HIPAA Compliance

HIPAA Compliance


10 HIPAA Breach Costs Healthcare Organizations Should Be Aware Of

November 14th, 2019

HIPAA Breaches can cost healthcare organizations millions. Healthcare data breaches typically cost more than data breaches in any other industry. In fact, the average cost of a healthcare data breach in the United States is $15 million.


Understanding HIPAA Right of Access- A Patient’s Right to Access their Medical Records

October 15th, 2019

According to a recent study there has been widespread noncompliance with the HIPAA right of access. In fact, more than half of the providers that were assessed in this report were either not fully compliant with the HIPAA law or it took multiple attempts before becoming compliant. (1)


What is Considered PHI Under HIPAA?

September 30th, 2019

PHI stands for Protected Health Information. According to the HIPAA Privacy Rule, protected health information is identifiable information related to the present, past, or future health status of a patient. It includes all personal health information that is created, collected, transmitted or maintained by a HIPAA-covered entity concerning the provision of healthcare or payment for healthcare services.


Direct Liability of Business Associates for HIPAA Noncompliance

September 3rd, 2019

According to the Department of Health and Human Services (HHS), business associates of HIPAA covered entities may be held liable for noncompliance of certain HIPAA rules and requirements. HHS has provided the following list of HIPAA violations that business associates can be held fully liable.


Average Cost of a Data Breach

August 20th, 2019

A recent report published by The Poneman Institute/IBM Security released a comprehensive analysis of data breaches reported in 2018. The report indicated that data breach costs have continued to increase, with healthcare organizations experiencing the costliest cases.


HIPAA Breach- 60 Days to Report a Breach

July 29th, 2019

The month of April proved to be a busy one for cyberterrorists, with reportedly more breaches than any previous month. The increasing rates of healthcare breaches continued in May, resulting in the exposure of almost 2 million individuals’ protected health information. So far this year, more than 6 million healthcare records have been exposed, which is more than half of the number of records exposed in 2018.


Needs Attention: New HIPAA Survey Questions Available On 8/1/19

July 22nd, 2019

In order to provide the most current and complete compliance policies and procedures, MedSafe is updating the HIPAA trainings and online HIPAA manuals including new policies and procedures. This change will go into effect on 8/1/2019. Due to these updates, after logging in after August 1st, you will notice new questions that will need to be answered in the HIPAA section of your Survey app. Please review these questions; which will each be clearly labeled as NEW 8/1/19; and type in your answers. Once you have filled in your answers, the HIPAA training and manual is updated automatically with this information. If you do not have our online manuals and would like to purchase please let us know.


HIPAA and Social Media

July 8th, 2019

In today’s social media era, companies all over the world benefit from the ease of using social networks to communicate quickly and efficiently with their customers. Although slower to adopt, the healthcare industry has also joined the social media craze.


AMCA Data Breach Effects Over 20 million Patients

June 14th, 2019

American Medical Collections Agency (AMCA), a company that provides billing collection services to healthcare organizations, confirmed that sometime between August 2018 and March 2019, an unauthorized user accessed its web payment system which included several healthcare clients and held millions of patient’s information.


Tips for Ensuring Your Remote Employees are HIPAA Compliant

May 8th, 2019

In today’s digital age, it should come as no surprise that the number of employees working from home has been steadily increasing over the past decade. In fact, in the last 15 years, telecommuting positions have grown by a whopping 140%. (1) While new technologies have made telecommuting more possible through easier and more efficient ways of transmitting data, it has also created increased risk of loss and disclosure of sensitive information.


Is Constant Contact HIPAA Compliant?

April 11th, 2019

Constant Contact, Inc. is an online marketing company, headquartered in Waltham, Massachusetts that provides an email marketing solution which makes it easy for companies to stay in contact with their customers through sending newsletters, updates, and email marketing messages. Many medical offices and healthcare facilities utilize constant contact to keep in touch with their patients.

However, one common question that is often asked, is whether or not Constant Contact is HIPAA Compliant?


We Have Just Experienced a Cyber Attack, What Do We Need to Do Now?

January 15th, 2019

Have you just experienced a ransomware attack or other cybersecurity incident, you may be wondering what to do next? Fortunately, the HHS, Office for Civil Rights (OCR) has provided a quick response checklist that explains step by step what a HIPAA covered entity or its business associate should do in response to an incident.

In the event of a cyber-attack or similar emergency an entity should:


Breach Notification- What Do Practices Need to Know?

December 4th, 2018

According to the HIPAA Breach Notification Rule, all covered entities and their business associates are required to report any breach of protected health information. It is essential to understand and implement all breach notification requirements or risk incurring financial penalties as high as $1,500,000 from state attorneys general and the HHS’ Office for Civil Rights.

What is a Breach?


HIPAA and MACRA/MIPS 2018- What You Need To Know

October 15th, 2018

As we move towards the end of the year, many practices and physicians are starting to consider the data they will need to submit under the MACRA/MIPS program. The MACRA/MIPS rules change slightly every year, and this year is no exception. Even though the rules have been adjusted, a basic requirement remains in place:


What is a Security Risk Assessment and Why Does My Practice Need One?

September 20th, 2018

According to the Health Insurance Portability and Accounting Act of 1996 (HIPAA) Security Rule covered entities (CEs) and business associates (Bas) that have access to electronic personal health information (EPHI) are required to implement safeguards necessary to protect it.

Continue reading...


OCR Guidance on Software Vulnerabilities and Patching

September 6th, 2018

Under the HIPAA security rule, HIPAA covered entities (CEs) and business associates (BAs) are required to protect their electronic personal health information (ePHI), which typically involves identifying and mitigating software vulnerabilities that could put (ePHI) at risk. It also includes conducting a risk analysis, and implementing actions that will reduce these risks.


Patch Management- What is Patch Management and Why Should You Care?

August 14th, 2018

Healthcare organizations nationwide remain focused on their IT security, as more and more cyberattacks wreak havoc across the industry. Within the last two years, nearly 50% of companies have experienced a data breach, and the severity of these attacks appear to be getting worse.


Business E-mail Compromise: How to Protect Your Organization

July 24th, 2018

In 2016, the FBI released a public service announcement warning that “business email compromise (BEC) scams have increased by 1,300% since 2015 and have cost businesses more than $3 billion. Making it a significant threat that businesses should be aware of to reduce the likelihood of becoming a victim.


Orangeworm is Wreaking Havoc on the Healthcare Sector

June 12th, 2018

According to a recent report by Symantec security firm, a cyber group called Orangeworm has targeted the healthcare industry and is wreaking its havoc across the sector worldwide. The group has been unleashing a malware known as Trojan.Kwampirs to gain remote access and compromise the computer systems of firms in the United States, Europe, and Asia. The purpose of the attacks is believed to be corporate espionage; their victims include healthcare providers, pharmaceutical firms, IT solution providers, and healthcare equipment manufacturers among others. (1)


HIPAA Compliance Tips for Mobile Data Security

May 16th, 2018

Nearly 4 out of 5 healthcare providers use a mobile device for professional purposes. These numbers continue to rise as healthcare organizations place an increased focus on efficiency and productivity. (1) Although mobile devices are incredibly efficient and convenient, they also harbor measurable risks for data breach and the exposure of protected health information (PHI).


1 2