Healthcare Information Security

HIPAA Security Rule

Wyoming Seeks to Repeal Hospital Privacy Regulation for HIPAA Clarity

February 6, 2019 - Wyoming state senators recently proposed a bill that would clarify regulations around patient privacy in the state. Introduced on Tuesday, the legislation would repeal the state’s Hospital Records Act of 1991, which was designed to protect patient privacy rights in regards their medical records. The state law sought to provide patients with protections that federal laws did...


More Articles

Could HIPAA be Repealed, Replaced with a Unified Federal Privacy Law?

by Jessica Davis

The Information Technology and Innovation Fund is recommending a repeal of privacy regulations across the U.S., including HIPAA, to replace the patchwork of federal laws with a unified approach. Among its recommendations, ITIF is calling...

2.65M Atrium Health Patient Records Breached in Third-Party Vendor Hack

by Jessica Davis

The data of more than 2.65 million Atrium Health patients was breached for a week-long period, due to a cyberattack on the health system’s billing vendor AccuDoc Solutions in September. The North Carolina billing vendor prepares...

Arizona MCOs Fail OIG Security Audit, Putting Medicaid Data at Risk

by Jessica Davis

A Department of Health and Human Service Office of Inspector General audit of two Arizona Managed Care Organizations found significant, security vulnerabilities in its information systems, which call into question the integrity of the...

AMIA Calls for Federal Alignment of Health Data Privacy Policies

by Jessica Davis

The American Medical Informatics Association is calling on the Trump Administration to better align data privacy policies from both the health and consumer sectors. In a letter to the National Telecommunications and Information...

SRA Tool 3.0 Expands Application to More Health Data Security Risks

by Fred Donovan

OCR and ONC have updated their security risk assessment (SRA) tool (3.0) to improve usability and expand its application to a broader range of health data security risks. The agencies developed the tool to help small to medium-sized...

HIPAA Security Rule Requires Secure Disposal of ePHI-Laden Devices

by Fred Donovan

The HIPAA Security Rule requires HIPAA covered entities and business associates to implement policies and procedures regarding the secure disposal and re-use of electronic devices and media containing ePHI so that ePHI cannot be retrieved,...

HATA Says PMS Vendors Want to Remain HIPAA Business Associates

by Fred Donovan

Currently, practice management software (PMS) vendors are considered HIPAA business associates  and therefore subject to the HIPAA Privacy and Security Rules, but not the HIPAA transactions and codes set requirements. The Healthcare...

Secure Healthcare Data Sharing Not a Priority for Some Workers

by Fred Donovan

Some healthcare workers don’t follow best practices for secure healthcare data sharing, according to a survey of 1,000 US workers by Igloo Software. Thirty percent of healthcare workers use non-approved apps in the workplace because...

Software Patching Integral to PHI Data Security, HIPAA Compliance

by Fred Donovan

Healthcare organizations and vendors are responsible for identifying and mitigating the risks unpatched software poses to ePHI as part of their HIPAA compliance, OCR advised in its June Cybersecurity Newsletter. As part of their risk...

Judge Upholds $4.3M Fines against MD Anderson for HIPAA Violations

by Fred Donovan

An HHS Administrative Law Judge (ALJ) ruled that the University of Texas MD Anderson Cancer Center (MD Anderson) must pay $4.3 million in civil money penalties for HIPAA violations. The judge backed OCR in its proposed determination,...

HIPAA Security Rule Risk Analysis Remains Source of Confusion

by Fred Donovan

Widespread confusion in the healthcare industry continues to persist about OCR risk analysis requirements under the HIPAA Security Rule, according to legal experts David Gacioch and Edward Zacharias of McDermott Will & Emery. Failure...

HIPAA Security Rule Requires Physical Security of Equipment

by Fred Donovan

While most HIPAA Security Rule violations involve electronic data breaches, healthcare providers and business associates could also face a violation for failing to physically secure computers and other equipment holding PHI. The HIPAA...

Amazon’s Alexa Healthcare Team Bones Up on HIPAA Compliance

by Fred Donovan

Amazon is becoming very familiar with HIPAA compliance requirements as part of its effort to expand the Alexa digital assistant’s role in providing healthcare information and advice, CNBC is reporting. Amazon has set up a health and...

Gap Analysis Not Enough for HIPAA Security Rule, Says OCR

by Fred Donovan

A gap analysis can be used to discover where problems exist in securing electronic protected health information (ePHI), but it is not a substitute for a comprehensive risk analysis required by the HIPAA Security Rule, the Office for Civil...

HIPAA Compliance Gap Between Compliance Officers, Regulators

by Fred Donovan

There is a large gap between the priorities of healthcare compliance officers and regulators when it comes to HIPAA compliance, according to a survey of 388 healthcare organizations by SAI Global and Strategic Management...

HIPAA Covered Entities Get Pass on OR Data Breach Notification Law

by Fred Donovan

HIPAA covered entities in Oregon are exempt from a new requirement that organizations in the state report data breaches within 45 days of discovery. Oregon Governor Kate Brown signed into law at the end of March amendments (Senate Bill...

Top Reminders for Implementing a HIPAA Contingency Plan

by Elizabeth Snell

Healthcare organizations must ensure they have a current HIPAA contingency plan in place to prepare for all types of adverse events, including natural disasters and cybersecurity attacks, according to the latest OCR Cybersecurity...

Stakeholders Desire Clarification on Secure Data Exchange in TEFCA

by Elizabeth Snell

ONC must further clarify secure data exchange aspects in its Trusted Exchange Framework and Common Agreement (TEFCA) draft, and also explain how HIPAA regulations will apply, according to industry stakeholders. One of the TEFCA principles...

Amended Data Privacy Law Proposed in Colorado Legislature

by Elizabeth Snell

The Colorado House Committee on State, Veterans, and Military Affairs unanimously approved an amended data privacy law that would require entities to implement “reasonable security procedures” to protect consumers’...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...