Healthcare Information Security

HIPAA and Compliance News

Why Businesses Must Adhere to FTC Act and HIPAA Privacy Rule

October 24, 2016 - Businesses that collect and share consumer health information need to not only be mindful of the HIPAA Privacy Rule, but must also adhere to the FTC Act. The Federal Trade Commission (FTC) released new guidance on key privacy and security considerations for organizations that handle consumer health data. While businesses must follow HIPAA regulations, they must also ensure that their disclosure...


St. Joseph Health Agrees to $2.14M OCR HIPAA Settlement


A health care delivery system recently agreed to an OCR HIPAA settlement following reports that it had publicly accessible files containing ePHI from 2011 to 2012. St. Joseph Health (SJH) notified OCR on February 14, 2012 that certain files containing...

OCR ‘Laser Focused’ on HIPAA Violation Complaints, Enforcement


While 2015 and 2016 saw the Office for Civil Rights (OCR) enter into a record number of settlement agreements, most of its received complaints do not involve an alleged HIPAA violation, according to HHS Director Jocelyn Samuels. Healthcare technology...

ONC, OCR Revise HIPAA Security Risk Assessment Tool


In an effort to ensure that healthcare organizations of all sizes can prepare for potential cybersecurity issues, the Office of the National Coordinator (ONC) and the Office for Civil Rights (OCR) recently updated the HIPAA Security Risk Assessment...

Provider PHI Access Key Aspect to HIPAA Privacy Rule


The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently clarified that business associates cannot block provider PHI access or terminate that access under the HIPAA Privacy Rule. In a Frequently Asked Questions...

GAO Calls for More Guidance, Oversight in HIPAA Regulations


The Department of Health and Human Services (HHS) must improve its guidance and oversight of covered entities and their business associates when it comes to adhering to HIPAA regulations, according to a recent US Government Accountability Office...

Latest OCR HIPAA Settlement Highlights BAA Importance


Care New England Health System (CNE) agreed to an OCR HIPAA settlement after it was found to have not had a current business associate agreement in place to keep PHI secure. Woman & Infants Hospital of Rhode Island (WIH) was a CNE covered...

Are More State Data Breach Notification Laws Recognizing PHI?


Federal regulations, such as HIPAA and the HITECH Rule, garner the majority of attention when it comes to the data breach notification process. However, state laws also exist, and tend to vary. Covered entities and business associates must ensure...

The Role of HIM Professionals in HIPAA Compliance


Individuals in the health information management (HIM) field play a critical role in covered entities’ approaches to data security, especially HIPAA compliance. HIM professionals are often “acquiring, analyzing, and protecting digital...

Utilizing Business Associate Agreements in Breach Prevention


While no healthcare organization can guarantee that they will never fall victim to a data breach or cybersecurity attack, having the right tools in place can help to lessen the likelihood or even assist in recovering from a breach. Having necessary...

Maintaining HIPAA Compliance across Digital, Paper Records


Maintaining HIPAA compliance and numerous data privacy and security mandates is of paramount importance for healthcare organizations. Since HIPAA is not a one-size-fits-all regulatory regime, best practices for data privacy and security programs...

Monitoring Risk and Staying HIPAA Compliant


Effectively monitoring and managing potential risk is a key area for any covered entity or business associate. No organization wants to lapse in staying HIPAA compliant, as the ramifications could be detrimental to patients and the business itself....

Why Lacking Risk Assessments May Lead to OCR HIPAA Settlements


Healthcare organizations cannot afford to skip out on conducting regular risk assessments, according to several recent OCR HIPAA settlements. Failing to identify potential risks and vulnerabilities in ePHI security could lead to healthcare data...

Why Latest OCR HIPAA Audits are About Compliance, Action


The Office for Civil Rights (OCR) announced the second round of its HIPAA audit program on July 11, 2016, sending out notification emails to 167 covered entities. The desk audits will review how healthcare organizations adhere to the HIPAA Privacy,...

OCR Aims to Improve Smaller Data Breach Investigation Process


Starting in August 2016, the Office for Civil Rights (OCR) will start an initiative to better investigate smaller data breaches. The data breach investigation process will look further into the root causes of incidents affecting fewer than 500...

The Role of Nurses in HIPAA Compliance, Healthcare Security


Nurses deal with private information all day every day, from nursing stations and offices to exam rooms to patient bedsides to operating rooms. However, due to their focus on a patient’s health and their constant contact with patient data,...

Advocate Health Care Agrees to $5.55M OCR HIPAA Settlement


UPDATE: Since publication of this report, Advocate has issued an official statement on the settlement.  Illinois-based healthcare system Advocate Health Care (Advocate) recently agreed to a $5.5 million OCR HIPAA settlement, stemming from...

Build a Strong Security Baseline with the HIPAA Security Rule


Performing regular system updates, conducting annual employee training, and ensuring comprehensive backup plans with disaster recovery planning are all key tools in preparing for healthcare ransomware attacks, according to Matt Fisher, chair...

OCR Clarifies HIPAA Desk Audits, Unique Device Identifiers


With the Office for Civil Rights (OCR) announcing the HIPAA desk audits earlier this month, the Department of Health and Human Services (HHS) wanted to ensure that covered entities fully understand the process and how it will potentially affect...

Latest Round of OCR HIPAA Audits Not a Reason for Panic


The second round of the OCR HIPAA audits is officially underway, with desk audits being announced in July 2016. Notification letters were sent out to 167 covered entities on Monday, July 11, that they had been selected for the desk audit portion...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks