Five former employees of Tennessee-based Methodist Hospital have been indicted by a federal grand jury for committing HIPAA violations, the US Attorney’s Office for the Western District of...
Senate Select Committee on Intelligence Chairman Mark R. Warner (D-VA) released a policy options paper entitled “Cybersecurity is Patient Safety,” to address key healthcare...
The HIPAA Privacy Rule’s right of access provisions ensure that patients can obtain access to their protected health information (PHI). Failure to do so may result in hefty monetary penalties and mandated corrective action...
The HHS Office for Civil Rights (OCR) resolved three HIPAA right of access cases with three dental practices. The resolutions bring OCR’s total number of cases to 41 since it launched the HIPAA...
The HHS Office for Civil Rights (OCR) announced 11 HIPAA Right of Access resolutions. OCR created the HIPAA Right of Access Initiative in 2019 to support patients' right to timely and...
Oklahoma State University – Center for Health Sciences (OSU-CHS) agreed to pay the HHS Office for Civil Rights (OCR) $875,000 in a data breach settlement. OSU-CHS also agreed to implement a...
HIPAA clashes with patient privacy and health data protections relating to newly imposed abortion restrictions in several major ways, experts suggested in a recent JAMA Health Forum article. The...
Under the HIPAA Security Rule, covered entities must implement physical, technical, and administrative safeguards to safeguard electronic protected health information (ePHI). These safeguards help...
The Connected Health Initiative (CHI) and the Medical Group Management Association (MGMA) both responded to the HHS Office for Civil Rights’ (OCR) request for information (RFI) surrounding...
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established national standards for the security and privacy of protected health information (PHI). HHS issued the HIPAA Privacy Rule and the HIPAA Security Rule to...
The American College of Physicians (ACP), the American Telemedicine Association (ATA), and other industry leaders released a new framework to help providers and patients assess the...
Since HIPAA was signed into law more than 25 years ago, misconceptions surrounding its purpose, reach, and limitations have persisted.
The COVID-19 pandemic exacerbated those misconceptions—multiple public figures cited HIPAA as a...
Only 2 percent of healthcare employees who received an email warning after committing unauthorized protected health information (PHI) access carried out the same offense again, a research letter...
Third-party health applications fall outside HIPAA's purview, positioning them in a regulatory gray area where transparency, security, and privacy obligations are left open to interpretation. Consumers may not realize that the way...
HHS’ Office for Civil Rights (OCR) issued a request for information (RFI) seeking feedback on two requirements under the Health Information Technology for Economic and Clinical Health Act...
The HHS Office for Civil Rights (OCR) announced four HIPAA enforcement actions to hold healthcare providers accountable for potential HIPAA violations. Two of the actions stemmed from OCR’s HIPAA...
Electronic health data functions primarily to enable the delivery of healthcare services, a viewpoint article published in JAMA Network argued. Sharing that data for research and public health are...
Data exfiltration and improper protected health information (PHI) access were the cause of some recent healthcare data breaches.
As data breaches continue to overwhelm the healthcare sector,...
While no healthcare organization can eliminate the possibility of facing a data breach, implementing HIPAA technical safeguards can go a long way toward mitigating cyber risk.
Under the HIPAA Security...
Under the HIPAA Breach Notification Rule, covered entities must report all protected health information (PHI) breaches to HHS. If the breach impacted more than 500 individuals, covered entities must...