HIPAA Security Rule

3 ways to prepare for impending HIPAA Security Rule updates

March 13, 2024 - In the decades since the HIPAA Security Rule was enacted, it has remained a crucial tool to covered entities and business associates as they navigate the multitude of cybersecurity risks that trouble the healthcare sector. HIPAA’s flexible and scalable nature allows covered entities to implement the technical, physical, and administrative safeguards that are reasonable for each...


More Articles

HHS, NIST Finalize Joint HIPAA Security Rule Guidance

by Jill McKeon

The HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published the final version of Special Publication (SP) 800-66 Revision 2, aimed at helping covered...

OCR Reaches $4.75M Settlement With NY Health System

by Jill McKeon

UPDATE 2/7/2024 - This article has been updated to include a statement from a Montefiore Medical Center spokesperson. The HHS Office for Civil Rights (OCR) announced a $4.75 million settlement with...

OCR Releases Educational Video on HIPAA Security Rule

by Jill McKeon

The HHS Office for Civil Rights (OCR) released an educational video to help covered entities understand how the HIPAA Security Rule can help them defend against cyberattacks. The video was produced in...

OCR Reaches $1.3M Settlement With LA Care Over Potential HIPAA Violations

by Jill McKeon

LA Care, a Los Angeles-based health plan, agreed to a $1.3 million settlement and corrective action plan (CAP) to resolve potential HIPAA violations uncovered during two HHS Office for Civil Rights...

Banner Health Pays $1.25M to Resolve HIPAA Security Rule Investigation

by Jill McKeon

The HHS Office for Civil Rights (OCR) settled with Banner Health following a HIPAA Security Rule investigation stemming from a 2016 data breach. Banner Health agreed to pay $1.25 million to OCR and...

How HITECH Recognized Security Practices Boost Healthcare Cybersecurity

by Jill McKeon

A 2021 amendment to the Health Information Technology for Economic and Clinical Health (HITECH) Act required the HHS Secretary to consider certain recognized security practices (RSPs) of covered entities and business associates when...

Top 3 HIPAA Compliance Challenges of This Year

by Jill McKeon

In the years since HIPAA was first enacted in 1996, technological and societal developments have left covered entities with no shortage of compliance challenges. This year was no exception. “This has been quite the year for those...

OCR Releases Video On Recognized Security Practices Under HITECH

by Jill McKeon

The HHS Office for Civil Rights (OCR) released an educational video presentation on recognized security practices (RSPs) under HITECH. Nick Heesters, senior advisor for cybersecurity at OCR, presented...

OCR Highlights HIPAA Security Rule Incident Response Procedures

by Jill McKeon

The HHS Office for Civil Rights (OCR) utilized its October newsletter to remind covered entities of their incident response obligations under the HIPAA Security Rule. The newsletter provided a...

NIST Updates Healthcare Cybersecurity, HIPAA Security Rule Guidance

by Jill McKeon

The National Institute of Standards and Technology (NIST) issued updated healthcare cybersecurity and HIPAA Security Rule guidance to aid organizations in safeguarding protected health information...

ONC, OCR Release Updated Version of HHS Security Risk Assessment (SRA) Tool

by Jill McKeon

The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) released version 3.3 of the HHS Security Risk Assessment (SRA) Tool. ONC and OCR...

Common HIPAA Administrative Safeguards Under The HIPAA Security Rule

by Editorial Staff

Under the HIPAA Security Rule, covered entities must implement physical, technical, and administrative safeguards to safeguard electronic protected health information (ePHI). These safeguards help...

Common HIPAA Physical Safeguards Under The HIPAA Security Rule

by Editorial Staff

HIPAA physical safeguards are an essential aspect to any covered entity’s PHI security, but could easily be overlooked. Technical safeguards and administrative safeguards could easily be pushed to...

What is the HIPAA Security Rule?

by Jill McKeon

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the HHS secretary to develop rules for safeguarding electronic protected health information (ePHI). Out of these requirements, HHS created the HIPAA Privacy...

Key Differences Between PHI and PII, How They Impact HIPAA Compliance

by Jill McKeon

Personally identifiable information (PII) and protected health information (PHI) may seem similar on the surface, but key distinctions set them apart. While PII is a catch-all term for any information...

OCR Settles with AEON Clinical for $25K Over Multiple HIPAA Failures

by Jessica Davis

Peachstate Health Management, doing business as AEON Clinical Laboratories, has settled with the Department of Health and Human Services Office for Civil Rights for $25,000 and agreed to a...

NIST Seeks Feedback on Guide to Implementing HIPAA Security Rule

by Jessica Davis

NIST announced it plans to update its Introductory Resource Guide for Implementing the HIPAA Security Rule and is seeking comment from industry stakeholders on proposed changes, including insights into...

OCR Settles With Business Associate CHSPSC for $2.3 Over Breach of 6M

by Jessica Davis

The Department of Health and Human Services Office for Civil Rights reached a $2.3 million settlement with CHSPSC, which provides services to hospitals and...

OCR: IT Asset Inventory Can Improve HIPAA-Required Risk Analysis

by Jessica Davis

The Office for Civil Rights recently shared a detailed list of IT asset inventory steps, which can help covered entities and their business associates better fulfill the HIPAA Security Rule...