HIPAA Compliance

HIPAA Compliance


Why Is HIPAA Important?

May 24th, 2022

Most healthcare professionals are told that HIPAA is important and that there are severe consequences for noncompliance. However, there are often few discussions about why it is so important.


Tips for Preventing Insider Threats in Healthcare

May 4th, 2022

Healthcare data breaches have been occurring at record levels, but not all privacy and security threats come from outside the organization. The Department of Health and Human Services' Health Sector Cybersecurity Coordination Center (HCC) recently issued a warning about insider threats.

What is an insider threat?


OCR Encourages HIPAA Entities to Strengthen Cybersecurity Posture

April 14th, 2022

Recently, the Director of the HHS’ Office for Civil Rights, Lisa J. Pino, issued a statement encouraging HIPAA covered entities and business associates to strengthen their cybersecurity posture this year in light of the increasing rates of cyberattacks across the healthcare industry.

The last year was particularly damaging for healthcare organizations due to hackers taking advantage of the COVID-19 pandemic.


What You Need to Know About HIPAA Consent Forms

March 15th, 2022

What is a HIPAA Consent Form?

A signed HIPAA consent form must be obtained from a patient before their protected health information (PHI) can be shared with any other individuals or organizations, except in the case of routine disclosures for treatment, payment or healthcare operations as permitted by the HIPAA Privacy Rule. The disclosure of medical records without a HIPAA authorization form is a HIPAA violation.


Reminder- The Deadline is Approaching for Reporting Small HIPAA Breaches

February 17th, 2022

This is a reminder that the HIPAA Breach reporting deadline is less than two weeks away, which means HIPAA breaches involving fewer than 500 individuals which occurred during 2021 must be reported to the U.S. Department of Health and Human Services (HHS) no later than Tuesday, March 1, 2022.

The HIPAA Breach Notification Rule places a strict time limit on the issuing of notifications and reporting of data breaches of individuals whose protected health information has been exposed. For breaches of PHI, notification letters to individuals affected must be sent within 60 days from the date of discovery and without reasonable delay.


Accidental HIPAA Violations

February 8th, 2022

Most healthcare providers make every effort to ensure that HIPAA rules are followed, but sometimes accidents occur. What happens when there is an accidental HIPAA violation? How should an employee report an accidental HIPAA violation?


HIPAA Breach Reporting Deadline (03/01/2022)

February 1st, 2022

The HIPAA Breach reporting deadline is less than a month away. Which means any breaches involving 500 individuals or less must be reported to the U.S. Department of Health and Human Services (HHS) no later than Monday, March 1, 2022.

What is a Data Breach?


Top 7 Most Common Questions on HIPAA and COVID-19

January 6th, 2022

As we turn the page on 2021 and embark on 2022, many are hopeful that this year we will finally return to normalcy. But as Omicron surges across the nation at record breaking-rates, Americans have become tired and weary of what has seemed like a never-ending pandemic.

Government officials, hospitals, physicians, healthcare workers and employers have pleaded with Americans to protect themselves and others through vaccinations, boosters, social distancing and masking. But with all of the vaccination and mask mandates sparking controversy, there has been a degree of confusion regarding privacy rights and HIPAA when it comes to vaccination status.


HIPAA Breach Reporting Rules Deadline Approaches

February 11th, 2021

The HIPAA Breach reporting deadline is less than a month away. Which means any breaches involving 500 individuals or less must be reported to the U.S. Department of Health and Human Services (HHS) no later than Monday, March 1, 2021.


COVID-19 Cybercrime: 4 Tips to Protect Your Practice

November 23rd, 2020

Crimes of opportunity have been increasing during the COVID-19 pandemic, and cybercrime is no exception. The FBI recently reported that cyberattacks have increased to as much as 4,000 more per day, representing a 400% increase from pre-coronavirus numbers.

Cybercriminals are using phishing attacks, malspam, and Ransomware to send fraudulent emails regarding COVID-19 as bait. They are preying on the vulnerable and their anxieties created by COVID-19. While health care facilities and providers have been busy providing care to COVID patients, they have been overwhelmingly targeted by attackers. Regardless of your practice size or location, there are ways to help safeguard your practice almost immediately.


Beware of Increased Cybersecurity Threats During Coronavirus

October 26th, 2020

The COVID-19 pandemic has not only infected the entire globe with a health crisis like never seen before. It has changed our lives, families, businesses, work and our security. It has brought about new risks and challenges in the workplace, with cyberspace being no exception.


How Employees Can Stay HIPAA Compliant While Working at Home During COVID-19

October 8th, 2020

COVID-19 has forced millions of individuals nationwide to work from their homes, enabling them to social distance and reduce the risk of virus transmission. In fact, research by Gallop found that three in five U.S. workers have been telecommuting during the coronavirus pandemic.

While telecommuting can provide many benefits, it can also pose significant challenges for healthcare organizations required to follow Health Insurance Portability and Accountability Act’s (HIPAA) rules and guidelines.


Is Contacting COVID Patients for Blood and Plasma HIPAA Compliant?

September 15th, 2020

Recently, there has been some confusion on whether or not the utilization of personal health information (PHI) to contact patients who have recovered from COVID-19 to provide them with information about donating blood and plasma donations would be permitted under the HIPAA Privacy Rule.


What You Need to Know about COVID-19 and HIPAA

August 31st, 2020

The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued guidance and clarity regarding disclosures of protected health information (PHI) during the Coronavirus (COVID-19) global pandemic.


Office of Civil Rights (OCR) at HHS Statement

March 18th, 2020

Notification of Enforcement Discretion for Telehealth Remote Communications during the COVID-19 Nationwide Public Health Emergency


Report: Most Common Cyberattacks Faced by Healthcare Organizations

February 13th, 2020

A recent report from Proofpoint provides insights into the most common attacks faced by healthcare organizations. To help better understand the evolving cyberthreat landscape, the report analyzed a year of cyberattacks against healthcare providers, pharmaceutical and life sciences organizations, and health insurers between 2018-2019.


HHS Notice Regarding Individuals’ Right of Access to Health Records

February 5th, 2020

On January 28, 2020, The Department of Health and Human Services (HHS) released a notice regarding legislative modifications made to the HIPAA Omnibus Final Rule of 2013.


BULLETIN: HIPAA Privacy and Novel Coronavirus

February 4th, 2020

In light of the Novel Coronavirus (2019-nCoV) outbreak, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) is providing this bulletin to ensure that HIPAA covered entities and their business associates are aware of the ways that patient information may be shared under the HIPAA Privacy Rule in an outbreak of infectious disease or other emergency situation, and to serve as a reminder that the protections of the Privacy Rule are not set aside during an emergency.


Emergency Directive to Mitigate Windows Vulnerabilities

January 20th, 2020

The US Department of Health and Human Services just released an emergency directive to notify the Health and Public Health Sector of significant vulnerabilities identified in the Microsoft Windows Operating Systems.


Protect Your Organization from Cyberterrorism!

January 6th, 2020

Cyberterrorism is on the rise, and this includes phishing attacks. According to a recent report from Verizon, 90% of all data breaches are linked to phishing attacks. With the average cost of a successful phishing attack for a medium-sized business totalling $1.6 million, it is critical to ensure employees are educated on how to identify these scams before they cause catastrophic damage.


1 2 3 4