HIPAA

5 Former Methodist Hospital Employees Indicted Over HIPAA Violations

by Jill McKeon

Five former employees of Tennessee-based Methodist Hospital have been indicted by a federal grand jury for committing HIPAA violations, the US Attorney’s Office for the Western District of...

VA Senator Seeks Feedback on Healthcare Cybersecurity Policy Options

by Jill McKeon

Senate Select Committee on Intelligence Chairman Mark R. Warner (D-VA) released a policy options paper entitled “Cybersecurity is Patient Safety,” to address key healthcare...

Exploring the HIPAA Privacy Rule’s Right of Access Provisions

by Jill McKeon

The HIPAA Privacy Rule’s right of access provisions ensure that patients can obtain access to their protected health information (PHI). Failure to do so may result in hefty monetary penalties and mandated corrective action...

OCR Settles Three HIPAA Right of Access Cases With Dental Practices

by Jill McKeon

The HHS Office for Civil Rights (OCR) resolved three HIPAA right of access cases with three dental practices. The resolutions bring OCR’s total number of cases to 41 since it launched the HIPAA...

OCR Settles 11 HIPAA Right of Access Cases

by Jill McKeon

The HHS Office for Civil Rights (OCR) announced 11 HIPAA Right of Access resolutions. OCR created the HIPAA Right of Access Initiative in 2019 to support patients' right to timely and...

Oklahoma State University Agrees to $875K OCR Data Breach Settlement

by Jill McKeon

Oklahoma State University – Center for Health Sciences (OSU-CHS) agreed to pay the HHS Office for Civil Rights (OCR) $875,000 in a data breach settlement. OSU-CHS also agreed to implement a...

Abortion Restrictions Clash With HIPAA, Patient Privacy Protections

by Jill McKeon

HIPAA clashes with patient privacy and health data protections relating to newly imposed abortion restrictions in several major ways, experts suggested in a recent JAMA Health Forum article. The...

Common HIPAA Administrative Safeguards Under The HIPAA Security Rule

by Editorial Staff

Under the HIPAA Security Rule, covered entities must implement physical, technical, and administrative safeguards to safeguard electronic protected health information (ePHI). These safeguards help...

CHI, MGMA Respond to OCR’s RFI On Recognized Security Practices Under HITECH

by Jill McKeon

The Connected Health Initiative (CHI) and the Medical Group Management Association (MGMA) both responded to the HHS Office for Civil Rights’ (OCR) request for information (RFI) surrounding...

What is the HIPAA Privacy Rule?

by Jill McKeon

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established national standards for the security and privacy of protected health information (PHI). HHS issued the HIPAA Privacy Rule and the HIPAA Security Rule to...

New Framework Helps Healthcare Assess Privacy, Security of Digital Health Apps

by Jill McKeon

The American College of Physicians (ACP), the American Telemedicine Association (ATA), and other industry leaders released a new framework to help providers and patients assess the...

Misconceptions About HIPAA, Interoperability, Information Blocking

by Jill McKeon

Since HIPAA was signed into law more than 25 years ago, misconceptions surrounding its purpose, reach, and limitations have persisted. The COVID-19 pandemic exacerbated those misconceptions—multiple public figures cited HIPAA as a...

Employee Email Warnings Reduce EHR Snooping, Unauthorized PHI Access

by Jill McKeon

Only 2 percent of healthcare employees who received an email warning after committing unauthorized protected health information (PHI) access carried out the same offense again, a research letter...

The Quest to Improve Security, Privacy of Third-Party Health Apps

by Jill McKeon

Third-party health applications fall outside HIPAA's purview, positioning them in a regulatory gray area where transparency, security, and privacy obligations are left open to interpretation. Consumers may not realize that the way...

OCR Seeks Public Input on Penalties, Security Measures Under HITECH

by Jill McKeon

HHS’ Office for Civil Rights (OCR) issued a request for information (RFI) seeking feedback on two requirements under the Health Information Technology for Economic and Clinical Health Act...

OCR Announces Four HIPAA Enforcement Actions

by Jill McKeon

The HHS Office for Civil Rights (OCR) announced four HIPAA enforcement actions to hold healthcare providers accountable for potential HIPAA violations. Two of the actions stemmed from OCR’s HIPAA...

Secondary Health Data Use Fails to Account for Clinical Ethics

by Jill McKeon

Electronic health data functions primarily to enable the delivery of healthcare services, a viewpoint article published in JAMA Network argued. Sharing that data for research and public health are...

Jackson Hospital Suffers Patient Data Exfiltration Incident

by Jill McKeon

Data exfiltration and improper protected health information (PHI) access were the cause of some recent healthcare data breaches. As data breaches continue to overwhelm the healthcare sector,...

HIPAA Technical Safeguards: A Basic Review

by Editorial Staff

While no healthcare organization can eliminate the possibility of facing a data breach, implementing HIPAA technical safeguards can go a long way toward mitigating cyber risk. Under the HIPAA Security...

Deadline to Report PHI Breaches Impacting Less Than 500 People Nears

by Jill McKeon

Under the HIPAA Breach Notification Rule, covered entities must report all protected health information (PHI) breaches to HHS. If the breach impacted more than 500 individuals, covered entities must...