Healthcare Information Security

HIPAA and Compliance News

OCR HIPAA Settlements Total $13.5M, Affect Entities and BAs

by

The Office for Civil Rights (OCR) has shown with several of its recent HIPAA settlements that both covered entities and business associates are liable for potential HIPAA violations. OCR has said that as healthcare technology continues to evolve...

Pharmaceutical Leaders Sentenced for HIPAA Violations, Fraud

by

Three former district managers of a pharmaceutical firm have been sentenced for their connection in committing HIPAA violations and healthcare fraud, according to a release from the District of Massachusetts U.S. Attorney’s Office (USAO)....

HIPAA Compliance Measures, Mobile Security Need Improvement

by

As more healthcare organizations implement mobile options, ensuring that they maintain HIPAA compliance is essential. However, if a recent survey is any indication, covered entities have room for improvement when it comes to their mobile security....

PHI Access Challenges Addressed in Recent ONC Resources

by

Healthcare organizations face numerous potential PHI access challenges, especially as more entities continue to adopt new EHRs, according to the Office of the National Coordinator (ONC). That is why ONC wanted to ensure that covered entities...

Addressing FTC Jurisdiction Over HIPAA Covered Entities

by

With the FTC recently releasing guidance on how HIPAA covered entities must adhere to the FTC Act in addition to HIPAA regulations, it is essential for healthcare organizations to be aware of the potential consequences for not doing so. When...

Why Businesses Must Adhere to FTC Act and HIPAA Privacy Rule

by

Businesses that collect and share consumer health information need to not only be mindful of the HIPAA Privacy Rule, but must also adhere to the FTC Act. The Federal Trade Commission (FTC) released new guidance on key privacy and security considerations...

St. Joseph Health Agrees to $2.14M OCR HIPAA Settlement

by

A health care delivery system recently agreed to an OCR HIPAA settlement following reports that it had publicly accessible files containing ePHI from 2011 to 2012. St. Joseph Health (SJH) notified OCR on February 14, 2012 that certain files containing...

OCR ‘Laser Focused’ on HIPAA Violation Complaints, Enforcement

by

While 2015 and 2016 saw the Office for Civil Rights (OCR) enter into a record number of settlement agreements, most of its received complaints do not involve an alleged HIPAA violation, according to HHS Director Jocelyn Samuels. Healthcare technology...

ONC, OCR Revise HIPAA Security Risk Assessment Tool

by

In an effort to ensure that healthcare organizations of all sizes can prepare for potential cybersecurity issues, the Office of the National Coordinator (ONC) and the Office for Civil Rights (OCR) recently updated the HIPAA Security Risk Assessment...

Provider PHI Access Key Aspect to HIPAA Privacy Rule

by

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently clarified that business associates cannot block provider PHI access or terminate that access under the HIPAA Privacy Rule. In a Frequently Asked Questions...

GAO Calls for More Guidance, Oversight in HIPAA Regulations

by

The Department of Health and Human Services (HHS) must improve its guidance and oversight of covered entities and their business associates when it comes to adhering to HIPAA regulations, according to a recent US Government Accountability Office...

Latest OCR HIPAA Settlement Highlights BAA Importance

by

Care New England Health System (CNE) agreed to an OCR HIPAA settlement after it was found to have not had a current business associate agreement in place to keep PHI secure. Woman & Infants Hospital of Rhode Island (WIH) was a CNE covered...

Are More State Data Breach Notification Laws Recognizing PHI?

by

Federal regulations, such as HIPAA and the HITECH Rule, garner the majority of attention when it comes to the data breach notification process. However, state laws also exist, and tend to vary. Covered entities and business associates must ensure...

The Role of HIM Professionals in HIPAA Compliance

by

Individuals in the health information management (HIM) field play a critical role in covered entities’ approaches to data security, especially HIPAA compliance. HIM professionals are often “acquiring, analyzing, and protecting digital...

Utilizing Business Associate Agreements in Breach Prevention

by

While no healthcare organization can guarantee that they will never fall victim to a data breach or cybersecurity attack, having the right tools in place can help to lessen the likelihood or even assist in recovering from a breach. Having necessary...

Maintaining HIPAA Compliance across Digital, Paper Records

by

Maintaining HIPAA compliance and numerous data privacy and security mandates is of paramount importance for healthcare organizations. Since HIPAA is not a one-size-fits-all regulatory regime, best practices for data privacy and security programs...

Monitoring Risk and Staying HIPAA Compliant

by

Effectively monitoring and managing potential risk is a key area for any covered entity or business associate. No organization wants to lapse in staying HIPAA compliant, as the ramifications could be detrimental to patients and the business itself....

Why Lacking Risk Assessments May Lead to OCR HIPAA Settlements

by

Healthcare organizations cannot afford to skip out on conducting regular risk assessments, according to several recent OCR HIPAA settlements. Failing to identify potential risks and vulnerabilities in ePHI security could lead to healthcare data...

Why Latest OCR HIPAA Audits are About Compliance, Action

by

The Office for Civil Rights (OCR) announced the second round of its HIPAA audit program on July 11, 2016, sending out notification emails to 167 covered entities. The desk audits will review how healthcare organizations adhere to the HIPAA Privacy,...

OCR Aims to Improve Smaller Data Breach Investigation Process

by

Starting in August 2016, the Office for Civil Rights (OCR) will start an initiative to better investigate smaller data breaches. The data breach investigation process will look further into the root causes of incidents affecting fewer than 500...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks