Healthcare Information Security

HIPAA and Compliance News

Preparing for an OCR HIPAA Risk Assessment Audit

March 27, 2017 - While healthcare organizations should not panic over the idea of a potential HIPAA audit or risk assessment, they should ensure that their privacy and security measures are comprehensive and current. This will not only keep sensitive data, such as PHI, secure, but it will also help the entire audit process run smoothly. Night Nurse, a 24-hour, 365 day per-year triage support and medical-home...


Articles

Administrative Safeguard Need Highlighted in PA Indictment

by

Healthcare organizations must ensure that they have comprehensive and regularly updated administrative safeguards, such as user authentication measures and proper access control. A failure to have these in place, or having outdated ones, could...

How Do HIPAA Regulations Apply to Wearable Devices?

by

Both covered entities and business associates should be well-aware of the OCR HIPAA audit program, especially as Phase 2 has been underway for several months now. However, as technology continues to evolve, there are also several areas that could...

Expanding Beyond HIPAA Audit Prep for Information Governance

by

Earlier this month, the American Health Information Management Association (AHIMA) published its newest toolkit to assist organizations in preparing for HIPAA audits. The “External HIPAA Audit Readiness Toolkit” addresses...

Audit Controls Underlined in $5.5M OCR HIPAA Settlement

by

UPDATE: Memorial Healthcare System sent comments to HealthITSecurity.com on February 17.  Florida-based Memorial Healthcare Systems (MHS) recently agreed to a $5.5 million OCR HIPAA settlement, stemming from incidents that were reported...

Lawsuit Filed to Avoid Potential Health Data Exposure Fines

by

A Wisconsin-based publishing company recently filed a lawsuit claiming that it is being exposed to potential liability for unauthorized exposure of individuals’ personal health data. The concern over possible health information exposure...

Children’s Medical Center Issued $3.2M OCR HIPAA Penalty

by

Children’s Medical Center of Dallas (Children’s) was recently given an OCR HIPAA civil money penalty due to ePHI disclosure and several years of HIPAA non-compliance, according to a Department of Health and Human Services (HHS) release....

Considering HIPAA Privacy Rule with Mental Health Data

by

The permitted uses and disclosures of PHI in the HIPAA Privacy Rule were key considerations in a recently passed bill package, which included reforms for patients being treated for mental health conditions. The Helping Families in Mental Health...

$2.2M OCR HIPAA Settlement Highlights ePHI Safeguard Need

by

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced a HIPAA settlement stemming from allegations of a lack of ePHI safeguards. MAPFRE Life Insurance Company of Puerto Rico (MAPFRE) agreed to the...

Focusing on Audit Controls to Maintain PHI Security

by

Reviewing and securing audit trails, while also ensuring the proper tools to collect, monitor, and review those audit trails are in place are key audit control considerations for covered entities and business associates, according to the Office...

ONC, OCR Fact Sheet Discusses HIPAA Health Data Exchange

by

In an effort to answer questions over how oversight agencies can receive information in health data exchange, the Office of the National Coordinator (ONC) and Office for Civil Rights (OCR) released a fact sheet discussing how HIPAA allows such...

OCR Clarifies PHI Disclosure Guidance in HIPAA Privacy Rule

by

Partially due to legal confusion following the 2016 Orlando nightclub shooting, the Office for Civil Rights (OCR) has released an FAQ clarifying certain aspects of PHI disclosure policies with patients’ loved ones under the HIPAA Privacy...

Breach Notification Center of Presence Health HIPAA Settlement

by

Healthcare network Presence Health recently agreed to a $475,000 OCR HIPAA settlement following a reported data breach and a subsequent delayed breach notification process. Presence submitted a breach notification report to OCR on January 31,...

Easing HIPAA Violation Concerns with Patient Data Access

by

While the healthcare sector continues to work toward achieving nationwide interoperability, concerns over potential HIPAA violations with regard to patient data access is also on the rise. Covered entities need to allow individuals access to...

Utilizing Risk Analyses for Comprehensive HIPAA Compliance

by

As technology continues to evolve and become more intricate, covered entities and their business associates have to ensure they account for potential risk in all aspects of their organization. A key part to complete HIPAA compliance is an updated...

2016 OCR HIPAA Settlements Target Risk Analyses, Total $23.5M

by

With 2016 winding down, covered entities and their business associates cannot ease up when it comes to protecting PHI. As the OCR HIPAA settlements from the year have shown, there has been a strong focus on healthcare organizations conducting...

HIPAA Audits, Ransomware, Mobile Security Top 2016 Headlines

by

Healthcare data security is an ever-evolving area, with covered entities constantly working to ensure that they have the necessary tools in place to keep patient data safe. Over the past year, data breaches continued to be a hot topic in healthcare,...

ONC Fact Sheet Highlights HIPAA Health Data Sharing Points

by

Several situations where health data sharing is permissible under HIPAA regulations were recently highlighted in a new fact sheet released by the Office of the National Coordinator for Health IT Technology (ONC) and the HHS Office for Civil Rights...

HIPAA Privacy Changes Not in Recent 21st Century Cures Act

by

The House of Representatives passed the 21st Century Cures Act yesterday with a vote of 392 to 26. This latest version of the legislation did not include wording that could have made it possible to change the HIPAA Privacy Rule and potentially...

UMass Agrees to $650K OCR HIPAA Settlement after Allegations

by

Following alleged HIPAA violations stemming from a malware infection that potentially exposed the ePHI of 1,670 individuals, the University of Massachusetts Amherst (UMass) agreed to an OCR HIPAA settlement. Along with adhering to a corrective...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks