Addressable vs Required Specifications in the HIPAA Security Rule

HIPAA was signed into effect in 1996 with the goal of protecting the privacy and individual rights of healthcare patients. Since then, it's been updated several times, with one of the most notable changes being the addition of the Security Rule. The Security Rule differs from the Privacy Rule in the sense that it focuses specifically on ePH). In comparison, the Privacy Rule pertains to all forms of PHI.

Why the HIPAA Security Rule is 'Technology Neutral'

While HIPAA was signed into effect on 1996, it wasn't until 2003 when the HHS issued the Security Rule. The Security Rule is intended to compliment the Privacy Rule, focusing specifically on ePHI. This was needed because many doctors and covered entities were transitioning from paper files to electronic media; thus, creating a need for new security standards to protect electronic patient information.

HIPAA and Verbal PHI Disclosures: What You Should Know

When most doctors think of Protected Health Information (PHI), they automatically associate it with paper and digital files. Under the Health Insurance Portability and Accountability Act (HIPAA), such files can certainly be classified as PHI, assuming they contain personal information about a patient. However, speech is another form of PHI that shouldn't be overlooked.

HIPAA Fines Increase by 10%, According to New Interim Rule

The Department of Health and Human Services (HHS) has issued a new interim fine rule that includes adjustments to the civil monetary penalty amounts for Health Insurance Portability and Accountability Act (HIPAA) violations.

Can Covered Entities Reuse Electronic Media on Which ePHI is Stored?

This is a question that many doctors, chiropractors, dentists and other covered entities ask. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 requires all covered entities to comply with the Security and Privacy Rules. The Security Rule specifically addresses Electronic Protected Health Information (ePHI), while the Privacy Rule covers all forms of PHI.

ONC Publishes Fact Sheet on HIPAA Data Sharing

The Office of the National Coordinator for Health IT Technology (ONC) and Office for Civil Rights (OCR) has published a new fact sheet covering some important topics about HIPAA data sharing.

5 Tips to Follow When Handling PHI

One of the most common causes of Health Insurance Portability and Accountability Act (HIPAA) violations involves the mishandling of Protected Health Information (PHI). Whether you're a doctor, chiropractor, dentist or any other covered entity, you should follow these tips when handling PHI to avoid violations.

HIPAA Security Rule Tips for Covered Entities

With the OCR conducting the second phase of its HIPAA audits, doctors and other covered entities should put forth the effort to ensure they are in full compliance with HIPAA. As you may already know, HIPAA consists of the Security Rule, Privacy Rule and Breach Notification Rule. Of those three, covered entities experience the greatest difficult with the Security Rule. So, what steps can you take to ensure your practice complies with the HIPAA Security Rule?

21st Century Cures Bill Lacks Wording for HIPAA Privacy Rule Changes

The House of Representatives voted in favor of the 21st Century Cures Act earlier this month, with 392 representatives voting “yes” and 26 voting “no.” However, this bill lacks the necessary wording to allow changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.

5 Quick Tips for HIPAA Compliance

The OCR is currently conducting the second phase of its HIPAA audits. This means doctors, physicians, chiropractors, dentists and other covered entities – along with their business associates – can expect to see greater enforcement efforts. While a nuisance for many healthcare practitioners, HIPAA audits play an important role in protecting the privacy and confidentiality of patients. So, what steps can you take to ensure compliance with HIPAA and its rules?

OCR Warns of Phishing Email Scam Disguised as HIPAA

The Office for Civil Rights (OCR) has published a warning over a new phishing scam disguised as a HIPAA-related email sent from the OCR itself. The email features a phony letterhead with the OCR's Director Joceyln Samuels, and is being sent to doctors, physicians and other covered entities along with their business associates. The email contains a link, asking the recipient to click for inclusion in the HIPAA Privacy, Security and Breach Rules Audit Program.

Can Responding to Negative Reviews Trigger HIPAA Violation?

As a healthcare provider, you want to ensure your brand has a positive image. After all, most people look up a physician or practitioner's name on the Internet before making their first appointment. And if your practice has a negative image, it could deter those prospective patients from visiting your practice. However, you should think twice before responding to negative reviews about your practice, as this could be a violation of HIPAA.

UMass Amherst to Pay $650,000 HIPAA Settlement

The University of Massachusetts Amherst has agreed to pay $650,000 and implement a corrective action plan as part of a settlement over allegations that it violated the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Questions to Ask When Performing a HIPAA Risk Analysis

Doctors, chiropractors, dentists and other covered entities are required by law to conduct regular risk analyses. As per the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, a risk analysis is intended to asses potential risks and vulnerabilities to the confidentiality, privacy and integrity of Electronic Protected Health Information (ePHI). When conducting a risk analysis, though, you should ask, and answer, the following questions.

Conducting a HIPAA Audit

As the first quarter draws to a close, there's no better opportunity for healthcare practitioners to conduct an internal audit of their practice's Health Insurance Portability and Accountability Act (HIPAA) policies. The Office for Civil Rights (OCR) has been increasing its HIPAA enforcement efforts in recent months, handing out more fines to covered entities and business associates who violate this federal law. So, what steps can you take to ensure compliance with HIPAA?

Why the Consent Specification was Dropped from HIPAA

The Department of Health and Human Services (HHS) removed the “consent” requirement from its (Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, leaving many people asking why. After all, the fundamental purpose of HIPAA is to protect the privacy of healthcare patients.

Can Covered Entities Use Mobile Devices to Access EPHI on the Cloud?

More and more doctors are using cloud-based services to store ePHI. Rather than storing ePHI on a local hard drive, doctors, dentists, chiropractors and other covered entities are making the transition to the cloud. If a computer is lost or stolen, the risk of a breach is mitigated since data is stored on the cloud. Furthermore, covered entities and their respective workforce can access ePHI from any applicable computer when it's stored on the cloud.

HIPAA Compliance: 6 Things to Check

Complying with the Health Insurance Portability and Accountability Act (HIPAA) isn't optional for healthcare providers; it's a necessity. Violating just one of its specifications could result in expensive fines and other corrective actions handed down by the Office for Civil Rights (OCR). So, here's a short list of five essential things to check when performing an internal HIPAA audit of your healthcare practice.

Drug Company Managers Sentenced for Violating HIPAA

Most cases of Health Insurance Portability and Accountability Act (HIPAA) violations result in civil penalties, ranging anywhere from $100 to $50,000 per violation, along with corrective action. There are times, however, when a covered entity or business associate may face criminal penalties from such violations.

HIPAA Privacy Rule Requirements for Identify Verification

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule consists of several standards which are intended to protect the medical records and personal information of healthcare patients and health insurance customers. While the Security Rule pertains strictly to electronic forms of Protected Health Information (known as EPHI), the Privacy Rule covers all forms of PHI. As such, it's important for covered entities to comply with the Privacy Rule.

How HIPAA Protects Patients' Privacy

Roughly 83% of the U.S. adult population has sought professional healthcare in the past year, according to the CDC. When seeking healthcare services, patients are typically required to provide personal information, including their full name, birthdate, home address, phone number, billing information, medical insurance number, etc. In an effort to protect the privacy of healthcare patients, Congress passed HIPAA. So, how exactly does HIPAA protect patients' privacy?

HIPAA and Texting: Does it Violate Patient Privacy Laws?

The Health Insurance Portability and Accountability Act (HIPAA) focuses on protecting the confidentiality and security of personal health information while also making it easier for individuals to keep their health insurance.

FTC Publishes New Guidance for Responding to Data Breaches

The Federal Trade Commission (FTC) has published new guidance on how business owners should respond to data breaches. It provides step-by-step instructions regarding which actions to take if you suspect a data breach at your business. This is important because of the time-sensitive nature of data breaches. By reporting and notifying the respective organizations of a data breach more quickly, damage to individuals' privacy and personal information can be limited.

Storing ePHI on the Cloud: What You Should Know

Private cloud adoption has increased from 63% in 2015 to 77% in 2016 thus far, according to an annual State of the Cloud Survey conducted by RightScale. It's not just IT companies who use the cloud; though. Healthcare practitioners are also jumping on the bandwagon. But whether you're a doctor, dentist, chiropractor or any other covered entity, there are a few things you should know about cloud computing and how it relates to the Health Insurance Portability and Accountability (HIPAA) of 1996.

HIPAA Fines Expected to Increase in the Future

The  Health Insurance Portability and Accountability Act (HIPAA) has been around for two decades, with Congress first signing it into effect back in 1996. The ultimate goal of HIPAA is to promote greater privacy and security for healthcare patients by requiring practitioners to implement certain safeguards and policies. But many practitioners fail to follow HIPAA, placing their business at risk for fines, corrective actions and other penalties.

HIPAA Security Rule Tips for Covered Entities

The HIPAA Security Rule is a set of national standards designed to prevent the unauthorized access or disclose of electronic personal health information. All doctors, dentists, chiropractors and other covered entities are required to comply with these standards; otherwise they could face serious fines and other penalties. So if you run a healthcare practice that operates as a covered entity, you should follow these steps to ensure compliance with the HIPAA Security Rule.

FTC Act May Also Affect Shared Patient Health Data

Many doctors, dentists, chiropractors and other covered entities assume the Health Insurance Portability and Accountability Act (HIPAA) governs the sharing of patient health data. Originally signed into effect by Congress in 1996, HIPAA consists of the Privacy Rule, Security Rule and Breach Notification Rule. While this wide-reaching federal law does in fact cover the sharing of Protected Health Information (PHI), the FTC Act may also affect it.

St. Joseph Health to Pay $2.14 Million HIPAA Settlement

St. Joseph Health, a nonprofit Catholic healthcare provider has agreed to pay $2,140,500 as part of a settlement over allegations that it violated the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and Security Rule.

ONC and OCR Update HIPAA Risk Assessment Tool

The Office of the National Coordinator (ONC) for Health and IT and the Office for Civil Rights (OCR) has updated the Health Insurance Portability and Accountability Act (HIPAA) security risk assessment tool used by covered entities and business associates.

HIPAA Cheat Sheet to Avoid Violations

As you may already know, the Office for Civil Rights (OCR) is currently conducting the second phase of its Health Insurance Portability and Accountability Act (HIPAA) audits. So whether your business operates at a general care practice, chiropractor, dentist or any other covered entity, you should conduct your own internal audit to ensure compliance with HIPAA. Failure to do so could result in hefty fines and/or corrective actions handed down by the OCR in the event of an audit.

HIPAA Compliance: 4 Steps that all Covered Entities Should Take

With the Office for Civil Rights (OCR) readying for phase 2 of its Health Insurance Portability and Accountability Act (HIPAA) audits, there's no better time than the present to review your policies and procedures. First and foremost, you should follow these four steps, as it will set your healthcare practice on the right path towards compliance.

Tips to Protect Against Small HIPAA Breaches

The Department of Health and Human Services (HHS) separates HIPAA breaches into one of two categories: small breaches affecting fewer than 500 individuals, and large breaches affecting 500 or more individuals. While large HIPAA breaches carry bigger penalties, they aren't as commonplace as small breaches. So if you're a doctor, dentist or any other covered entity, you should take a proactive approach towards minimizing the risk of small HIPAA breaches.

HHS Publishes New Guidance on HIPAA-Compliant Cloud Computing

Does your healthcare practice use cloud computing storage and/or computing services? “Cloud computing” isn't just another buzzword that's here today and gone tomorrow. It's become a fundamental part of many healthcare providers' day-to-day operations.

Database Management in the Age of HIPAA

When Congress first passed the Health Insurance Portability and Accountability Act (HIPAA) some twenty years ago, the vast majority of doctors and healthcare practitioners stored patient information using paper documents. While some doctors continue to use paper documents for this purpose, most have since made the transition to digital forms of media.

5 Everyday HIPAA Tips for Healthcare Practitioners

Whether you're a doctor, chiropractor, dentist or any other covered entities, you should take a proactive approach towards complying with the Health Insurance Portability and Accountability Act (HIPAA). Signed into effect by Congress in 1996, this wide-reaching federal law requires all healthcare practitioners (known as covered entities) to comply with the Security and Privacy Rules. Keep reading to learn some everyday HIPAA tips to utilize in your practice.

HIPAA Tips for Startup Healthcare Practices

Are you thinking about starting your own healthcare practice? There's no denying the fact that healthcare is a lucrative and rewarding field. It's a career that allows hard-working individuals to earn a living while helping others in need. But if you plan on starting your own practice, you'll need to take some basic precautions to ensure you aren't inadvertently violating the Health Insurance Portability and Accountability Act (HIPAA) and its respective rules.

GAO Report: More Guidance Needed on HIPAA Compliance

A new report published by the Government Accountability Office (GAO) has found that the Department of Health and Human Services (HHS) is not doing enough to protect the privacy and security of healthcare patients from cyber attacks, hackers and thieves.

Care New England Settles HIPAA Penalty for $400,000

Care New England Health Systems – an IT provider that services four Rhode Island-based hospitals – has agreed to pay $400,000 and comply with a proposed corrective action plan to settle allegations that it violated the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Survey Sheds Light on How Healthcare Practitioners Perceive HIPAA

NueMD conducted its first Health Insurance Portability and Accountability Act (HIPAA) survey back in 2014, asking healthcare practitioners a series of questions pertaining to their knowledge (or lack thereof) of healthcare privacy and security regulations. This was among the largest HIPAA surveys ever conducted, with more than 1,100 responses spread across 50 states. But NueMD has recently conducted a follow-up survey, and the results were somewhat surprising.

Is Your Healthcare Practice Violating HIPAA When Using Email?

Email has become the de-facto method of communication in today's society, and for good reason: it's easier, faster and more convenient to send an electronic message as opposed to using traditional “direct mail.” But doctors and other entities covered under the  Health Insurance Portability and Accountability Act (HIPAA) of 1996 must use caution when sending emails, as it could violate one or more aspects of this federal law.

The Rise of HIPAA Data Breaches

It's no secret that more and more covered entities are reporting Health Insurance Portability and Accountability Act (HIPAA) data breaches. From small family-care practices to hospitals and major health insurance companies, data breaches have become an all-too-common occurrence in today's day and age. But it hasn't always been this way. So, what's contributing to the rise of HIPAA data breaches?

Note-Taking in the Era of HIPAA

It's next-to-impossible to remember every piece of information that you encounter in a typical day. According to a study published in the Telegraph, the average person consumed roughly 174 newspapers worth of information per day. Of course, doctors and other healthcare practitioners likely consume even more information, which is why they often use notes and memos. But if you're a covered entity who uses notes, you should be aware of the conflicts it poses to HIPAA.

HIPAA Compliance Tips for Chiropractors

There are approximately 44,000 licensed chiropractors practicing in the United States, according to the US Bureau of Labor Statistics. If you're among these chiropractic practitioners, you should familiarize yourself with HIPAA. Because contrary to what some people may believe, HIPAA isn't limited strictly to doctors; it also covers chiropractors. And failure to comply with HIPAA in your chiropractic practice could result in fines and other corrective action handed down by the OCR.

Paper PHI Mistakes that Doctors Should Avoid

In the past, patient information was largely stored on paper, with doctors using manila folders to categorize and curate them. With the advent of computer systems and networks, however, it's now easier and more convenient to store this type of information on a hard disk, the cloud or some other digital media. But if you're going to store personally identifiable health information on paper, you'll want to avoid making the following mistakes.

OCR to Conduct HIPPA Audits on Dentists This Year

The Office for Civil Rights (OCR) is expected to conduct its next round of  Health Insurance Portability and Accountability Act (HIPAA) audits on dentists later this year.

OCR Targeting Covered Entities for Smaller HIPAA Breaches

It's a common assumption that only hospitals and other large healthcare practices are targeted by the Office of Civil Rights (OCR) for data breaches. Ever since Congress passed HIPAA in 1996, the OCR has segmented data breaches into one of two categories: those affecting 500 or more individuals, and those affecting fewer than 500 individuals. Just because a data breaches affects fewer than 500 individuals, however, doesn't necessarily mean that it's insignificant.

HIPAA and Whiteboards: Are They Allowed?

This is a question that many doctors and other covered entities ask. Whiteboards offer a quick and easy way for healthcare professionals to make notes, often including patient names, diagnoses and other pertinent information. But anytime personal health information is being displayed, covered entities must consider whether or not it violates the Health Insurance Portability and Accountability Act (HIPAA). So, are whiteboards allowed under HIPAA?

HIPAA: How it's Changed and Where it's Headed

It's been more than 20 years since Congress signed HIPAA into effect. As you probably know, a lot has changed since then. From smartphones and social media, to newly added revisions like Omnibus Rule, HIPAA has evolved since its inception. It's important for doctors and other covered entities to familiarize themselves with these changes so they remain in full compliance with HIPAA. Because failure to do so could result in hefty fines and corrective action handed down by the OCR.

5 Questions to Ask When Conducting a HIPAA Security Risk Assessment

The Department of Health and Human Services (HHS) requires all doctors, dentists, chiropractors and other covered entities operating in the United States to conduct security risk assessments on a regular basis, as part of the HIPAA. As the name suggests, this is done to “assess the security risk” associated with patients' personal information. When conducting a HIPAA security risk assessment, covered entities should try to answer the following questions.

HIPAA Tips for Small Healthcare Practices

Do you own or otherwise manage a small healthcare practice? If so, you'll need to comply with the Health Insurance Portability and Accountability Act (HIPAA). Originally passed by Congress in 1996, this federal law requires all doctors and other healthcare providers – big and small – to implement certain safeguards, policies and procedures to protect their patients' personal information from unauthorized use or disclosure.

Philadelphia Business Associates Cited for HIPAA Violation

It's not just covered entities who are cited for Health Insurance Portability and Accountability Act (HIPAA) violations; third-party business associates with whom they do business are also targeted.

6 Tips to Avoid HIPAA Data Breaches

Are you doing enough to protect your healthcare practice from Health Insurance Portability and Accountability Act (HIPAA) data breaches? Each year, dozens of doctors and other covered entities pay steep fines for breaches involving Electronic Protected Health Information (EPHI). Some of these breaches are minor, whereas others are larger and more widespread.

What You Can Learn From the Largest HIPAA Settlement to Date

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has received approximately 91,000 complaints of Health Insurance Portability and Accountability Act (HIPAA) violations from April 2003 to January 2003. Of those 91,000 complaints, 22,000 resulted in enforcement action.

HIPAA Tips: Strengthen Your Passwords

Whether you're a doctor, dentist, chiropractor or any other healthcare service provider, you probably know the importance of securing patient information. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 requires covered entities to implement certain safeguards to protect patients' personal information from disclosure. And the first step towards achieving this is using a strong password on your practice's networks and devices.

Common Misconceptions About Patient Privacy

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was created to strengthen the privacy of healthcare patients. It consists of several rules, along with various specifications, that covered entities must follow. But there's a great deal of misinformation surrounding HIPAA and patient privacy, some of which we're going to tackle in today's blog post.

Is Donald Trump's Doctor Violating HIPAA?

That's what some healthcare security and privacy experts are alleging.

HIPAA Celebrates its 20th Anniversary

It's been two decades since Congress passed the Health Insurance Portability and Accountability (HIPAA). Congress enacted this group of federal laws, with former U.S. President Bill Clinton signing the laws into effect, on August 21, 1996.

What Documents Does the OCR Request During Phase 2 Audits?

The Office for Civil Rights (OCR) is currently conducting phase 2 of its Health Insurance Portability and Accountability Act (HIPAA) audits. This means covered entities may receive a notice requesting them to provide OCR investigators with certain documentations pertaining to HIPAA and patient privacy.

HIPAA Tips for Nurses

There are approximately 3.1 million registered nurses working in the United States, according to the Bureau of Labor Statistics (BLS). Nurses play an important role in professional healthcare, assessing patients' health, taking vitals, offering advice, and assisting with doctors. Because they work in the context of a covered entity, however, nurses must also comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Advocate Health Care Network Agrees to Pay $5.55 Million HIPAA Fine

One of Illinois largest healthcare providers has agreed to pay $5.55 million as part of a resolution to settle allegations that it violated the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

HIPAA Violations Cost Covered Entities $36 Million

Ever since Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in 1996, the Office for Civil Rights (OCR) has taken a proactive approach towards ensuring that doctors, chiropractors, dentists and other covered entities practicing in the Unites State comply with this federal law and its respective requirements.

OHSU Agrees to Pay $2.7 Million HIPAA Fine

The Oregon Health & Science University (OHSU) has agreed to pay $2.7 million to settle allegations of various Health Insurance Portability and Accountability Act (HIPAA) violations.

HIPAA Desk Audits: What You Should Know

As most doctors and other covered entities already know, the Office for Civil Rights (OCR) is currently conducting phase 2 of its Health Insurance Portability and Accountability Act (HIPAA) audits. The purpose of these audits is to ensure that CEs big and small are complying with HIPAA and its respective Security and Privacy Rules. But it's a little-known fact that phase 2 HIPAA audits are broken down into two different types: onsite and desk audits.

One-Third of Hospitals' EHR Contingency Plans Not HIPAA Compliant

A new survey conducted by the Department of Health and Human Services (HHS) has found that only two-thirds of hospitals have Electronic Health Record (EHR) contingency plans that meet Health Insurance Portability and Accountability Act (HIPAA) requirements.

University of Mississippi Agrees to Pay $2.75 Million HIPAA Fine

The University of Mississippi has agreed to pay $2.75 million as part of a resolution agreement to settle Health Insurance Portability and Accountability Act (HIPAA) violations.

When an Impermissible Use of PHI is Not a Breach

Breaches involving Protected Health Information (PHI) have become increasingly more common in the past few years. Doctors, hospitals and other healthcare facilities have reported more frequent cyber attacks on their systems, which subsequently increases the risk of PHI disclosure.

HIPAA: Are You Authorizing EPHI Access Correctly?

HIPAA requires doctors, chiropractors, dentists and other covered entities to implement policies and procedures for authorizing Electronic Protected Health Information (EPHI) access. This requirement is part of the HIPAA Security Rule, which pertain strictly to electronic forms of personally identifiable patient health information. Among other things, the HIPAA Security Rule states that only workers who have been trained and given proper authorization can access EPHI.

ONC Petitions Congress to Protect Non-HIPAA Patient Health Data

The Office of the National Coordinator for Health Information Technology (ONC) has petitioned the United States Congress to improve protection for patient health data that falls outside the boundaries of current federal laws.

Are You Guilty of Making these HIPAA Mistakes?

With the Office for Civil Rights (OCR) currently conducting phase 2 of its HIPAA audits, there's no better time than now for doctors, chiropractors, dentists and other covered entities to ensure they are complying with this federal law and its respective requirements. Failure to comply with HIPAA places your healthcare practice at risk for fines and corrective action. More so, it sends the wrong message to your patients – that you don't care about their privacy.

HIPAA and PHI Disposal: What You Should Know

Whether you're a doctor, dentist, chiropractor or any other healthcare provider operating in the United States, you need to use caution when disposing of patients' personal information. Signed by Congress in 1996, the Health Insurance Portability and Accountability Act (HIPAA) requires covered entities to follow certain rules to protect their patients' Protected Health Information (PHI) from unauthorized use or disclosure.

Office for Civil Rights Publishes Guidance on Ransomware and HIPAA

Ransomware has become a serious problem here among healthcare facilities operating in the United States. This disturbing new trend of malicious software encrypts hospital's and other healthcare facilities' data, preventing users from accessing it until a “ransom” is paid. But even if the victim pays the ransom, there's no guarantee that the data will be unlocked.

How to Protect Your Healthcare Practice from HIPAA Violations

If you keep up with news in healthcare and patient privacy, you probably know just how common HIPAA violations are. The Office for Civil Rights (OCR) has increased its efforts to identify and fine offending practices for violating the HIPAA. Each year, dozens of doctors, dentists, chiropractors and other covered entities are cited by the OCR for various HIPAA violations. So, what steps can you take to protect your healthcare practice from violations such as this?

HHS Publishes New Documents on HIPAA Privacy Rule

The Department of Health and Human Services (HHS) has published two new documents on the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. These documents were created in collaboration with the Office for Civil Rights (OCR) and the Office of the National Coordinator for Health IT. Whether you are a doctor, dentist, chiropractor, or any other provider of healthcare services operating in the United States, you should check out these two new documents.

Crash Course on HIPAA Compliance for Dentists

If you currently work as a dentist, or if you are thinking of becoming a dentist, you should familiarize yourself with the HIPAA. Signed by Congress in 1993, this significant federal law requires doctors, chiropractors, dentists and other healthcare providers to follow certain precautions to protect the privacy of their patients.

Catholic Health Care Services Settles HIPAA Violation

The Philadelphia-based healthcare provider Catholic Health Care Services (CHCS) has agreed to pay $650,000 in a settlement with the Office for Civil Rights (OCR) for allegedly violating the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

HIPAA Administrative Safeguards: What Covered Entities Should Know

As per HIPAA, doctors, dentists, chiropractors and other covered entities are required by federal law to implement certain safeguards to protect patients' personal information from unauthorized use or disclosure. There are certain different types of safeguards outlined in the HIPAA Security Rule. Today, we're going to take a closer look at the administrative safeguards, revealing the steps covered entities must take to comply with the Security Rule.

OCR HIPAA Enforcement Increases

Each year, hundreds of doctors and other covered entities are cited for various HIPAA violations. These violations range from minor to severe, with the latter carrying a maximum of fine of up to $250,000 per incident. But there's new evidence indicating that HIPAA enforcement activity is on the rise. So if you're a healthcare provider operating in the U.S., you should take measures to ensure you are compliant with the HIPAA Privacy Rule and Security Rule.

Email and HIPAA: Are Your Emails are Compliant?

Email has become the de-facto standard of communication for many healthcare practices. It's faster, easier, more convenient and costs less than traditional “snail mail.” But with the advent of email comes new hurdles regarding patient privacy. HIPAA requires doctors and other covered entities to take certain steps to protect patients' medical records from unauthorized use or disclosure. So, how do you know if your practice's emails are compliant with HIPAA?

Disclosing Protected Health Information for Research Purposes

Covered entities often err on the side of caution regarding the disclosure of Protected Health Information (PHI) for research purposes, but this wasn't always the case. Before the Health Insurance Portability and Accountability Act (HIPAA) was passed, doctors, surgeons and other covered entities would gladly share patients' medical records with research companies. HIPAA changed this, however, placing certain restrictions on when and how a covered entity can disclose PHI for research purposes.

What You Should Know About HIPAA's 'Emergency Disclosure' Clause

HIPAA was created to protect the privacy of healthcare patients. When someone seeks treatment or other healthcare services in the United States, he or she has certain privacy rights under HIPAA. Among other things, this federal law prohibits doctors, chiropractors, dentists and other covered entities from disclosing PHI about a patient without his or her consent. However, there are certain exceptions to this rule, including emergency disclosures.

HIPAA Tips for Startup Healthcare Practices

Are you thinking about opening your own healthcare practice? There's no denying the fact that the medical field is a massive, ever-growing industry. But in addition to the traditional challenges faced by small business owners, medical practices must also comply with the Health Insurance Portability and Accountability Act (HIPAA).

Comparing the Different Security Rule Safeguards

The Health Insurance Portability and Accountability Act (HIPAA) consists of the Privacy Rule, Breach Notification Rule, and Security Rule, the latter of which focuses specifically on electronic forms of personally identifiable health information. Within the Security Rule, however, is several types of safeguards that covered entities must implement to better protect their patient's electronic data from unauthorized use and disclosure. So, what exactly are these safeguards?

FDA to Provide Guidance on HIPAA Data Sharing for Medical Devices

The Federal Drug Administration (FDA) has drafted a set of guidelines to assist medical device manufacturers in complying with the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

ONC Releases Educational Videos on Patients' HIPAA Rights

Unless they work in the healthcare field, most patients are completely unaware of their rights pertaining to the Health Insurance Portability and Accountability Act (HIPAA) of 1996. But the Office of National Coordinator (ONC) is hoping to change this by creating greater transparency in regards to patient privacy rights.

5 Ongoing Practices that Doctors Should do to Comply with HIPAA

Each year, dozens of doctors and other covered entities are cited for violating the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Even if their intentions were good, such violations can prove costly. To help reduce the risk of HIPAA violations, doctors should perform the following tasks on a regular basis.

HIPAA Breach Affecting NFL Players

The medical records of thousands of current and former National Football League (NFL) players have been compromised, according to a report first published by the sports website Deadspin.

Are Doctors Violating HIPAA by Responding to Online Complaints?

Online reviews have revolutionized the way in which we buy products and services. No longer are consumers forced to cross their fingers and hope that business delivers what it promises. Thanks to online review platforms like Yelp and Facebook, consumers can see what other customers have said about the business before buying its products and services.

Defining a HIPAA Breach: What is and isn't a Breach

If you keep up with our blog here at Allpoint Compliance, you are probably aware of the fundamental purpose of the Health Insurance Portability and Accountability Act (HIPAA): to prevent the disclosure of Protected Health Information (PHI). PHI is often disclosed to unauthorized individuals and entities during a breach. But what exactly is a PHI breach? And are there any exceptions to the HHS' definition of a breach?

HHS Publishes HIPAA Privacy and Security Audit Guidelines

The Department of Health and Human Services (HHS) has published a list of guidelines associated with Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security audits on its website. Spanning more than 400 pages, this comprehensive document is designed to assist doctors, chiropractors, dentists and other covered entities in complying with HIPAA and its respective rules.

6 Best Practices to Avoid HIPAA Violations

Each year, dozens of doctors, hospitals, chiropractors and other healthcare practitioners are cited by the Office for Civil Rights (OCR) for various HIPAA violations. Depending on the type of violation, the covered entity could face hefty fines while also being forced to take corrective action. But the good news is that you can typically avoid HIPAA violations by following some simple steps.

HHS Provides Guidance on Patient Right of Access Cost

Under the Health Insurance Portability and Accountability Act of 1996, all healthcare patients and customers have a legal right to access copies of their Protected Health Information (PHI). Covered entities who decline a patient's request could be subject to fines or other penalties handed down by the Office for Civil Rights (OCR) – and the OCR will cite covered entities for noncompliance.

Fact Facts About HIPAA Violations

The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996 to protect the privacy and rights of healthcare patients. Consisting of the Privacy Rule, Security Rule and Breach Notification Rule, doctors and other covered entities must comply with these requirements; otherwise, they face fines and penalties enforced by the Office for Civil Rights (OCR).

Four Patients File HIPAA Complaint Against Myriad Genetics

One of the country's premiere genetics and molecular diagnostics companies announced earlier this month that four of its patients had filed a complaint against it with the Department of Health and Human Services (HHS), alleging that it violating the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

HIPAA Physical Safeguards to Protect Against Data Breach

Part of running a healthcare practice in the United States is complying with the HIPAA. It requires doctors and other covered entities to follow the Security Rule, Privacy Rule and Breach Notification Rule, each of which has its own sun-requirements. Within the Security Rule, for instance, covered entities must use physical safeguards to prevent the unauthorized use or disclosure of PHI. But what exactly is a physical safeguard? And how are they used to protect patients' information?

The Do's and Don'ts of PHI Disposal

Improper disposal of Protected Health Information (PHI) is consistently one of the most common Health Insurance Portability and Accountability Act (HIPAA) violations. Failure implement reasonable safeguards could result in a PHI breach and subsequent HIPAA violation.

Questions to Ask When Conducting a Risk Analysis

HIPAA requires doctors and other healthcare providers to take certain precautions to protect their patients' personal information from unauthorized use or disclosure. Among these requirements is a routine risks analysis. As part of the HIPAA Security Rule, covered entities must conduct routine a risk analysis, checking to make sure their organization complies with the rule's administrative, physical and technical safeguards.

FTC Launches Tool for Mobile Health App Developers

The Federal Trade Commission (FTC) has released a new tool to assist developers in the creation of mobile health apps.

HIPAA: Best Practices for Encrypting Data

HIPAA requires doctors, chiropractors, dentists and other healthcare providers operating as “covered entities” in the United States to take certain precautions to protect their patients' data from unauthorized use, access or disclosure. Of course, there's no better or more effective way to safeguard EPHI than encryption. Encrypted data cannot be deciphered without the appropriate encrypt key, meaning only the intended person or persons can access this data.

HIPAA Compliance and Your Medical Website

If you are a doctor, chiropractor, dentist or any other healthcare provider classified as a covered entity under HIPAA, you'll need to take some certain precautions when designing and maintaining a website for your business. Many covered entities overlook the nuances of HIPAA with web design, assuming it doesn't affect them. While it's true that some healthcare websites are not required to comply with HIPAA and its respective rules, others are.

6 Tips to Avoid Healthcare Data Breach

The Department of Health and Human Services (HHS) includes encryption as an “addressable” specification of the HIPAA Security Rule, meaning covered entities are only required to implement it after conducting a risk assessment in which they determined that it is a reasonable and appropriate safeguard to protect health data. With that said, however, it's almost always a good idea to encrypt health data, regardless of whether or not it's required.

Did CVS Pharmacy Violate HIPAA?

One of the nation's largest and most prolific pharmacy chains has come under fire for potentially violating the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

HIPAA Security Rule: 6 Things You Should Know

The Final Rule on the Health Insurance Portability and Accountability Act (HIPAA) Security Standards was issued by the Department of Health and Human Services (HHS) on February 20, 2003. With that said, most covered entities were not required to comply until April 21, 2005 – the “compliance date” for covered entities.

Upgrading to a New Computers? Avoid HIPAA Headaches

Most doctors, chiropractors, dentists and other covered entities today use computers to process and store data about their patients. Over time, however, these computers become obsolete, forcing the practice to “upgrade” to newer, faster models. But before you toss your old computers in the trash, there are a few things you should know.

New York Hospital Slapped with $2.2 Million HIPAA Fine

The New York-Presbyterian Hospital (NYP) has been fined $2.2 million by the Office for Civil Rights (OCR) for allegedly violating the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

HIPAA and Telecommuting: What Healthcare Providers Should Know

It's estimated that roughly one in five Americans work from home – a number that's expected to grow larger in the following years. There are numerous perks associated with telecommuting, such as the ability to work at your own pace, the removal of otherwise common workplace distractions, and the ability to use your own devices. But for healthcare providers, telecommuting may conflict with the Health Insurance Portability and Accountability Act (HIPAA).

HIPAA and Genetic Testing

Many doctors and healthcare practices are now offering genetic testing services. These services are often used to identify a person's risk of developing certain diseases and illnesses, as well as calculating biological relationships, ancestry, and more. From an outsider's perspective, it may sound like something out of a sci-fi movie, but genetic testing has become a common service offered by many healthcare practice.

Orthopedic Practice Settles HIPAA Alleged HIPAA Violations for $750,000

It's not always doctors and surgeons who are targeted by the Office for Civil Rights (OCR) for violating the Health Insurance Portability and Accountability Act (HIPAA); dentists, orthopedic practitioners and other covered entities are also targeted, such as the case of Raleigh Orthopaedic Clinic.

HIPAA Compliance and Passwords

The old days of storing patient records in the form of physical documents and papers is long gone. It's now easier for doctors and other healthcare providers to store patient records as digital files on computer hard drives, external storage devices, clouds, networks, etc. In doing so, however, it increases the risk of a data breach, as a hacker or some other nefarious individual may infiltrate the covered entity's system and access its Electronic Protected Health Information (EPHI).

The HIPAA Security Rule Compliance Checklist

The HIPAA Security Rule is a set of national standards that aim to protect the Electronic Protected Health Information (EPHI) of healthcare patients from unauthorized use or disclosure. Unlike the Privacy Rule, the Security Rule only affects electronic forms of PHI. Whether you are a doctor, chiropractor, dentists or any other covered entity, you should comply the Security Rule and its requirements to avoid being penalized by the Office for Civil Rights (OCR).

OCR Updates its Protocol for Phase 2 Audits

The Office for Civil Rights (OCR) has updated the protocol it uses for phase 2 Health Insurance Portability and Accountability Act (HIPAA) audits.

The 4 Primary Requirements of the HIPAA Security Rule

Healthcare providers operating in the United States are required by law to comply with the Health Insurance Portability and Accountability Act (HIPAA) and its respective rules. Among these rules is the Security Rule, which, according to the HHS website, is a set of standards for the protection of Electronic Protected Health Information (EPHI). While it's recommended that you read the Security Rule in its entirety, there are four general requirements set forth.

How Dentists Can Prepare for a HIPAA Audit

Do you operate a dental practice in the United States? If so, you are required by law to comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Consisting of the Privacy Rule, Security Rule, and Breach Notification Rule, it lays out several requirements that covered entities must follow in regards to patient privacy. So, today we're going to reveal some essential steps that dentists can take to better prepare their practice for a HIPAA audit.

6 Things You Should Know About the HIPAA Privacy Rule

If you perform healthcare services in the United States, you'll need to comply with the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is designed to protect the privacy of healthcare patients by requiring doctors, surgeons, nurses, chiropractors, dentists and other covered entities to follow certain guidelines when conducting business. Among these guidelines includes the Privacy Rule, which we're going to discuss in greater detail today.

Ransomware and HIPAA: What Doctors Should Know

There's been a disturbing new trend regarding the use of ransomware in recent years. Ransomware refers to a particular type of malicious software that, once deployed on a victim's computer or computer network, prevents the user from accessing his or her files until a ransom is paid. Data is encrypted, requiring a decryption key to be accessed. But even if this ransom is paid, there's no guarantee that the files will become accessible again.

How Family Care Practitioners can Prepare for HIPAA Audits

Are you a family care practitioner? It's a common assumption that the Office for Civil Rights (OCR) only audits large medical practices, but this isn't necessarily true. While large practices are often targeted, smaller healthcare practices may also be audited. This is why it's important for family care practitioners to prepare themselves for HIPAA audits. Failure to do so could turn into a costly mistake that yields a violation and subsequent fine and corrective action.

Technical Safeguards to Protect EPHI from Disclosure

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 requires all covered entities to implement a combination of physical, administrative and technical safeguards to protect sensitive patient information from unauthorized use and disclosure. Today, we're going to take a closer look at some of the technical safeguards described in the HIPAA Security Rule.

Feinstein Institute Agrees to Pay $3.9 Million in HIPAA Settlement

The New York-based healthcare research facility Feinstein Institute for Medical Research has agreed to pay the Office for Civil (OCR) $3.9 million to settle allegations of Health Insurance Portability and Accountability Act (HIPAA) violations.

Can I Outsource the Disposal of Patient Files?

It's not uncommon for hospitals to manage hundreds of thousands of patient files. And even smaller family care physicians may store thousands of patient files. So, when it comes time to destroy some of these files, the facility may seek to outsource the task to another company. Having to shred and/or incinerate thousands of files can be a tedious, time-consuming process to say the least, in which case it only makes sense to outsource the task to a third party.

North Memorial Health Care of Minnesota Agrees to Pay $1.55M HIPAA Fine

North Memorial Health Care of Minnesota, a nonprofit medical facility in Robbinsdale, has agreed to pay the Department of Health and Human Services (HHS) $1.55 million for violating the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

OCR Announces the Start of Phase 2 HIPAA Audits

The second round of Health Insurance Portability and Accountability Act (HIPAAA) audits have been officially announced by the Office for Civil Rights (OCR).

Maintaining HIPAA Compliance in the Waiting Room

Waiting rooms are used frequently in doctors' offices, chiropractors, dentists and hospitals. When a patient arrives, he or she typically waits here until the receptionist calls them back. If you operate a healthcare practice with a waiting room, it's important to follow some basic guidelines to ensure that you comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Is Your Cloud Provider Compliant with HIPAA?

From Google Drive and Microsoft OneDrive to Amazon Web Services (AWS) and Dropbox, cloud storage services have become increasingly popular in recent years. In addition to being used for recreational purposes by consumers, they are now being used by professionals in the healthcare industry. But before signing up and using a cloud storage service, you should ask yourself whether or not it is compliant with the Health Insurance Portability and Accountability Act (HIPAA).

Frequently Asked Questions About Business Associates Agreements

Whether you a family care physician, a surgeon, chiropractor, dentist or any other entity covered under the Health Insurance Portability and Accountability Act (HIPAA) of 1996, you need to familiarize yourself with the business associates agreement (BAA). This legally binding document is required by law when a covered entity facilitates Protected Health Information through a third-party company or organization. To learn more about BAAs, keep reading.

HIPAA Terms that You Need to Know

If you perform healthcare services in the United States, you'll need to abide by the Health Insurance Portability and Accountability Act (HIPAA). Originally signed into law by Congress in 1996, it's designed to protect the privacy of healthcare patients by establishing certain rules and requirements. The first step towards compliance, however, is to familiarize yourself with the common terms associated with HIPAA.

Study: Health Apps May Pose Privacy Risks

Most adults in the United States now own a smartphone. Smartphones have become an integral part of our daily lives, keeping us connected to friends, family and the entire world. But a new study has found privacy concerns in mobile health apps.

HIPAA Fast Facts that Doctors Should Know

Here are a few facts that are essential for a doctor to help keep their practice in compliance with HIPAA.

OCR Releases New Guidelines on Mobile Health Apps

The Office for Civil Rights (OCR) has published new guidelines to address the use of mobile health apps (known as mHealth apps) as it relates to the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

4 Tips to Prepare for a 2016 HIPAA Audit

With phase 2 of Health Insurance Portability and Accountability Act (HIPAA) audits right around the corner, there's no better time than now for doctors and covered entities to prepare themselves. The Office for Civil Rights (OCR) has been handing out violations more frequently as of late. According to the official Department of Health and Human Services (HHS) website, the OCR has investigated 34,975 complaints from April 2003 to December 2015, 24,047 of which required corrective action.

Working from Home and HIPAA: What You Should Know

Does your occupation allow you to work from home? Well, you aren't alone. According to a recent survey. What does this mean for HIPAA?

How an Online Testimonial Led to a $250K HIPAA Fine

Testimonials are found just about everywhere you look online. In most cases, no harm comes from posting a testimonial on a website. Other times, however, it can be a costly mistake, such as the case involving the Los Angeles-based physical therapy practice Complete P.T., Pool & Land Physical Therapy Inc.

HIPAA and Photos: What You Should Know

It's not uncommon for doctors, nurses and healthcare physicians to take photos of patients and their respective injuries. In some cases, these photos are restricted to the practice's network, with doctors using them for research and reference purposes later. In other cases, however, patient photos are published on publicly accessible networks, such as the facility's website or social media account.

HIPAA Limited Data Sets: What You Should Know

As a covered entity, it's your responsibility to familiarize yourself with relevant terms and definitions surrounding the  Health Insurance Portability and Accountability Act (HIPAA) of 1996. One such term that's frequently used is “limited data sets.” So, what in the world is a limited data set and how does it pertain to HIPAA?

HIPAA Compliance and Text Messaging: What's Allowed and What's Not

Doctors, chiropractors, dentists and other covered entities are required by law to comply with the Health Insurance Portability and Accountability Act (HIPAA). Originally signed into law by Congress back in 1993, HIPAA is designed to protect the privacy of healthcare patients by establishing certain rules that covered entities must follow. While some of these requirements are obvious, others are more discreet.

HIPAA Compliance Tips for Family-Care Physicians

Health Insurance Portability and Accountability Act (HIPAA) compliance affects more than just hospitals and large healthcare practices; it also affects small “family-care” physicians and practices. HIPAA consists of multiple rules and laws pertaining to patient privacy that covered entities must follow. Failure to do so could result in civil fines, or in extreme cases, criminal action. So, what steps can you take as a family-care physician to ensure compliance with HIPAA?

HIPAA Compliance with BYOD Policies

There's been a growing trend towards the use of bring-your-own-device (BYOD) policies in the workplace. According to Wikipedia, up to 75% of employees in high-growth markets already use their own devices at work, attesting to its widespread popularity. BYOD policies reduce costs while ensuring that workers are familiar and knowledgeable with the technology. But healthcare workers who use their own devices must follow some basic guidelines to ensure their data remains safe and protected.

LA Hospital Pays Hacker $17K in Bitcoin After Data Breach

A Los-Angeles-based hospital has paid an unknown hacker $17,000 in the digital currency Bitcoin after its computer system was seized.

Medical Device Security and Where it's Headed

The field of health and medicine has changed drastically over the past few decades. No longer are paper files used to store patient information; computers and other electronics are now being used for this purpose. The “digitization” of medical records has undoubtedly improved the medical field, allowing for faster service. But it has also raised concerns regarding patient privacy, as medical computers and devices can be hacked just like any ordinary computer.

OCR: Healthcare Providers Not Sharing Data, Even When Allowed

Originally passed by Congress in 1996, the Health Insurance Portability and Accountability Act (HIPPA) is designed to protect the privacy of healthcare patients by setting certain rules and regulations that physicians and other covered entities must follow. HIPAA has undoubtedly helped the world of modern-day medicine, as patients can rest assured knowing that their information is safe. But many covered entities are refraining from sharing data, even when it is allowed by HIPAA.

Lincare, Inc. Fined $240,000 for HIPAA Violations

Lincare, Inc., a home health provider, has been ordered to pay $240,000 by the Office for Civil Rights (OCR) for violating the Health Insurance Portability and Accountability Act (HIPAA).

5 Key Points from the HIPAA Privacy Rule

As a healthcare practitioner, it's your duty to comply with the Health Insurance Portability and Accountability Act (HIPAA). Passed by Congress in 1996, it is intended to enhance the privacy of patients by setting rules and requirements for covered entities. One such requirement is compliance with the Privacy Rule, which we're going to discuss further in today's blog post.

University of Washington to Pay $750,000 for Data Breach

The University of Washington has agreed to pay $750,000 for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Cyber Security Mistakes that Healthcare Workers Should Avoid

From major health insurance companies like Premera and Anthem, Inc. to hospitals and physician practices, healthcare companies are often the target of cyber attacks. When an attack occurs, it can result in the disclosure of PHI, which can subsequently have wide-reaching ramifications for the respective practice. So today we're going to reveal some of the most common cyber security mistakes made by healthcare workers.

Are You Ready for a HIPAA Compliance Audit?

If not, you should be. Each year the Office for Civil Rights (OCR) audits hundreds of covered entities and business associates to ensure they are compliant with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The penalties for violations can range from basic corrective action to thousands of dollars in fines – or in extreme cases, criminal prosecution.

HIPAA Compliance in the Era of Cloud Computing

Cloud computing has exploded in terms of usage and popularity in recent years, with companies of all shapes and sizes using it to streamline their operations. As a healthcare practitioner, however, there are certain precautions you must take in order to remain compliant with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Opting to use a cloud-computing service may seem harmless enough, but it could place your patients' data at risk for unauthorized disclosure.

What is 'Minimum Necessary' in HIPAA?

Part of maintaining a HIPAA-compliant healthcare practice involves knowing (and following) the various standards. One of the lesser-known standards is called “minimum necessary,” which is a key protection element of the Privacy Rule. So, what exactly is the minimum necessary standard and how do you implement it?

Maintaining HIPAA Compliance During a Relocation

Are you planning to move your medical practice to a new location in the near future? It's not uncommon for doctors to move their facility of operations to support growth. Relocating to a busier part of time, for instance, may attract more patients while establishing yourself as an authority figure in your respective field of medicine. But you need to place an emphasis on patient privacy when relocating to a new area, which is something that we're going to discuss today.

Top 5 Most Frequently Reported HIPAA Violations

If you work in the medical field, it's essential that you learn the nuances of the Health Insurance Portability and Accountability Act (HIPAA). Originally signed into law back in 1996, it consists of numerous requirements that covered entities must follow to protect patients' data from unauthorized use or access. Covered entities who fail to abide by HIPAA could be subject to fines – or in some cases – criminal prosecution.

HIPAA 'Workstation Use' Standard Explained

When dissecting the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, you may come across a standard titled “Workstation Use.” Located in §164.310(b), this standard plays a key role in compliance. So whether you are a doctor, dentist, chiropractor, or any other covered entity, you should familiarize yourself with the Workstation Use standard and its respective requirements.

University of Washington Medicine Slapped with $750k HIPAA Fine

The University of Washington Medicine has agreed to pay a $750,000 fine stemming from a data breach that occurred back in 2013, disclosing the Protected Health Information (PHI) of some 90,000 patients.

How HIPAA Complaints are Handled

It's important for covered entities to familiarize themselves with the way in which Health Insurance Portability and Accountability Act (HIPAA) complaints are handled. Covered entities big and small are often the target of complaints. Some of these complaints may be valid, whereas others are false/fictitious. Regardless, understanding the complaint process and how it is handled will give you the upper hand in maintaining a compliant healthcare practice.

Beware: New Malware Loads Before Operating Systems

Roughly one in three computers are infected with some type of malicious software, according to a report published by the Anti-Phishing Working Group. Known as “malware,” this software often steals the user's data or even hijacks the computer so it can be controlled remotely. As a result, doctors, physicians and other covered entities must use caution to ensure their systems are protected against this threat; otherwise, they could face harsh fines for HIPAA noncompliance.

HIPAA Privacy Rule Modified to Enhance Mental Health Background Checks

The Department of Health and Human Services (HHS) has modified the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule so that covered entities can disclose mental health information to the FBI for use in background checks. Under the newly amended rule, covered entities may submit mental health information about their patients to the National Instant Criminal Background Check System to assist the FBI in determining who's eligible to own a gun and who's not.

Modified HIPAA Privacy Rule to Take Effect February 5, 2016

The Department of Health and Human Services (HHS) has published its final rule for amending the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. The Privacy Rule was modified to inform doctors and other covered entities that it is not a violation to report certain types of data to the National Instant Criminal Background Check System (NICS).

Risk Management vs Risk Analysis: What's the Difference?

Many doctors and covered entities assume risk analysis and risk management refer to the same process. While they share some similarities in terms of goal, however, they are two unique steps towards achieving compliance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. To learn more about the differences between risk management and risk analysis, keep reading.

CVS Repeatedly Violated HIPAA, According to Report

CVS Health is among hundreds of covered entities that has violated the Health Insurance Portability and Accountability Act (HIPAA) “repeatedly” from 2011 to 2014, according to a startling new report.

Top 5 HIPAA Compliance Tips for Dentists

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 isn't restricted solely to doctors and healthcare practitioners. Dentists must adhere to HIPAA, as well. Here are 5 essential tips for HIPAA compliance among dentists.

Does Your Healthcare Facility Have a Privacy Officer?

If not, you could be breaking the law. Under the Health Insurance Portability and Accountability Act (HIPAA) of 1996, all doctors, physicians, dentists, chiropractors and other covered entities are required to designate a privacy officer. Failure to do so could result in your fines or other penalties handed down by the HHS.

OCR Answering Mobile App Questions About Patient Privacy

In case you didn't get the memo, the Office for Civil Rights (OCR) launched a new website where mobile app developers can ask questions and learn more about the laws regarding patient privacy.

HIPAA and Wireless Security

Does your healthcare practice use a wireless network to send and receive Protected Health Information (PHI)? Well, you aren't alone. The vast majority of doctors' offices and healthcare practices now use WiFi to streamline their normal operations. After all, it's easier and more convenient to send a patient's file to a department via a wireless network as opposed to manually walking it to the department. But with the advent of wireless technology comes new hurdles regarding patient privacy.

Can Healthcare Patients Revoke Authorization to Access Their Data?

Under the Health Insurance Portability and Accountability Act (HIPAA) of 1996, healthcare patients must give their written permission to a covered entity in order for that covered entity to disclose their Protected Health Information (PHI). This is among the many stipulations set forth in the Privacy Rule, and is designed to protect the privacy of healthcare patients. But what if a patient no longer wants his or her PHI disclosed? Are they allowed to revoke this type of authorization?

2016 Trends to Watch for HIPAA Compliance

As we near the end of 2015, there's no better time than now for healthcare practitioners to reevaluate their practice and ensure they are compliant with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Each year, the Office for Civil Rights (OCR) fines dozens of covered entities for violations stemming from HIPAA. So, what kind of HIPAA compliance trends can you can expect to see more of in 2016 and going forward?

Demystifying the HIPAA Security Rule

In order to operate a legal, compliant healthcare practice in the United States, you must familiarize yourself with the Health Insurance Portability and Accountability Act (HIPAA) and its respective rules, including the Security Rule. Originally issues on February 20, 2003, the Security Rule was designed to “compliment” the Privacy Rule by expanding on new security measures to enhance patient privacy.

The Do's and Dont's of Maintaining Patient Records

A quick list of Do's and Don'ts for maintaining patient records.

Privacy Concerns of the Cloud

Does your medical practice store patient data on the cloud? Cloud-based computing services have become increasingly more commonplace in recent years. In fact “The Cloud” was named Word of the Year in 2012 by the American Dialect Society. But doctors and other medical professionals should proceed with caution when using cloud-based services to store their patients' data.

Breakdown of the HIPAA Administrative Simplification Rule

When the Health Insurance Portability and Accountability Act (HIPAA) was first published in 1996, it lacked several key elements that were necessary to secure the personal data of healthcare patients. This prompted lawmakers to introduce the Administrative Simplification Rule, which consisted of new provisions to strengthen HIPAA. To learn more about the Administrative Simplification Rule and how it affects healthcare providers and their patients, keep reading.

Insurance Company Agrees to $3.5 Million HIPAA Settlement

Violating the basic privacy laws to which healthcare patients are entitled can be costly, such as the case involving the San Juan, Puerto Rico-based health insurance company Triple-S Management Corporation.

What is a HIPAA Data Breach?

The term “data breach” is used extensively by the Department of Health and Human Services (HHS) when referring to doctors, hospitals, chiropractors, dentists, and other entities covered under the Health Insurance Portability and Accountability Act (HIPAA). Many healthcare practices have been slapped with hefty fines ranging upwards of $10,000 for such breaches. But what exactly constitutes a data breach in the eyes of the HHS?

Dissecting the HIPAA for Chiropractors

According to the Bureau of Labor Statistics (BLS), there are approximately 44,000 licensed chiropractors practicing in the United States. While the majority of chiropractors practice full time, roughly a third of them are considered part-time practitioners. Regardless of which category your chiropractic practice falls under, though, you should familiarize yourself with the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

HIPAA: What are Physical Safeguards?

When researching the different ways to prevent the unauthorized disclosure of Electronic Protected Health Information (EPHI), you may come across the term “physical safeguard.” The Health Insurance Portability and Accountability Act (HIPAA) specifically mentions physical safeguards in its Security Rule, requiring all doctors, chiropractors, dentists, and other covered entities to implement them. But what exactly is a physical safeguard?

Patient Sign-In Sheets and HIPAA

It's not uncommon for doctors and other healthcare practitioners to place “sign-in” sheets in their waiting rooms. When a patient arrives for an appointment, he or she will place their John Hancock on the sign-in sheet. The receptionist will then go through this list of names, calling each patient back in the appropriate order. But how exactly do these patient sign-in sheets correspond with the Health Insurance Portability and Accountability Act (HIPAA)?

HIPAA Privacy Laws May Not Cover Personal Devices

From smartwatches like the Galaxy Gear and Apple Watch to electronic optics like the Google Glass and more, wearable electronics have become a hot topic in recent years. But with these devices comes new hurdles for healthcare providers in regards to patient privacy, as some experts are saying that they are not protected by Health Insurance Portability and Accountability Act (HIPAA) privacy laws.

The Importance of Creating Business Associates Agreements

Does your healthcare practice have the necessary Business Associates Agreements (BAA)? Unless your facility handles all of its operations internally (which is unlikely), you'll need a BAA for each and every third-party agency that has access to your Protected Health Information (PHI). The Health Insurance Portability and Accountability Act (HIPAA) requires all covered entities to create such agreements for any outside organization that has access to their PHI.

Tips and Tools for Conducting a HIPAA Risk Assessments

When was the last time that you conducted a Health Insurance Portability and Accountability Act (HIPAA) risk assessment of your healthcare practice? The Office for Civil Rights (OCR) requires covered entities to conduct their own internal risk assessments on a regular basis to determine whether or nor their patients' data is at risk for unauthorized access and/or use. While many covered entities neglect this step, it's an essential component in maintaining a compliant healthcare practice.

HIPAA Security Officer Duties and Responsibilities

One of the many requirements of maintaining a healthcare practice that's compliant with the Health Insurance Portability and Accountability Act (HIPAA) is to designate a Security Officer. Under HIPAA, all doctors, hospitals, chiropractors, dentists and other “covered entities” are required to have a Security Officer. So, what are the duties and responsibilities of this role?

Does Your Healthcare Practice Use Mobile Messaging Apps?

Mobile messaging apps have revolutionized the way in which we communicate. Using these apps, we can send and receive messages instantly. But doctors and other covered entities should approach these apps with caution due to the conflicts they create in regards to the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

What is Encryption and How Does it Pertain to HIPAA?

Whether you're a tech aficionado or not, you've probably heard of encryption before. Major tech companies like Google, Microsoft and Apple all use this technology to secure their users' data. But what exactly is encryption? And is it a requirement by the Health Insurance Portability and Accountability Act (HIPAA)?

How to Dispose of Protected Health Information

Most doctors, nurses, chiropractors, dentists and other covered entities are fully aware of the importance of maintaining patient privacy. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 lays out several Rules in regards to patient privacy. Among these Rules includes requirements on how to properly dispose of Protected Health Information (PHI), both paper and digital formats.

'Authorization' vs 'Consent' in HIPAA Privacy Rule

Many doctors and other covered entities are confused regarding the terminology of “authorization” and “consent” when used in the context of the Health Insurance Portability and Accountability Act (HIPAA). More specifically, the HIPAA Privacy Rule frequently uses these terms when describing patient rights. Unless you know exactly what these terms mean, however, you may struggle to maintain a HIPAA-compliant healthcare practice.

Phase 2 HIPAA Audits to Begin Early 2016

The Office of Civil Rights (OCR) has announced the second phase of Health Insurance Portability and Accountability Act (HIPAA) audits to begin early 2016.

HIPAA Whistleblower Protection

With more than 826,000 registered and licenses physicians operating in the United States, it's impossible for Office for Civil Rights to audit each and every practice. As a result, many Health Insurance Portability and Accountability Act (HIPAA) violations go unnoticed. But the OCR encourages patients and workers alike to step forward when a violation occurs, as this allows privacy discrepancies to be fixed.

HIPAA and Social Media Photos: What You Should Know

Social media networking sites like Facebook and Twitter have become an integral part of our daily lives. According to a study conducted by AdWeek, more than two in three Americans use social media. While there's nothing wrong with sharing personal stories and opinions, doctors, nurses and other workers whom are employed by “covered entities” must use caution in regards to the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

HIPAA 101: What is a Limited Data Set?

Understanding the nuances of the Health Insurance Portability and Accountability Act (HIPAA) and its respective Rules is essential to maintaining a compliant healthcare practice. While some of the requirements set forth by the Privacy, Security and Breach Notification Rules are relatively straight forward and require little-to-no explanation, others can be more confusing, such as the case involving designated record sets.

Best Practices for HIPAA-Compliant Email

Does your healthcare practice use email to send and/or receive Electronic Protected Health Information (EPHI). If you answered yes, then you are not alone. Nearly every major healthcare provider in the U.S. now uses email for this purpose. It's a faster and more efficient way to send data. But like all forms of digital communication, there's an inherit risk of a breach when using email, which is why it's important for healthcare providers to remain compliant with HIPAA when using email.

Does HIPAA Require You to Retain Medical Records for a 6 Years?

Some people assume that the  Health Insurance Portability and Accountability Act (HIPAA) of 1996 requires doctors and other covered entities to retain patient records for a specific period of time. However, this isn't entirely true. While the HIPAA Privacy Rule covers many elements of patient privacy, it does not include requirement for record retention.

HIPAA Breach Notification Rule Involving 500 or More Individuals

Part of maintaining a Health Insurance Portability and Accountability Act (HIPAA) compliant healthcare practice is knowing what to do in the event of a data breach. Let's hope it never happens, but if your practice's data is ever compromised, you'll need to follow some basic steps to ensure the appropriate parties are notified of the incident. In this post, we're going to discuss the HIPAA Breach Notification Rule involving 500 or more individuals.

The 4-Step Process to Performing a HIPAA Risk Analysis and Management

Part of the Administrative Safeguards section of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires doctors and other covered entities to conduct their own internal risk analysis. This purpose of this analysis is to gauge the likelihood of a data breach involving Electronic Protected Health Information (EPHI). While it may sound like a complicated process, conducting a risk analysis is actually easier than most people realize.

HIPAA Compliance Checklist for Doctors

In case you didn't get the memo, the Office for Civil Rights (OCR) is preparing to conduct its second phase of Health Insurance Portability and Accountability Act (HIPAA) audits. While they've yet to announce an official date, sources say it will likely begin early next year. Doctors should use this time to conduct their own internal audits, ensuring they are compliant with the HIPAA Security, Privacy, and Breach Notification Rules.

5 Ways to Protect Your Healthcare Practice Against Data Breaches

Are you doing enough to protect your healthcare practice against data breaches? Some people assume that hackers only target banks and financial institutions. After all, these organizations are usually the ones with the most valuable, sensitive information. Unfortunately, though, many hackers have begun to place their crosshairs on healthcare practices and insurance companies in recent years. So, what steps can you take to protect your healthcare practice against data breaches?

HIPAA Security Rule Compliance 101

Do you operate a healthcare practice that collects, stores and/or uses Electronic Protected Health Information (EPI)? If so, you must familiarize yourself with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. All healthcare practices and other “covered entities” that use EPHI are required by law to follow this Rule. Those who do not may face fines or other penalties handed down by the Office for Civil Rights (OCR).

OCR Rights Launches HIPAA Portal for App Developers

The Office for Civil Rights (OCR) in conjunction with the Obama Administration has launched a web-based portal from which mobile app developers can ask and answer questions regarding the Health Insurance Portability and Accounting Act (HIPAA).

New Round of HIPAA Audits Coming in 2016

What better way to kick off the new year than with a new round of HIPAA audits conducted by the Office for Civil Rights (OCR)? Well, it looks like that may soon become a reality. The Office of Inspector General (OIG) released two reports last month, in which it called fro the OCR to strength its enforcement of the Health Insurance Portability and Accountability Act (HIPAA).

HIPAA Privacy Rule: Who Does it Affect?

Passed by Congress in 1996, the Health Insurance Portability and Accountability Act is designed to protect the privacy of healthcare patients. It consists of several Rules that healthcare providers must follow in order to remain compliant. If a provider is found in violation of one or more HIPAA Rules, it could face fines or other penalties by the Office for Civil Rights (OCR). Today, we're going to focus on the HIPAA Privacy Rule, revealing whom exactly it affects and how.

Tips for Conducting a HIPAA Risk Analysis

As part of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, doctors, chiropractors, dentists and other covered entities are required by law to conduct a risk analysis on a regular basis. This process is intended to provide instructions on how to implement and facilitate the Security Rule through an assessment of the covered entity's risks and vulnerabilities regarding Electronic Protected Health Information (EPHI).

Health Insurer Excellus Experiences Data Breach

The New York-based health insurance company Excellus has suffered a major data breach, affecting an estimated 10 million customers. The company announced earlier this month that it had been the victim of cyber attack on December 23, 2013, although the breach was not discovered until August 2015. During the attack, hackers were able to access some 10 million personal records, making this is the third largest Health Insurance Portability and Accountability Act (HIPAA) breach of all time.

OCR Chooses Vendor for Second Round of HIPAA Audits

The Office for Civil Rights (OCR) has chosen a vendor to conduct the second round of Health Insurance Portability and Accountability Act (HIPAA) audits.

Beware! These 5 Things May Attract a HIPAA Violation

If you are a doctor or some other healthcare provider, you are probably well aware of the importance of maintaining a HIPAA-compliant workplace. Originally passed by Congress in 1996, the Health Insurance Portability and Accountability Act (HIPAA) establishes is a set of national standards that covered entities must follow in regards to patient privacy. Failure to do could result in a fine handed down by the Office for Civil Rights (OCR).

Creating a HIPAA-Compliant Business Associates Agreement

When you're busy performing all of the steps that go into creating a HIPAA-compliant medical practice, you may overlook your business associates. Under the Health Insurance Portability and Accountability Act (HIPAA), however, all covered entities must create a Business Associates Agreement (BAA) for each third-party organization that accesses or otherwise uses its Protected Health Information (PHI).

Fitbit Wellness Program Now HIPAA-Compliant

More and more companies today are offering health and wellness programs for their workers. In fact, a recent report published by the Society for Human Resource Management found than more than two thirds of all U.S. employers offer them. Of course, there's a good reason for this trend: encouraging workers to take a proactive approach towards their health improves productivity while simultaneously reducing sick days.

The Four Requirements of HIPAA Security Rule

The Health Insurance Portability and Accountability Act (HIPAA) established a set of standards to protect the privacy of healthcare patients. HIPAA consists of several Rules, including the Security, Privacy and Breach Notification Rule, each of which has its own unique purpose. The Security Rule, for instance, focuses strictly on protecting Electronic Protected Health Information (EPHI) from unauthorized use or disclosure, whereas the Privacy Rule covers all forms of PHI.

OCR Prepares for Phase II HIPAA Audits

The Office for Civil Rights (OCR) is preparing for the second phase of Health Insurance Portability and Accountability Act (HIPAA) audits. According to Lexology.com, the first phrase included more than 100 “pilot” audits, focusing strictly on covered entities. The second phase, however, will be cover both covered entities, as well as third-party business associates with whom they work.

Sony Agrees to HIPAA Settlement

Sony Corporation has agreed to pay an undisclosed sum of money as part of a settlement stemming from a massive data breach that occurred in 2014.

HIPAA and Medical ID Theft

Are you doing enough to prevent identify theft in your medical practice? According to the Bureau of Justice Statistics (BJS), identity theft costs Americans an estimated $24.7 billion annually – a number that's expected to increase in the years to come. When a patient has his or her identify stolen, it can wreck havoc on their credit, and subsequently, their life.

Administrative, Technical and Physical Safeguards. Oh My!

Originally singed into law in 1996, the Health Insurance Portability and Accountability Act (HIPAA) contains a set of Rules that healthcare providers and other covered entities must follow to protect the privacy of patients.

Cancer Care Group to Pay $750,000 for HIPAA Violations

Cancer Care Group, one of the nation's largest radiation oncology private practices, has agreed to pay $750,000 for violating the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

How HIPAA Protects Patients

Do you know how the Health Insurance Portability and Accountability Act (HIPAA) protects healthcare patients? When you're busy conducting regular HIPAA risk assessments and fixing any potential violations, it's easy to overlook the fundamental principle of this law: to protect the privacy of U.S. healthcare patients.

Demystifying the HIPAA Administrative Simplification Rule

When your busy researching the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules, you may overlook the Administrative Simplification Rule. Granted, it doesn't hold as much weight as the aforementioned Privacy and Security Rules, but it's still a key component in operating a compliant healthcare practice. So today we're going to take a closer look at the HIPAA Administrative Simplification Rule, revealing what that all it entitles.

Who is Covered by the HIPAA Privacy Rule?

One of the most critical elements of the Health Insurance Portability and Accountability Act of 1996 is the Privacy Rule, which as the name suggests is designed to protect the privacy of healthcare patients. Before this law was created, the medical field was like the Wild West, with a gray area in regards to patient privacy. With HIPAA, however, all healthcare patients are entitled to certain rights which are designed to protect their information from unauthorized use or disclosure.

OCR Partners with CMS to Publish HIPAA Fact Sheet

The U.S. Office for Civil Rights (OCR) has partnered with the Centers for Medicare and Medicaid Services (CMS) to publish a new fact sheet covering the nuances of the Health Insurance Portability and Accountability Act (HIPAA).

Iron-Clad HIPAA Technical Safeguards for Healthcare Practices

If you keep up with our blog, you're probably well aware of the importance of maintaining a HIPAA-compliant healthcare practice. The Health Insurance Portability and Accountability Act (HIPAA) is a set of laws that doctors, hospitals, chiropractors, dentists, and other “covered entities” must follow in regards to patient privacy. Among the requirements set forth by HIPAA includes technical safeguards, which is something that we're going to discuss further in today's post.

HIPAA Privacy Rule Administrative Requirements

Are you doing enough to protect your patients' privacy? Originally created in 1996, the Health Insurance Portability and Accountability Act (HIPAA) was designed for this very purpose: to ensure the sensitive medical information of healthcare patients doesn't end up in the wrong hands. HIPAA's Privacy Rule dictates these requirements, including various administrative requirements that we're going to discuss in greater detail today.

Are Doctors Allowed to Leave Voicemail Messages to Patients?

It's not uncommon for doctors, nurses and receptionists to leave voicemail messages for their patients. Whether it's to remind them of an upcoming appointment, relay test results, or to see how a new medication or treatment is working. Before you call and patient and leave sensitive medical information on his or her voicemail, however, there are a few things you should know.

Medical Devices Can Be Hacked, Warn Officials

Federal officials have issued a warning, saying that certain medical devices are vulnerable to hacking.

Top 5 Most Common HIPAA Violations

Whether you are a doctor, dentist, surgeon, or any other healthcare practitioner, you must abide by the Rules set forth in the Health Insurance Portability and Accountability Act (HIPAA). Originally signed into effect back in 1996, it's designed to protect the privacy of patients by requiring covered entities to implement procedures, policies and safeguards. Today we're going to take a look at some of the most common HIPAA violations.

Top 5 Tips to Prepare for a HIPAA Audit

As the Department of Health and Human Services gears up for its next round of HIPAA audits, doctors and other covered entities are scrambling to ensure they are fully compliant. Each year, the HHS issues hefty fines – and in some cases, criminal penalties – to practices that violate the HIPAA Rules. Don't assume that ignorance is an excuse for failing to be compliant, as the HHS will still cite offending practices for their negligence. So, what steps can you take to prepare for a HIPAA audit?

HIPAA and Video Surveillance

Does your medical practice use video surveillance? If so, you should be aware of how it pertains to the HIPAA. It's not uncommon for doctor's offices, hospitals, and other medical practices to record operating procedures. But if you're familiar with HIPAA, you probably know that any personally identifiable information cannot be used without the patient's consent. This begs the question: can covered entities use video surveillance without violating HIPAA?

I Discovered a Breach at My Healthcare Practice: What Next?

Have you recently discovered a breach of Protected Health Information (PHI) at your healthcare practice. The Department of Health and Human Services (HHS) requires all covered entities to send an official notice in the event of such breaches. This requirement is part of HIPAA's Breach Notification Rule, and failure to follow it could result in fines or other penalties.

Report: Should The HIPAA Privacy Rule Be Modernized?

The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 with the primary  purpose of protecting the privacy rights of healthcare patients. You can read through some of our previous blog posts here at Allpoint Compliance to learn more about HIPAA and its implications, but it basically consists of several Rules, along with safeguards pertaining to those rules.

HHS Releases New Document on HIPAA

The Department of Health and Human Services (HHS) has released a new document on the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

What is a HIPAA Data Breach?

One of the steps to maintaining a HIPAA-compliant healthcare practice is to know and understand what constitutes a data breach. The Health Insurance Portability and Accountability Act (HIPAA) is intended to protect patients' privacy via a set of standards, or Rules. When a breach occurs, the covered entity must notify the Department of Health and Human Services (HHS) within a specified time period (usually 60 days, depending on the severity of the breach). But how does the HHS define a “breach?”

Email Communications and HIPAA

To say email is widely used today would be an understatement. According to some statistics, more than 100 billion electronic mail messages are sent and received each day. It's become the de-facto form of communication among businesses from all shapes and sizes. But it also presents some conflicts pertaining to the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

HIPAA Compliance Checklist

This covers the major components of any HIPAA checklist.

Quick Reference to HIPAA Terms

Trying to understand the nuances of the Health Insurance Portability and Accountability Act (HIPAA) can be confusing. With so many different terms and subtle differences between them, it's difficult for many doctors and covered entities to remain compliant. That's why we're going to reveal a quick reference guide to HIPAA's commonly used terms today.

21st Century Cures Act and HIPAA

The House of Representatives past a new bill last week that will expedite funding for the National Institute of Health (NIH) as well as approvals for the Federal Drug Administration (FDA). Known as the 21st Century Cures Act, it focuses around healthcare in the US. But both proponents and critics of the bill are speaking out about it and its impact on the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Key HIPAA Points for Healthcare Providers

If you are a doctor, physician, dentist or any other healthcare provider operating in the US, you should familiarize yourself with the nuances of the Health Insurance Portability and Accountability Act (HIPAA). Originally signed into effect in 1996, HIPAA consists of several Rules that all healthcare providers must follow. Failure to follow HIPAA's Rules could result in fines or other consequences handed down by the Department of Health and Human Services (HHS).

HIPAA Security Practices for Dental Practices

It's a common assumption that the Health Insurance Portability and Accountability Act (HIPAA) of 1996 only applies to hospitals and major healthcare practices, but this isn't the case.

HIPAA Compliance With Bring-Your-Own-Device Policies

There are several key advantages to allowing healthcare employees to bring their own device to work. It reduces hardware costs, eliminates the need for special device training, and improves overall worker satisfaction levels. But there are also disadvantages to bring-your-own-device (BYOD) policies, one of which involves security.

Mass. Hospital Fined $218K for HIPAA Violations

A Massachusetts-based hospital had agreed to pay $218,400 for failing to comply with the Health Insurance Portability and Accountability Act (HIPAA).

Is Texting Allowed Under HIPAA?

Cellphone usage has become a normal part of Americans' everyday life. According to a recent study conducted by Pew Research Center's Internet & American Life Project, 61% of people in the US own a smartphone, whereas 91% own some type of mobile phone. These devices aren't being used strictly for personal purposes either, as many people use them for work, including doctors and nurses.

Did ESPN Violate HIPAA?

Many lawmakers and privacy advocates are calling out ESPN for violating the Health Insurance Portability and Accountability Act (HIPAA) of 1996. So, what did ESPN do to attract this unwanted attention?

Remaining HIPAA-Compliant With Your Data Storage

It wasn't long ago when doctors, hospitals, chiropractors and other healthcare providers used traditional paper files to store patent information. When a doctor needed to access an existing patient's information, he or she would simply find the file in a file cabinet. It wasn't the most efficient method, but it worked nonetheless. Thanks to the advent of modern technology, though, there's now an easier and more efficient way to store data.

HIPAA Technical Safeguards To Use

What kind of safeguards does your practice to use to protect patients' information from unauthorized use or access? The Health Insurance Portability and Accountability Act (HIPAA) dictates that all covered entities must implement a combination of technical, administrative and physical safeguards.

What's The Scoop on Wearable Electronics With HIPAA?

Wearable electronics have become increasingly popular over the past few years. From smartwatches and fitness trackers to Google Glass and more, there's a growing trend towards the use of these functional devices. While wearable electronics such as this are undeniably fun and convenience to use, many professionals in the healthcare industry question whether or not they violate the Health Insurance Portability and Accountability Act (HIPAA).

Report: 90% of Healthcare Providers Hacked

Just a few years ago, retailers and financial institutions were the prime target among hackers. Now, however, there's a disturbing new trend in which hackers are targeting healthcare providers. According to a recent study conducted by the market research firm Ponemon, nearly 90% of US healthcare providers have been hacked in the past two years.

Password Management and HIPAA

What passwords do you use to access your company's system? If you are a healthcare provider, you'll need to take extra precautions to ensure these passwords are strong and not easily broken. If a hacker or some other individual with nefarious intent can access your system, he or she could potentially steal Protected Health Information (PHI).

What is HIPAA Willful Neglect?

“Willful neglect” is a term that's often tossed around when referring to the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Doctors, nurses, dentists, chiropractors and other covered entities should familiarize themselves with this term and its respective definition. Because if you're accused of willful neglect, you could be faced with hefty penalties ranging up to the $250,000.

Do Whiteboards Violate HIPAA?

It's not uncommon for doctors offices, hospitals and other healthcare establishments to feature dry-erase whiteboards. Doctors and nurses often use them to write the name and other information of patients in various rooms. So instead of having to scan through the file system to determine the location of a patient, they can simply look at the whiteboard. This begs the question, however: is the of such whiteboards legal under HIPAA?

Devan McGraw To Lead HIPAA Enforcement Efforts

The Department of Health and Human Services (HHS) has appointed a new deputy director of health information privacy for its Office for Civil Rights (OCR) branch.

HIPAA and WiFi: What Should You Know

Wireless Internet technology has revolutionized the way in which we communicate. Rather than being bound by wires, we can send and receive data from practically any device that's equipped with a wireless network card. However, the use of such technology can lead to conflicts regarding the Health Insurance Portability and Accountability Act (HIPAA).

HIPAA and Social Media: What You Should Know

Doctors, physicians, dentists, chiropractors and other covered entities should tread cautiously when posting messages on social media. The HIPAA lays out guidelines regarding patient privacy, which can conflict with social media postings. This doesn't necessarily mean that you should delete your practice's Facebook and Twitter accounts altogether, but you should be aware of the content you are posting and whether or not it violates HIPAA's Privacy Rule.

What Is The Purpose of HIPAA's Privacy Rule

Many doctors, chiropractors, dentists and other entities covered under the HIPAA view the Privacy Rule as being a nuisance. Sure, it provides privacy rights to patients, but it also forces medial/healthcare practices to invest time, money and resources into following the rules set forth. But there's a good reason why the Department of Health and Human Services (HHS) created the Privacy Rule, which we're going to discuss further in this blog post.

Did Tenn. Governor Violate HIPAA?

Lawmakers in Tennessee are allegedly that Governor Bill Haslam violated the Health Insurance Portability and Accountability Act (HIPAA) of 1996 by releasing information in reference to government officials who are currently enrolled in Tennessee's health insurance program.

HIPAA Privacy Rule vs Security Rule: What's The Difference

The Health Insurance Portability and Accountability Act of 1996 is designed to protect the data and information of healthcare patients. To achieve this goal, it defines several Rules which covered entities are legally required to follow, including the Privacy and Security Rule. While many doctors and healthcare practitioners may assume these Rules refer to the same thing, there are some major differences between the two that shouldn't go unnoticed.

HIPAA: What Is a System of Records Notice?

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is designed to protect the privacy of healthcare patients and customers. If you keep up with our blog, you're probably well aware of the Rules implemented by the HHS in an effort to achieve this. As part of HIPAA, all doctors, physicians, chiropractors, dentists and other covered entities must follow HIPAA's Rules to remain compliant. But how does this relate to the HHS' Systems of Records Notices.

Tips to Protect Your Healthcare Practice From HIPAA Violations

Do you own or otherwise operate a healthcare practice in the U.S.? If so, you should be aware of the HIPAA and its implications. Ignorance is no excuse for the law, and turning a blind eye to HIPAA could result in fines or even criminal penalties. Just months ago, a Denver-based pharmacy was fined a whopping $125,000 for failure to properly dispose of customers' records – blatant HIPAA violation. So, how can you protect yourself from fines and penalties?

Is 2015 The Year of Healthcare Hacks?

That's what some cybersecurity analysts are saying, and they may be right. If you keep up with our blog, you're probably well aware of the recent cyber attacks involving health insurers Anthem and Premera. These two major U.S.-based companies announced the unauthorized disclosure of millions of their customers data, attesting to the need for enhanced security in the healthcare sector.

Who Is Allowed To Access Protected Health Information?

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 outlines several Rules that covered entities must follow in order to protect the privacy of their patients. This includes the use of technical, physical and administrative safeguards. But many patients – and even some healthcare providers – are confused regarded who exactly is allowed to access Protected Health Information (PHI).

How HIPAA Affects Healthcare Patients

Whether you're visiting a general care physician for an annual checkup or going to the hospital emergency room to seek treatment for a broken arm, you will undoubtedly be affected by HIPAA in more ways than just one. Ever since the Health Insurance Portability and Accountability Act went into law back in 1996, the healthcare industry has gone through some pretty substantial changes, most of which have to do with patient privacy.

Tips To Protect Your Healthcare Practice From Phishing

Phishing has become an increasingly popular type of cyber attack used by hackers and other individuals with nefarious intent. While many businesses and organizations are susceptible to these attacks, healthcare providers have the highest risk due to the sensitive data they store. Under the HIPAA, healthcare providers are required to implement appropriate and meaningful safeguards to prevent unauthorized access of PHI, meaning the risks for phishing must be addressed.

Top 5 Tips For HIPAA Compliance

Properly Dispose of Records</b></p><p>The keyword here is “properly.” We talked about this in a previous blog post, but in case you missed it a Denver-based pharmacy was recently fined $125 by the Department of Health and Human Services (HHS) for disposing of customers' records in a publicly accessible dumpster. HIPAA states that Protected Health Information (PHI) must be destroyed to the point where personally identifiable information can no longer be obtained from it.

CareFirst Health Insurer Hacked

Yet another major U.S. healthcare insurance provider has been hacked. CareFirst – a health insurer with the Blue Cross and Blue Shield network that offers services to residents in Maryland, Washington and Virginia – said it suffered a massive cyberattack in which the private records of some 1.1 million customers were compromised.

HHS Updates Guide on ePHI Security and Privacy

The U.S. Department of Health and Human Services has updated its guide on the privacy and security of Electronic Protected Health Information (ePHI).

Criminal Cyber Attacks are Leading Cause of Data Breaches

Data breaches have become increasingly prevalent over the past few months, with major retailers, health insurance providers, pharmacies, and other organizations reporting them. But a new study published by the Ponemon Institute found that most data breaches are the result of criminal attacks, not accidental disclosure or technical malfunction.

New Bill Seeks To Change HIPAA Privacy

As you may already know, one of the main objects of the Health Insurance Portability and Accountability Act (HIPAA) is to protect the privacy of healthcare patients. Unless a healthcare provider or insurance company has written permission from the patient, they are prohibited from disclosing the patient's Protected Health Information (PHI) for research purposes. But a recently proposed bill seeks to change the current stance on HIPAA in regards to patient privacy.

What Is HIPAA Notice of Privacy Practices?

A notice of privacy practices is exactly what it sounds like: a document or set of documents that provides a clear explanation of the covered entity's privacy policies in regards to Protected Health Information (PHI) as well as its the privacy practices. Under the federal HIPAA of 1996, all covered entities must have a notice of privacy policies in place; otherwise, they are in violation of the HIPAA Privacy Rule and could be subject to fines or other penalties.

Are Cloud-Based Storage Providers 'Business Associates'?

Cloud data storage and services have become increasingly popular over the past few years. They allow companies of all shapes and sizes to store their data remotely rather than locally; thus, protecting against total data loss in the event of disasters like a fire, flood, theft, etc. However, businesses that that use such services should be aware of the Health Insurance Portability and Accountability Act (HIPAA) and how it view cloud-based storage providers.

HIPAA Security Rule Tips For Doctors and Physicians

With the second round of audits right around the corner, there's no better time than now for doctors and physicians to ensure their practice is compliant with the HIPAA. As you may already know, the HIPAA Security Rule requires covered entities to implement the appropriate administrative, physical and technical safeguards to prevent unauthorized access of Electronic Protected Health Information (ePHI). To learn more about the HIPAA Security Rule and tips for doctors to follow, keep reading.

Do HIPAA Authorization Forms Require an Expiration Date?

This is a question many doctors, nurses, dentists and other covered entities ask. Under the HIPAA, covered entities are prohibited from disclosing any personally identifiable Protected Health Information (PHI) without the patient's written permission. If a patient wants to give his or her mother authority to access their records, for instance, the patient must complete an authorization form. This begs the question, however, do HIPAA authorization forms require an expiration date?

Denver Pharmacy Fined $125K for HIPAA Violations

The Department of Health and Human Services, Office for Civil Rights (OCR) has fined a Denver-based pharmacy for allegedly violating the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.

How To Report Breaches Involving Fewer Than 500 Patients

Has you practice experienced a data breach affecting fewer than 500 patients recently? If so, you are legally obligated to report it to the appropriate authorities. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 mandates that all covered entities report data breaches, and failure to do so could result in a fine. So, what's the correct way to report a data breach involving fewer than 500 patients?

Common HIPAA Violations

With the next round of HIPAA audits right around the corner, there's no better time than now for covered entities to perform an internal analysis of their operations and procedures. Simply turning a blind eye to the Health Insurance Portability and Accountability Act (HIPAA) places your business at risk for fines and other penalties. This week we're going to take a closer look at some of the most common HIPAA violations.

Does The HIPAA Security Rule Govern Written Health Information?

This is a question many doctors, physicians, chiropractors and dentists ask. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 outlines several “Rules” that covered entities must  abide by to remain legal and compliant, one of which is the Security Rule. Due to the generalized wording used in the Security Rule, many covered entities are left scratching their heads in regards to written forms of communication and whether or not it's covered under this Rule.

Why Doesn't The HIPAA Security Rule Provide Specific Technologies?

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is designed to protect the privacy of healthcare patients and health insurance customers. It consists of three “Rules” – Administrative, Privacy and Security – each of which has its own caveats. While all three Rules are critical in ensuring compliance with the law, the Security Rule defines when and how covered entities should implement procedures to protect data. What it doesn't describe, however, is specific technologies.

How The New EEOC Wellness Rules Affect HIPAA

The U.S. Equal Employment Opportunity Commission (EEOC) has published a new set of rules for the  Americans with Disabilities Act (ADA) in regards to wellness programs. Because wellness programs are technically classified as Protected Health Information (PHI), these rules are affected by the Health Insurance Portability and Accountability Act (HIPAA), as well as the Affordable Care Act (ACA).

Patient Privacy Remains a Priority For HHS

Even in the midst of numerous data breaches involving major healthcare providers and insurance companies, patient privacy remains a top priority for the Office for Civil Rights and Department of Health and Human Services.

Are You Properly Disposing Protect Health Information?

The primary focus of the federal Health Insurance Portability and Accountability Act (HIPAA) of 1996 is the establishment of standards that require covered entities to implement administrative, technical and physical safeguards to prevent unauthorized access of Protected Health Information (PHI). While most people are familiar with the basics of HIPAA, they often overlook the proper disposal of PHI.

The Growing Trend of HIPAA Data Breaches

It seems like every week we're hearing about a new data breach involving a hospital, doctor's office or health insurance provider. Not surprisingly, a new report has revealed a growing trend of HIPAA data breaches, affecting approximately 29 million medical records between 2010 and 2013.

Remaining HIPAA-Compliant When Backing Up Your Data

Regular data backups are an integral part of any healthcare operation. As the saying goes, hope for the best but prepare for the worst, holds true in this industry. Hopefully, nothing will happen to the devices on which your healthcare practice's data is stored. But if it does, having a backup copy will provide you with the peace of mind knowing that all is not lost.

Tips For Conducting a HIPAA Risk Assessment

With the next round of audits right around the corner, doctors, chiropractors, dentists, and other covered entities should use this time to a conduct a risk assessment. Also known as a risk analysis, it involves measuring a covered entity's risk for having Protected Health Information (PHI) accessed or disclosed by unauthorized individuals.

HITRUST To Study Cyber Threats In Healthcare

The Health Information Trust Alliance (HITRUST) has announced plans to conduct a new study on cyber threats in the healthcare industry.

Password Management and HIPAA Compliance

HIPAA requires doctors, physicians, dentists, chiropractors and other covered entities to take measures to protect their patients' information from unauthorized use or disclosure. We live in a digital age in which most healthcare organizations use networked systems to store data. As such, it creates potential security risks, as hackers or other individuals with malicious intent could infiltrate the system to access Protected Health Information.

How Long Must I Keep Protected Health Information?

Many doctors and healthcare workers often wonder how long they are required by law to retain Protected Health Information (PHI). The Health Insurance Portability and Accountability Act of 1996 governs a great deal of elements associated with such information, including security measures to prevent unauthorized use or disclosure, who is allowed to view PHI, how third-party business associated are treated, and more. So, how long are covered entities required to keep PHI?

HIPAA Compliance and The Cloud

Covered entities that utilize cloud computing, storage or other cloud-based technology should pay close attention to the nuances of the Health Insurance Portability and Accountability Act (HIPAA). Some doctors and practitioners assume HIPAA does not cover the cloud, so they turn a blind eye to compliance. In doing so, however, their patients' information is placed at risk for disclosure, which could turn result in fines and other penalties handed down by the Health and Human Services (HHS).

What Is a Limited Data Set?

Still trying to grasp the concept of a limited data set? Based on the name alone, it's hard to tell what exactly it is. Furthermore, the complex wording of the Health Insurance Portability and Accountability Act (HIPAA) adds greater confusion to covered entities. In this post we're going to take a closer look at limited data sets and how they are used.

The Importance of Being HIPAA-Compliant

Many physicians and other covered entities view the Health Insurance Portability and Accountability Act of 1996 as being nothing more than a nuisance that slows down their normal day-to-day business operations. While complying with HIPAA does require some time and effort, there's a good reason why this law is in place.

Premera Declared HIPAA Compliant Last Year

We covered a story last week about a cyber attack on the Washington-based health insurer Premera in which millions of customer records were disclosed. The company claims that one of its employees had unknowingly downloaded malware which automatically created a Virtual Private Network (VPN). Once the VPN was established, hackers were able to access millions of customer names, phone numbers, addresses, social security numbers, credit and debit cards, and even health records.

Premera Blue Cross Cyber Attack Exposes 11 Million Records

The Washington-based health insurance provider Premera Blue Cross was the victim of a large-scale cyber attack last year, which may have exposed records of 11 million customers.

Understanding The Role of The Security Officer

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires all doctors, dentists, chiropractors, and other covered entities to designate a Security Officer. Unfortunately, many covered entities turn a blind eye to this stipulation, assuming it's of little-to-no concern to them. But failure to designate a Security Officer may result in violation and potential fines handed down by the Health and Human Services (HHS).

Frequently Asked Questions About HIPAA Privacy Authorization

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule is a set of standards designed to protect the medical records and personal information of patients. All covered entities are required by law to follow these standards. But there's a great deal of confusion surrounding the Privacy Rule and how it pertains to privacy authorizations.

Report: Most California Healthcare Disclosures Caused By Stolen Devices

California Attorney General Kamala D. Harris released a report last year on state's data breaches which occurred in 2013. According to Harris, the majority of healthcare disclosures were caused by stolen hardware or devices, attesting to the need for greater security amongst doctors, physicians, dentists, chiropractors and other covered entities under the Health Insurance Portability and Accountability Act (HIPAA).

What Does 'Protected Health Information' Mean?

This is question many doctors, chiropractors, dentists and other covered entities ask themselves. You'll hear the term “Protected Health Information” or “PHI” a lot when reading about the Health Insurance Portability and Accountability Act of 1996. It's somewhat of a catch-all term used to describe any file, document or other media that contains personally identifiable health information. For a better understanding of PHI and how it's used, keep reading.

Report: 25% More Data Breaches In 2014

Data breaches are becoming more common in the healthcare industry. According to a recent report published by the cybersecurity and application testing firm Redspin, Inc., 9 million Protect Heath Information (PHI) records were compromised in 2014, up 25% from the year prior.

Should Encryption Be a Mandatory Requirement of HIPAA?

This is a question many lawmakers are asking in the wake of the recent Anthem, Inc. debacle which resulted in the unauthorized disclosure of tens of millions of patient files. The Health Insurance Portability and Accountability Act of 1996 outlines both general and specific guidelines for covered entities regarding the security of Protected Health Information (PHI). However, the Health and Human Services (HHS) currently does not require covered entities to implement encryption.

HIPAA Compliance For Independent Doctors

Many independent doctors turn a blind eye to Health Insurance Portability and Accountability Act (HIPAA) compliance. They assume compliance is handled by the hospital or network under which they operate. In reality, however, independent doctors have an equal amount of responsibility regarding Protected Health Information (PHI). Violations – blatant or otherwise – could result in direct action being taken against the doctor.

The 5 Key Requirements of HIPAA Security Rule

The Health Insurance Portability and Accountability Act outlines several different requirements for covered entities under its Security Rule. These requirements are used to better protect patients' information, reducing the risk of disclosure by unauthorized individuals. Unfortunately, many covered entities turn a blind eye to the Security Rule, which subsequently places them at risk for violations during an audit.

Phase 2 HIPAA Audits on The Horizon

The second phase of audits involving covered entities under the Health Insurance Portability and Accountability Act (HIPAA) are expected to take place within the upcoming months. Covered entities should use this time to perform an in-depth risk assessment, because experts say this year's audits will be tougher and more comprehensive than ever.

HIPAA Breach Notification Deadline Approaches. Are You Ready?

The deadline for covered entities to report data breaches that occurred in 2014 and affected fewer than 500 people is fast approaching. Under the federal Health Insurance Portability and Accountability Act (HIPAA), covered entities are required to notify the Department of Health &amp; Human Services (HHS) by March 1, 2015 for all breaches that occurred in 2014. Covered entities that fail to report such breaches are subject to fines, and in severe circumstances, criminal charges.

What is a Physical HIPAA Safeguard?

Under the Health Insurance Portability and Accountability Act (HIPAA) of 1996, covered entities that collect and/or handle patient information must implement administrative, technical and physical safeguards. When you're busy focusing on administrative and technical safeguards, you may overlook the physical ones.

What To Include in HIPAA Business Associates Agreement

The recent HITECH Act and Omnibus Rule have amended the Health Insurance Portability and Accountability Act (HIPAA) to include business associated of covered entities. Previously, business associates were not responsible for implementing measures to prevent disclosure of PHI. With these new changes, however, business associates found in violation of the HIPAA Privacy and/or Security Rule could face penalties ranging anywhere from $100 to $50,000 per violation.

Are Your Passwords Strong Enough?

The Health Insurance Portability and Accountability Act of 1996 requires covered entities to take certain precautionary measures to protect their patients' data. When you're busy updating installing viruses scanners, setting up firewalls, encrypting your data, and performing other security-related tasks, you might overlook the most basic form of security of all.

HIPAA For Dentists: What You Should Know

A large percentage of dentists overlook the importance of maintaining a HIPAA-compliant practice. This places their patients' health information at risk for disclosure, while subsequently increasing the risk of fines and other penalties being handed down from the Department of Health and Human Services (HHS).

Are Your Medical Devices Secure?

The advent modern technology has paved the way to some ground-breaking medical devices. While many of these devices are responsible for saving lives, there's a hidden risk of cyber attacks that often goes unnoticed. Some people assume that hacking is limited to computers and networks, but this isn't the case.

HIPAA Technical Safeguards For Medical Practices

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 requires covered entities (including medical practices) to implement technical, physical and administrative safeguards to protect patient information.

US Health Insurer Anthem Suffers Massive Cyber Attack

The country's second largest health insurance provider suffered a massive cyber attack earlier this month, resulting in the disclosure of millions of customer and employee records. Anthem, Inc. announced the security breach in a public statement, saying hackers had stole the names, social security numbers, income data, employment data, home addresses and email addresses of 80 million of the company's employees and customers.

What Is The HIPAA 'Omnibus' Rule?

The U.S. Department of Health and Human Services (HHS) published its 'Omnibus Rule' back on January 25, 2013, giving covered entities until September 23 of the same year to comply or be subject to penalties. While the new rule has been active for well over a year now, many physicians, chiropractors, dentists and other covered entities are unaware of its purpose.

HIPAA For Chiropractors: What You Should Know

Many chiropractors wrongfully believe they are immune to the Health Insurance Portability and Accountability Act (HIPAA) of 1996. While the profession isn't classified as a hospital or doctor's office, chiropractic offices are still a covered entity under HIPAA; therefore, chiropractors must familiarize themselves with the laws and rules set forth in HIPAA.

The Importance of HIPAA Security and Privacy Rules

Originally signed into law by U.S. President Bill Clinton in 1996, the Health Insurance Portability and Accountability Act (HIPAA) serves two basic purposes: two protect health insurance for workers and their families if the worker loses his or her job, and to establish national standards for the use, storage, transmission and disposal of patient information by covered entities.

Is Your Healthcare Practice at Risk For a HIPAA Audit?

According to the U.S. Department of Justice (DOJ), there have been over 102,000 HIPAA-related complaints. Granted, some of these complaints are resolved with no consequences taken on behalf of the covered entity, but others result in costly fines or even criminal prosecution. If you run a healthcare practice, you should check the following to determine whether or not you are at risk.

FTC Calls For Tougher HIPAA Laws

The United States Federal Trade Commission (FTC) has called for tougher laws to protect the information of healthcare patients. Under the Health Insurance Portability and Accountability Act (HIPAA) of 1996, employers are required to take both physical and technical measures to prevent the disclosure of patient information, but the FTC says this isn't enough.

HIPAA Breach Notifications 101: What You Should Know

A “breach” – when used in the context of describing the Health Insurance Portability and Accountability Act (HIPAA) – involves the impermissible use and/or disclosure of protected health information. When this occurs, the employer is responsible for notifying the affected parties. Failure to follow the proper protocol regarding HIPAA breaches could result in fines or other consequences.

Did You Know? Fast Facts About HIPAA

Originally passed in 1996, the Health Insurance Portability and Accounting Act (HIPAA) is a dual-purpose law which aims to protect health insurance coverage for employees and their families during a transition to a new job (Title I), and to establish national standards for healthcare transactions (Title II).

Sony Pictures Says HIPAA Data Was Compromised

The recent data breach at Sony Pictures Entertainment was one of the most damaging and costliest cyber attacks in U.S. history. Among the stolen data includes email correspondences between Sony executives and actors, employees' salary, social security numbers, and HIPAA-protected health records.

Top 5 HIPAA Mistakes Made By Dentists

Here is our top 5 list for HIPAA mistakes made by dentists (and other medical professionals).

Sharing PHI within Your Organization

Sharing information is a necessity when working in the healthcare field. Doctors, nurses and the administration team often need to collaborate on information in order to diagnose, prescribe medication, design a treatment plan and bill patients accurately. Although, a significant amount of communication is done, it is crucial that the privacy of the patient is protected. There are steps that organizations can follow to make sure personal and sensitive information is protected at all times.

Dentist Sued for HIPAA Violations After License Revoked

HIPAA is more than legislation. It is meant to protect consumers. This is about a dentist that lost his license and then was sued for improperly disposing of patient records. While what he did was shocking, are you guilty of doing the same thing digitally?

Texting and HIPAA's Doctor to Doctor Communications Guidelines

Every doctor since 2003 has needed to maintain a strict adherence to HIPAA guidelines. But that can sometimes come at a high risk for patients in need of urgent medical care whose doctor needs to relay important information to another doctor. Texting seems like a fast alternative to phone calls, emails, and face-to-face meetings, especially in urgent situations. But how does texting fit in with to the boundaries set by HIPAA for doctor-to-doctor correspondence?

Latest HIPAA Settlement Highlights Importance Of Regular Compliance Updates

Earlier this month, the Office for Civil Rights issued its first HIPAA compliance fine under their new director Jocelyn Samuels. With the sharp increase in cyber attacks, this fine shows the need to keep your compliance plan up to date.

What To Expect From HIPAA Compliance In The New Year

While we don't have a crystal ball, we have our own predictions for HIPAA in the New Year. If you have a subscription, you can sign in to read the predictions below.

Moving Beyond 'Just' HIPAA Compliance

You know that it is absolutely necessary for your company to be HIPAA compliant, but only doing enough to achieve and maintain compliance can still put you at risk when things go wrong. While some of these have an impact on HIPAA compliance, most are just “good business”. Here is a list to keep your company ahead of the curve when it comes to compliance.

Cyber Crime Numbers – HIPAA Nightmares Waiting to Happen

A study published earlier this year demonstrated how challenging it is for organizations to meet HIPAA Compliance for patient data protection. Even when healthcare providers fulfilled HIPAA requirements, the study showed major security risks and breaches.

HIPAA Non-Compliance Case Results in High Fine

Due to a malware infection, this facility was charged one of the highest fines levied by the Department of Health and Human Services.

Checklist - Choosing a HIPAA Compliant Cloud Provider

Cloud software is quickly becoming the norm for many businesses, but those businesses in the healthcare sector that need to adhere to HIPAA guidelines face additional security and privacy concerns that non-healthcare related businesses don't need to worry about. For any cloud system that stores PHI, it must be HIPAA compliant.  Here is a checklist you can go through to see if your cloud provider is HIPAA compliant.

7 Factors Potentially Affecting Your HIPAA Risk Assessment

Here are 7 items that you need to consider with HIPAA and your required risk assessment.

5 More Ways Ensure Computer System Stays HIPAA

You know that HIPAA compliance is important and necessary for the well being of your practice and for your patients' privacy. Computer security is an important aspect in keeping patients' records private, but how can you make sure the computers in your office are HIPAA compliant?

Can HIPAA Rules be Set Aside?

This question has arisen in recent months during the Ebola scare. Can a health care facility give out protected data without the patient's permission if it concerns public health?

How to Prevent Viruses and Malware

Virus and malware programs often change browser settings, alter system files and create new default Web pages. Typically, infected systems are plagued with new tool bars and a constant barrage of pop-up ads. More importantly, malware also causes computers to perform poorly. In some cases, your files may be encrypted and held ransom.  The following are a few simple tips to keep in mind in order to prevent virus/malware infecting your computer.

Keep PHI Out of Marketing For HIPAA Compliance

Much of the enforcement attention surrounding HIPAA involves ensuring that patient data is secure from hackers and security breaches. But a more comprehensive approach to HIPAA compliance includes awareness that this patient health information (PHI) must also be protected against being used inappropriately for marketing.

Breakdown of the HIPAA Technical Requirements

The technical safeguards portion of the HIPAA focuses on regulations for the technology with access to ePHI. These security standards were designed to be 'technology neutral.' This section can easily be split into five main categories.

Checklist - 6 Ways to Become HIPAA Compliant

HIPAA has greatly affected the medical and insurance industry. It laid down standards for health providers, plans and clearinghouses that holds them legally responsible for keeping medical information private regarding their customers.. The consequences include heavy fines and possibly jail time. For this reason, it's truly important that your office be HIPAA compliant. Below is a simple HIPAA checklist - six ways to get your office in order in regards to this act.

Breakdown of the HIPAA Physical Requirements

In an earlier post we broke down the Administrative section if the HIPAA, looking at specifically what needed to be done to be compliant in that category. In this post we will do the same with the Physical requirements section.

HIPAA Violations and Consequences Overview

Even non-compliance without knowing can cost a business dearly. On February 17, 2009 the American Recovery and Reinvestment Act was signed into effect. This Act established a tiered collection of fines for non-compliance with the HIPAA and their severity based on criminal intent and individual circumstance. Both fines and jail time can be levied.

Breakdown of the HIPAA Administrative Requirements

Admin requirements are simply the steps that the administration of a business or company must take to ensure the safety of their clienteles PHI and ePHI. These policies govern the conduct of the workforce, putting in place safeguards and practices to ensure a client’s sensitive information is secure. When putting in place a HIPAA compliance program, there are nine basic standards which make up the Administrative section.

New CA Law Brings HIPAA Protections to Mobile Apps

Health IT companies are aiming to go where the patients spend their time and get their information and increasingly, that’s the mobile device. But while the plethora of health care mobile apps gives patients countless choices, the stark reality is that there’s no requirement that commercially available apps comply with federal law intended to protect patient information and patient privacy.

A Comprehensive HIPAA Compliance Checklist

The Health Insurance Portability and Accountability Act (or simply HIPAA) enacted August 21st, 1996, outlines a series of guidelines to be followed by any company handling Protected Health Information (or PHI). Here is a comprehensive checklist of HIPAA compliance measures. Of course your unique situation may be different and any uncertainties should be addressed by a professional.

Factors to Consider in HIPAA Compliance

One of the most important things your business can do is to ensure that you stay in HIPAA compliance. HIPAA protects consumers from having their health or health insurance information accessed by third parties, protects them from such information being used against them, and ensures the privacy of their medical information. As a business owner, your responsibility is to protect this information.

The revised BAA deadline is fast approaching!

A final deadline for the HIPAA Omnibus rule in which healthcare organizations must ensure business associate agreements are revised and ready by Sept. 22. Is your organization ready?

6 Myths about HIPAA Security Risk Assessments

HIPAA requires organizations that handle PHI (protected health information) to regularly review administrative, physical and technical safeguards they have to protect the security of patient information. Learn about 6 of the most common myths surrounding the required assessments.

Where is my data?

With the introduction of HIPAA over the last several years, your IT role has expanded to include information security. One of the most important yet confusing aspects of information security is identifying what information needs to be secure, and where that information is located.

Let them know!

How can you set yourself apart in a connected world with your customers and show you are following HIPAA to help keep them protected?

Why HIPAA?

With information that becomes more accessible or convenient, there is generally a down side. All of that information about your health is private, and being available anywhere puts your privacy at risk to thieves or hackers.

Subscribe to our mailing list

* indicates required