Healthcare Information Security

HIPAA and Compliance News

2016 OCR HIPAA Settlements Target Risk Analyses, Total $23.5M

by

With 2016 winding down, covered entities and their business associates cannot ease up when it comes to protecting PHI. As the OCR HIPAA settlements from the year have shown, there has been a strong focus on healthcare organizations conducting...

HIPAA Audits, Ransomware, Mobile Security Top 2016 Headlines

by

Healthcare data security is an ever-evolving area, with covered entities constantly working to ensure that they have the necessary tools in place to keep patient data safe. Over the past year, data breaches continued to be a hot topic in healthcare,...

ONC Fact Sheet Highlights HIPAA Health Data Sharing Points

by

Several situations where health data sharing is permissible under HIPAA regulations were recently highlighted in a new fact sheet released by the Office of the National Coordinator for Health IT Technology (ONC) and the HHS Office for Civil Rights...

HIPAA Privacy Changes Not in Recent 21st Century Cures Act

by

The House of Representatives passed the 21st Century Cures Act yesterday with a vote of 392 to 26. This latest version of the legislation did not include wording that could have made it possible to change the HIPAA Privacy Rule and potentially...

UMass Agrees to $650K OCR HIPAA Settlement after Allegations

by

Following alleged HIPAA violations stemming from a malware infection that potentially exposed the ePHI of 1,670 individuals, the University of Massachusetts Amherst (UMass) agreed to an OCR HIPAA settlement. Along with adhering to a corrective...

How HIPAA Rules Can Aid Evolving Technology, Not Hinder It

by

Communication technology is quickly evolving, and many healthcare providers are trying to keep pace. They could be looking to implement secure texting options or even consider communicating with patients through social media, but HIPAA rules...

OCR HIPAA Settlements Total $13.5M, Affect Entities and BAs

by

The Office for Civil Rights (OCR) has shown with several of its recent HIPAA settlements that both covered entities and business associates are liable for potential HIPAA violations. OCR has said that as healthcare technology continues to evolve...

Pharmaceutical Leaders Sentenced for HIPAA Violations, Fraud

by

Three former district managers of a pharmaceutical firm have been sentenced for their connection in committing HIPAA violations and healthcare fraud, according to a release from the District of Massachusetts U.S. Attorney’s Office (USAO)....

HIPAA Compliance Measures, Mobile Security Need Improvement

by

As more healthcare organizations implement mobile options, ensuring that they maintain HIPAA compliance is essential. However, if a recent survey is any indication, covered entities have room for improvement when it comes to their mobile security....

PHI Access Challenges Addressed in Recent ONC Resources

by

Healthcare organizations face numerous potential PHI access challenges, especially as more entities continue to adopt new EHRs, according to the Office of the National Coordinator (ONC). That is why ONC wanted to ensure that covered entities...

Addressing FTC Jurisdiction Over HIPAA Covered Entities

by

With the FTC recently releasing guidance on how HIPAA covered entities must adhere to the FTC Act in addition to HIPAA regulations, it is essential for healthcare organizations to be aware of the potential consequences for not doing so. When...

Why Businesses Must Adhere to FTC Act and HIPAA Privacy Rule

by

Businesses that collect and share consumer health information need to not only be mindful of the HIPAA Privacy Rule, but must also adhere to the FTC Act. The Federal Trade Commission (FTC) released new guidance on key privacy and security considerations...

St. Joseph Health Agrees to $2.14M OCR HIPAA Settlement

by

A health care delivery system recently agreed to an OCR HIPAA settlement following reports that it had publicly accessible files containing ePHI from 2011 to 2012. St. Joseph Health (SJH) notified OCR on February 14, 2012 that certain files containing...

OCR ‘Laser Focused’ on HIPAA Violation Complaints, Enforcement

by

While 2015 and 2016 saw the Office for Civil Rights (OCR) enter into a record number of settlement agreements, most of its received complaints do not involve an alleged HIPAA violation, according to HHS Director Jocelyn Samuels. Healthcare technology...

ONC, OCR Revise HIPAA Security Risk Assessment Tool

by

In an effort to ensure that healthcare organizations of all sizes can prepare for potential cybersecurity issues, the Office of the National Coordinator (ONC) and the Office for Civil Rights (OCR) recently updated the HIPAA Security Risk Assessment...

Provider PHI Access Key Aspect to HIPAA Privacy Rule

by

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently clarified that business associates cannot block provider PHI access or terminate that access under the HIPAA Privacy Rule. In a Frequently Asked Questions...

GAO Calls for More Guidance, Oversight in HIPAA Regulations

by

The Department of Health and Human Services (HHS) must improve its guidance and oversight of covered entities and their business associates when it comes to adhering to HIPAA regulations, according to a recent US Government Accountability Office...

Latest OCR HIPAA Settlement Highlights BAA Importance

by

Care New England Health System (CNE) agreed to an OCR HIPAA settlement after it was found to have not had a current business associate agreement in place to keep PHI secure. Woman & Infants Hospital of Rhode Island (WIH) was a CNE covered...

Are More State Data Breach Notification Laws Recognizing PHI?

by

Federal regulations, such as HIPAA and the HITECH Rule, garner the majority of attention when it comes to the data breach notification process. However, state laws also exist, and tend to vary. Covered entities and business associates must ensure...

The Role of HIM Professionals in HIPAA Compliance

by

Individuals in the health information management (HIM) field play a critical role in covered entities’ approaches to data security, especially HIPAA compliance. HIM professionals are often “acquiring, analyzing, and protecting digital...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks