Healthcare Information Security

HIPAA and Compliance News

Reviewing OCR HIPAA Guidance to Maintain Compliance

September 22, 2017 - Covered entities should not be afraid to regularly review OCR HIPAA guidance and ensure that they remain compliant, even as they add new technologies into the daily workflow, according to OCR Senior Advisor for HIPAA Compliance and Enforcement Iliana Peters. Peters presented a HealthITSecurity.com webcast earlier this week, discussing key areas of HIPAA compliance such as vendor risk management,...


Articles

How HIPAA Rules Apply with Law Enforcement Investigations

by

HIPAA rules are meant to protect patient information, but what happens when there is a law enforcement investigation? Are police officers allowed to demand PHI without a warrant? That issue was brought forth in August 2017 when video was released...

Mount Sinai St. Luke’s Sued Following HIPAA Violation

by

New York-based Mount Sinai St. Luke’s Hospital is being sued for faxing patient PHI to the patient’s employer, a reported HIPAA violation that has already resulted in an OCR HIPAA settlement. The Law Offices of Jeffrey Lichtman represent...

OCR Urges Disaster Recovery, Health Data Backup in Storm Prep

by

As healthcare organizations prepare for potential natural disasters, it is essential that they have contingency plans in place that include a data backup plan and disaster recovery plan, according to a recent OCR release. Hurricane Irma is predicted...

Kentucky HIPAA Violation Case Ruling Held by Appeals Court

by

A Kentucky hospital was found to have acted lawfully when it fired a nurse for committing a HIPAA violation, according to the Kentucky Court of Appeals. The Appeals Court held a lower court’s dismissal of the nurse’s claim that her...

OCR: Staff Training Key for Data Security, Avoiding Scams

by

Healthcare organizations should ensure they are implementing strong staff training measures to maintain data security in the wake of Hurricane Harvey, according to the August OCR Cybersecurity Newsletter. Potential scammers may try and take advantage...

HHS Reviews HIPAA Rules Following Hurricane Harvey

by

Healthcare providers can face numerous challenges during natural disasters, including adhering to HIPAA rules while working to provide proper patient care through an emergency. HHS recently released a bulletin to help guide covered entities through...

AHA Urges Reduced Data Sharing Barriers in HIPAA Regulations

by

Having reduced data sharing barriers in current HIPAA regulations is just one way Congress can help reduce the regulatory burden on hospitals, health systems and patients, according to the American Hospital Association (AHA). AHA highlighted...

How HIPAA Regulations Can Ease Information Blocking

by

Even with more healthcare organizations adopting EHRs and working through the Meaningful Use program, covered entities still struggle with health information exchange. However, HIPAA regulations could be a boon to providers, according to former...

Staying HIPAA Compliant in Patient Health Data Access Process

by

Last month, AHIMA released a new form designed to help both healthcare providers and patients better understand and utilize the patient health data access process. Patients have the right to their own information, but providers need to maintain...

OCR Stresses Employee Training Need in PHI Security

by

The need for strong employee training only increases as the healthcare risk landscape grows and threatens PHI security, according to the recent OCR cybersecurity newsletter. Data security training is necessary for combatting threats such as ransomware...

5 Lessons Learned in OCR HIPAA Settlements

by

Healthcare organizations cannot assume that they will never experience a data breach or data security incident. Failure to update safeguards or audit controls could also lead to an OCR HIPAA settlement, which could be paired with a high fine...

HHS Updates HIPAA Breach Reporting Tool, Empowers Consumers

by

The recently updated HIPAA Breach Reporting Tool (HBRT) will highlight recent healthcare data breaches and help consumers learn how such incidents are investigated, according to OCR. The agency explained in a statement that the new HBRT “features...

AHIMA Focuses on HIPAA Compliance in New Patient Data Form

by

AHIMA released a new form that streamlines the patient data request process and also maintains HIPAA compliance. Patient have the right to request access to their own information under HIPAA regulations, but are sometimes confused about the process....

HIPAA Regulations Not Applicable in TN Supreme Court Case

by

Medical authorization compliant with HIPAA regulations is not required when a pre-suit notice is sent to a single healthcare provider, according to a recent Tennessee Supreme Court ruling. In 2011, Deborah Bray filed a healthcare liability suit...

Cases Underline Audit Controls, Minimum Necessary Standard

by

Healthcare organizations of all sizes need to utilize proper audit controls to ensure that employees are remaining compliant and following proper procedure. Lacking administrative safeguards could lead to numerous types of malicious activity,...

Implementing HIPAA Technical Safeguards for Data Security

by

The push for digital health records is not going to slow down anytime soon, and as recent cases of ransomware attacks show, healthcare organizations must create comprehensive data security measures. HIPAA technical safeguards are just one key...

OCR Highlights Proper Healthcare Cyberattack Response

by

HIPAA covered entities and business associates must know the necessary steps to take following a healthcare cyberattack. Failing to either notify overseeing agencies or properly alert patients could lead to numerous issues for an organization....

OCR Newsletter Reviews Healthcare Cybersecurity Best Practices

by

Even the most current and comprehensive security controls cannot guarantee that PHI security will never be compromised, which is why healthcare cybersecurity best practices should be regularly reviewed. OCR’s May cybersecurity newsletter...

PHI Data Breach Leads to $387K OCR HIPAA Settlement

by

St. Luke’s-Roosevelt Hospital Center Inc. (St. Luke’s) settled alleged HIPAA violations from a PHI data breach by paying $387,000 in an OCR HIPAA settlement. Formerly Spencer Cox Center for Health (the Spencer Cox Center), New York-based...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks