HIPAA Compliance

HIPAA Compliance


10 Best Practices for HIPAA Compliance

August 31st, 2017

A failure to understand HIPAA requirements can be a very costly mistake, as CardioNet learned just a couple months ago. In April, the wireless health services provider agreed to a settlement of $2.5 million for a potential noncompliance with the HIPAA Privacy and Security Rules. (1) The violation occurred when a company laptop containing the ePHI of 1,391 individuals was stolen from an employee’s vehicle parked outside their home.


World’s Largest Cyber-Attack

June 20th, 2017

Recently the world’s largest cyber-attack unleashed its havoc across 150 countries crippling more than 300,000 victims and hundreds of organizations worldwide. Hospitals, universities, government offices, and large business were among those affected, including sixteen NHS hospitals in the UK. Many of them had to cancel surgeries, appointments, and send patients elsewhere due to the fallout.


The Real Cost of a Data Breach

May 24th, 2017

Healthcare data breaches are costing the U.S. healthcare industry nearly $6.2 billion each year. (2) In fact, healthcare has the highest cost per breached record of any other industry. Why?


$5.5 Million Breach Settlement: Second Largest Fine to Date

April 17th, 2017

Last month, Memorial Healthcare System (MHS) agreed to implement a comprehensive corrective action plan and pay a 5.5-million-dollar settlement for the breach of protected health information (PHI) that affected over 100,000 individuals. This is the second largest fine against a covered entity to date, sending a strong message that audit controls will be a key focus for the future. (1)


HIPAA Audits of Covered Entities and Business Associates

April 3rd, 2017

In August, Advocate Health Care Network agreed to pay a $5.55 million settlement with the U.S. Department of Health and Human Services Office for Civil Rights (OCR), for multiple HIPAA violations. In addition, HHS also recently announced a $650,000 resolution settlement against the Catholic Health Care Services of the Archdiocese of Philadelphia.


HIPAA Audits of Covered Entities and Business Associates

November 15th, 2016

In August, Advocate Health Care Network agreed to pay a $5.55 million settlement with the U.S. Department of Health and Human Services Office for Civil Rights (OCR), for multiple HIPAA violations. In addition, HHS also recently announced a $650,000 resolution settlement against the Catholic Health Care Services of the Archdiocese of Philadelphia.


The Basics on Business Associates and Contract Agreements

October 24th, 2016

What is a Business Associate?

Business associates are considered any third-party contractor that performs work or activities on behalf of a healthcare organization or covered entity that involve the use or disclosure of protected health information (1).


Curiosity Has Its Cost

October 11th, 2016

In June, the victims of the horrific Orlando shooting at Pulse Nightclub were also victims of a privacy breach when their personal health information was accessed without authorization by a few curious employees at Orlando Health Hospital. The hospital confirmed that employees have previously received HIPAA training on patient privacy. However, they are now retraining staff and increasing auditing and monitoring of patient records in response to the breach. Experts say the hospital could be responsible for penalties up to $100,000 depending on the severity. A high price for personal curiosity.


HIPAA Section 1557 Language Access Requirements

September 27th, 2016

Section 1557 is the non-discrimination provision of the Affordable Care Act (ACA) that protects individuals from discrimination in health care based on race, color, national origin, age, disability, and sex; including discrimination based on pregnancy, gender identity and sex stereotyping.


OCR Releases New HIPAA Guidance on Ransomware

July 22nd, 2016

​In 2015, Ransomware cost the US Healthcare industry nearly 6 billion dollars. Even more concerning is that there has been a 300% increase in ransomware attacks in 2016, according to a recent report from the U.S. Government.


A Patient’s Right to Access Medical Records

June 15th, 2016

Most medical practices, healthcare organizations, and clinicians are very familiar with HIPAA rules and regulation. However, the law can be extensively complicated and is often a source of confusion and misinterpretation. According to the Office for Civil Rights (OCR), one of the most common complaints and frequently misunderstood parts of the law involves a patient’s right to access their personal medical records.


Keeping Your Patients Medical Data Safe

May 17th, 2016

Cyber criminals and hackers are targeting the healthcare industry at staggering rates, and huge profits are being made on the black market from patient’s PHI (personal healthcare information). PHI is said to be ten times more valuable than credit card information because it contains highly sensitive data such as social security numbers, birth dates, addresses, credit card information, telephone numbers, Medicare numbers, and prescriptions.


Phase 2 of HIPAA Audit Program Now Underway

March 28th, 2016

On March 21, 2016, The HHS Office for Civil Rights (“OCR”) announced that the Phase 2 of HIPAA audits are now underway. The purpose of the audits is to assess the compliance of covered entities and business associates with HIPAA Privacy, Security and Breach Notification Rules.


7 Most Common HIPAA Violations That Can Cost Your Practice

February 17th, 2016

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was established to set national standards for the confidentiality, security, and transmissibility of personal health information. Violations of this Act can result in substantial fines to a practice ranging from $100 to $1.5 million.


Are you too BIG or too SMALL to have a breach?

March 12th, 2015

Regardless of whether or not you are a big company or a small company, you can still be subjected to a breach.  Today’s hackers are professionals.  Hackers have one thing in mind, “YOU”, not you as a person, but you, who has information that will benefit only “THEM”. 
Hackers are looking...


Safeguarding Confidential Information is not just a HIPAA Obligation

July 30th, 2014

What if one of your friends asks you questions about your current job duties, and what it is your organization does. What information would you share? Should you only be concerned with HIPAA obligations?

Safeguarding Confidential Information is not just a HIPAA Obligation
Throughout your career you may be asked questions about...


The Security Risk Analysis: An Essential Step Towards HIPAA Compliance

November 11th, 2013

This article was written by Karen Pass, Senior Compliance Specialist with MedSafe.
There are many important elements to implementing an effective HIPAA Program, but none are more important than completing a security risk analysis. Conducting a risk analysis will give your practice an accurate and thorough assessment of the potential risks...