Healthcare Information Security

HIPAA Compliance

OCR Guidance Tackles PHI Research Use Under HIPAA Privacy Rule

June 15, 2018 - OCR has issued new guidance on the HIPAA Privacy Rule that explains certain requirements for an authorization to use or disclose PHI for research and clarifies aspects of the individual’s right to revoke an authorization. The guidance implements a mandate in the 21st Century Cures Act of 2016, which is designed to speed up the drug approval process and improve medical research, to streamline...


More Articles

HIPAA Security Rule Risk Analysis Remains Source of Confusion

by Fred Donovan

Widespread confusion in the healthcare industry continues to persist about OCR risk analysis requirements under the HIPAA Security Rule, according to legal experts David Gacioch and Edward Zacharias of McDermott Will & Emery. Failure to perform...

New York Suspends Nurse for HIPAA Violation Affecting 3K Patients

by Fred Donovan

The state of New York has suspended Martha Smith-Lightfoot, a former nurse at the University of Rochester Medical Center (URMC), for a HIPAA violation. Smith-Lightfoot admitted to disclosing PHI when she took a list of more than 3,000 patients...

Did EMS Worker Commit HIPAA Violation With Facebook Post?

by Fred Donovan

Did an emergency medical services (EMS) worker in Roane County, Tennessee, commit a HIPAA violation with a Facebook post that described the peculiar location of an emergency response—a chicken coop? The EMS worker was part of a team...

Why Email Failed To Replace Fax For Secure Document Exchange

by J2 Global

Sharing PHI in a HIPAA-compliant fashion using current health IT infrastructure continues to prove a pain point for covered entities.                                                                                                    ...

Personal Injury Attorney Ads Could Raise Patient Privacy Issues

by Fred Donovan

In a new trend that could raise patient privacy concerns, personal injury attorneys and marketers are using geofencing technology to deliver targeted advertisements to patients’ mobile phones when they visit emergency rooms or clinics,...

HIPAA Security Rule Requires Physical Security of Equipment

by Fred Donovan

While most HIPAA Security Rule violations involve electronic data breaches, healthcare providers and business associates could also face a violation for failing to physically secure computers and other equipment holding PHI. The HIPAA Security...

Cloud Security, HIPAA Compliance Deter Hospitals from Cloud

by Fred Donovan

Cloud security, HIPAA compliance, and privacy are the three primary concerns for hospital CIOs who have considered using cloud-based applications, according to a survey of 175 healthcare IT professionals by cloud-based digital health platform...

Judge Upholds Doc’s Conviction for Criminal HIPAA Violation

by Fred Donovan

US District Judge Mark G. Mastroianni upheld May 16 a federal jury’s earlier conviction of Rita Luthra, a Springfield, Massachusetts-based gynecologist, for a criminal HIPAA violation and obstructing a criminal healthcare investigation. ...

Steward Must Satisfy Jury Doc Got Sacked for HIPAA Violation

by Fred Donovan

A Massachusetts federal judge ruled May 16 that Boston-based Steward Healthcare System must convince a jury that it fired a psychiatrist for an alleged HIPAA violation, not in retaliation for his taking disability leave after contracting pneumonia,...

OCR To Share HIPAA Data Breach Settlements With Victims

by Fred Donovan

OCR is proposing to share a percentage of HIPAA data breach settlements with victims, as required by the HITECH law. In the HHS semiannual regulatory agenda, OCR said it is soliciting the public’s view on establishing a methodology for...

Does EHR Patient Access Fall Short of HIPAA Compliance?

by Fred Donovan

Patients and healthcare organizations face numerous challenges when providing EHR patient access for HIPAA compliance, according to a report released May 14 by the Government Accountability Office (GAO). Among the challenges faced by patients...

Amazon’s Alexa Healthcare Team Bones Up on HIPAA Compliance

by Fred Donovan

Amazon is becoming very familiar with HIPAA compliance requirements as part of its effort to expand the Alexa digital assistant’s role in providing healthcare information and advice, CNBC is reporting. Amazon has set up a health and wellness...

Healthcare Providers Score High on Ransomware Attack Mitigation

by Fred Donovan

Researchers have found that healthcare providers are doing a good job of implementing recommendations in the ONC SAFER Guides’ contingency planning guide, which was updated last year to incorporate strategies for ransomware attack mitigation....

Navy, USAF Could Face HIPAA Violation Fines for Lax EHR Security

by Fred Donovan

The US Navy and US Air Force have poor security practices for their electronic health record (EHR) systems and could face millions of dollars in HIPAA violation fines if action is not taken to correct these problems, warned the Department of...

House Debates Bill to Align SUD Rules with HIPAA Privacy Rule

by Fred Donovan

Supporters and opponents of a bill that would align privacy protections for substance use disorder (SUD) patients with the HIPAA Privacy Rule faced off during a May 8 hearing of the House Energy and Commerce Committee’s health subcommittee....

Massachusetts Physician Convicted of Criminal HIPAA Violation

by Fred Donovan

A federal jury has convicted Rita Luthra, a Springfield, Massachusetts-based gynecologist, of a criminal HIPAA violation and obstructing a criminal healthcare investigation, US Department of Justice (DoJ) announced April 30. DoJ alleged that...

Helping Struggling Hospitals Recover from Ransomware Attacks

by Fred Donovan

The biggest cybersecurity issue for hospitals is response and recovery from ransomware attacks, observed Fernando Martinez, senior vice president and chief digital officer at the Texas Hospital Association and president/CEO of Texas Hospital...

Gap Analysis Not Enough for HIPAA Security Rule, Says OCR

by Fred Donovan

A gap analysis can be used to discover where problems exist in securing electronic protected health information (ePHI), but it is not a substitute for a comprehensive risk analysis required by the HIPAA Security Rule, the Office for Civil Rights...

Employee Fired for HIPAA Violation Gets Personal Data from Agency

by Fred Donovan

Tracy Ryans, a former employee of the Texas Health and Human Services Commission fired for an alleged HIPAA violation, recently received a box full of state assistance applications chock full of personal information from her former employer,...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks