by

Individuals in the health information management (HIM) field play a critical role in covered entities’ approaches to data security, especially HIPAA compliance. HIM professionals are often “acquiring, analyzing, and protecting digital...

Utilizing Business Associate Agreements in Breach Prevention

by

While no healthcare organization can guarantee that they will never fall victim to a data breach or cybersecurity attack, having the right tools in place can help to lessen the likelihood or even assist in recovering from a breach. Having necessary...

Maintaining HIPAA Compliance across Digital, Paper Records

by

Maintaining HIPAA compliance and numerous data privacy and security mandates is of paramount importance for healthcare organizations. Since HIPAA is not a one-size-fits-all regulatory regime, best practices for data privacy and security programs...

Monitoring Risk and Staying HIPAA Compliant

by

Effectively monitoring and managing potential risk is a key area for any covered entity or business associate. No organization wants to lapse in staying HIPAA compliant, as the ramifications could be detrimental to patients and the business itself....

Why Lacking Risk Assessments May Lead to OCR HIPAA Settlements

by

Healthcare organizations cannot afford to skip out on conducting regular risk assessments, according to several recent OCR HIPAA settlements. Failing to identify potential risks and vulnerabilities in ePHI security could lead to healthcare data...

Why Latest OCR HIPAA Audits are About Compliance, Action

by

The Office for Civil Rights (OCR) announced the second round of its HIPAA audit program on July 11, 2016, sending out notification emails to 167 covered entities. The desk audits will review how healthcare organizations adhere to the HIPAA Privacy,...

OCR Aims to Improve Smaller Data Breach Investigation Process

by

Starting in August 2016, the Office for Civil Rights (OCR) will start an initiative to better investigate smaller data breaches. The data breach investigation process will look further into the root causes of incidents affecting fewer than 500...

The Role of Nurses in HIPAA Compliance, Healthcare Security

by

Nurses deal with private information all day every day, from nursing stations and offices to exam rooms to patient bedsides to operating rooms. However, due to their focus on a patient’s health and their constant contact with patient data,...

Advocate Health Care Agrees to $5.55M OCR HIPAA Settlement

by

UPDATE: Since publication of this report, Advocate has issued an official statement on the settlement.  Illinois-based healthcare system Advocate Health Care (Advocate) recently agreed to a $5.5 million OCR HIPAA settlement, stemming from...

Build a Strong Security Baseline with the HIPAA Security Rule

by

Performing regular system updates, conducting annual employee training, and ensuring comprehensive backup plans with disaster recovery planning are all key tools in preparing for healthcare ransomware attacks, according to Matt Fisher, chair...

OCR Clarifies HIPAA Desk Audits, Unique Device Identifiers

by

With the Office for Civil Rights (OCR) announcing the HIPAA desk audits earlier this month, the Department of Health and Human Services (HHS) wanted to ensure that covered entities fully understand the process and how it will potentially affect...

Latest Round of OCR HIPAA Audits Not a Reason for Panic

by

The second round of the OCR HIPAA audits is officially underway, with desk audits being announced in July 2016. Notification letters were sent out to 167 covered entities on Monday, July 11, that they had been selected for the desk audit portion...

UMMC Agrees to $2.75M HIPAA Settlement after Multiple Violations

by

Following numerous reports of alleged HIPAA violations that led to a healthcare data breach, the University of Mississippi Medical Center (UMMC) recently agreed to a $2.75 million HIPAA settlement. The Office for Civil Rights (OCR) explained...

What Does Increased Patient Access Mean for HIPAA Compliance?

by

More individuals than ever before now have electronic access to their own health information, according to a recent report from the American Hospital Association (AHA). However, organizations are required to offer patient access as part of their...

OHSU Health Data Breaches Lead to $2.7M OCR Agreement

by

Oregon Health and Science University (OHSU) recently signed a resolution agreement with the Office for Civil Rights (OCR) following two health data breaches it suffered in 2013. OHSU will pay $2.7 million as part of the agreement, and will also...

Desk Audits Begin for OCR Phase Two HIPAA Audits

by

The Office for Civil Rights (OCR) officially launched phase two of its HIPAA audit program earlier this week, sending out notification letters to selected covered entities. The letters were sent out on July 11, according to an OCR email, with...

Ensuring HIPAA Compliance Before a Potential HIPAA Audit

by

Businesses and healthcare providers are facing increasing pressure to meet and maintain HIPAA compliance standards. The Office for Civil Rights (OCR) announced it will be performing a new round of random audits throughout 2016. Before 2016, 98...

HHS Releases Healthcare Ransomware, HIPAA Guidance

by

Conducting a risk analysis, regular user training, and maintaining an overall contingency plan are just a few of the recommendations from the Department of Health and Human Services (HHS) in its recent healthcare ransomware and HIPAA guidance....

Are Insurance Companies Liable for Possible HIPAA Violations?

by

An appellate court recently ruled that an insurance company was required to defend a hospital in a class-action complaint that the hospital in question was responsible for potential HIPAA violations. The Travelers Indemnity Company of America...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks