Healthcare Information Security

HIPAA

OCR Guidance Tackles PHI Research Use Under HIPAA Privacy Rule

June 15, 2018 - OCR has issued new guidance on the HIPAA Privacy Rule that explains certain requirements for an authorization to use or disclose PHI for research and clarifies aspects of the individual’s right to revoke an authorization. The guidance implements a mandate in the 21st Century Cures Act of 2016, which is designed to speed up the drug approval process and improve medical research, to streamline...


More Articles

Did EMS Worker Commit HIPAA Violation With Facebook Post?

by Fred Donovan

Did an emergency medical services (EMS) worker in Roane County, Tennessee, commit a HIPAA violation with a Facebook post that described the peculiar location of an emergency response—a chicken coop? The EMS worker was part of a team...

Personal Injury Attorney Ads Could Raise Patient Privacy Issues

by Fred Donovan

In a new trend that could raise patient privacy concerns, personal injury attorneys and marketers are using geofencing technology to deliver targeted advertisements to patients’ mobile phones when they visit emergency rooms or clinics,...

HIPAA Security Rule Requires Physical Security of Equipment

by Fred Donovan

While most HIPAA Security Rule violations involve electronic data breaches, healthcare providers and business associates could also face a violation for failing to physically secure computers and other equipment holding PHI. The HIPAA Security...

Judge Upholds Doc’s Conviction for Criminal HIPAA Violation

by Fred Donovan

US District Judge Mark G. Mastroianni upheld May 16 a federal jury’s earlier conviction of Rita Luthra, a Springfield, Massachusetts-based gynecologist, for a criminal HIPAA violation and obstructing a criminal healthcare investigation. ...

Steward Must Satisfy Jury Doc Got Sacked for HIPAA Violation

by Fred Donovan

A Massachusetts federal judge ruled May 16 that Boston-based Steward Healthcare System must convince a jury that it fired a psychiatrist for an alleged HIPAA violation, not in retaliation for his taking disability leave after contracting pneumonia,...

Does EHR Patient Access Fall Short of HIPAA Compliance?

by Fred Donovan

Patients and healthcare organizations face numerous challenges when providing EHR patient access for HIPAA compliance, according to a report released May 14 by the Government Accountability Office (GAO). Among the challenges faced by patients...

House Debates Bill to Align SUD Rules with HIPAA Privacy Rule

by Fred Donovan

Supporters and opponents of a bill that would align privacy protections for substance use disorder (SUD) patients with the HIPAA Privacy Rule faced off during a May 8 hearing of the House Energy and Commerce Committee’s health subcommittee....

Massachusetts Physician Convicted of Criminal HIPAA Violation

by Fred Donovan

A federal jury has convicted Rita Luthra, a Springfield, Massachusetts-based gynecologist, of a criminal HIPAA violation and obstructing a criminal healthcare investigation, US Department of Justice (DoJ) announced April 30. DoJ alleged that...

Senate Bill Has Version of Jessie’s Law, Not Aligned with HIPAA Privacy Rule

by Fred Donovan

The Senate Health, Education, Labor and Pensions Committee this week passed the Opioid Crisis Response Act of 2018 (S 2680) with a broad range of measures to combat the opioid epidemic, including a version of Jessie’s Law that allows for...

73 Percent of Medical Professionals Share Passwords for EHR Access

by Kate Monica

A recent study examined the prevalence of password sharing among healthcare providers and found nearly three-quarters of surveyed medical professionals have used another staff member’s password to obtain EHR access at work. The study by...

CO Hospital Email Breach Possibly Exposes PHI of 3.4K Families

by Kate Monica

Children’s Hospital Colorado recently informed patients of a potential security breach possibly affecting the PHI of nearly 3,400 patient families. On July 11, 2017, Children’s Colorado discovered an employee’s email account...

Tewksbury Hospital PHI Data Breach Threatens 1K Patients

by Kate Monica

Massachusetts-based Tewksbury Hospital recently discovered evidence of an incident of unauthorized EHR access potentially creating a PHI data breach. In April of 2017, a former Tewksbury Hospital patient stated an unauthorized individual may...

Memorial Hermann Agrees to $2.4M OCR HIPAA Settlement

by Elizabeth Snell

Texas-based Memorial Hermann Health System (MHHS) recently agreed to a $2.4 million OCR HIPAA settlement following multiple allegations of inappropriate PHI disclosure. OCR conducted a compliance review after numerous media reports claimed that...

HIPAA Compliance Knowledge Growing Amongst Healthcare Pros

by Sara Heath

Healthcare organizations are doing more to remain HIPAA compliant compared to two years ago, says NueMD’s 2016 HIPAA Survey Update. The survey looked at HIPAA compliance trends amongst 927 healthcare professionals as a follow-up to a similar...

Congress Seeks Clarification of HIPAA Rules for mHealth Apps

by Sara Heath

The Department of Health and Human Services (HHS) is not making a distinct enough effort to clarify HIPAA security regulations for mHealth app use and development, according to a letter from members of Congress. In November 2014, HHS committed...

Maintaining HIPAA Compliance in Social Media Interaction

by Savanna Myer of Evariant

Social media is everywhere – it’s used as a way to reach friends, family, consumers and even patients. In the healthcare industry, users of social media must be aware that there is a fine line between personal and professional information...

ONC Discusses HIPAA Regulation in Care Coordination

by Sara Heath

The Office of the National Coordinator for Health IT (ONC) has posted its third blog post in its series on HIE security under HIPAA regulation, this week covering how covered entities can exchange information for care coordination and care management...

Understanding HIPAA Compliance, Violation Concerns

by Elizabeth Snell

Regardless of a healthcare organization’s size, HIPAA compliance must remain a top priority. This is especially critical as technology continues to evolve and more covered entities continue to implement innovative tools such as mobile devices...

How must mHealth App Developers Follow HIPAA Regulations?

by Sara Heath

The Office for Civil Rights (OCR) has added a list of health app use scenarios in which HIPAA regulations would apply, helping to educate mHealth app developers on how to create apps that abide by HIPAA and that protect user and patient privacy....

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks