Healthcare & HIPAA Compliance Articles

Malware

As the need and dependency of people and businesses on computers, mobile gadgets, electronic data, and a variety of programs and applications consistently...

How Encryption plays an important role in HIPAA Security

The University of Rochester Medical Center (URMC) has paid a $3 million HIPAA penalty to the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services...

Security Incidents and Sanction Policy

• Forgotten to remove access of a departing employee?

• Forgotten to collect devices with potential PHI from departing employees?...

ID Theft and ID Protection

On March 23, 2021, acting United States Attorney M. Rhett DeHart announced that according to the Federal Bureau of Investigation’s 2020 Internet Crime Report, South Carolinians lost more than...

Embracing HIPAA Security at Home and at Work

We certainly live in interesting times. I mean, my mother that is 87 years old, received a tablet for her Christmas present. My three-year-old grandson uses his mother's cell phone...

Do you have a Business Associate Agreement with your vendors?

Business Associates

In an ideal world, each healthcare provider (aka Covered Entity) has a...

Password Management in HIPAA Compliance

Does HIPAA mention anything about passwords?

Yes. Password and Password Management are explicitly stipulated in the following provisions:

First, under "Definitions" [45 CFR 164.304] of the "Security...

Access Controls

§ 164.312(a)(1)

Allow access to ePHI only to those granted access rights. Implementation specifications under Access Control...

What is Accounting of Disclosures?

Also known as Accounting of Disclosures of Protected Health Information, it is a mandate under 45 CFR § 164.528 of the Security and Privacy, Subpart E - Privacy of Individually Identifiable Health Information...

CISA and AHA issue urgent warnings: CYBERTHREAT on US Healthcare Organizations

With the current critical and dangerous events unfolding, there is no avoiding discussion of unsettling threats – particularly cyber threats...

IN A GLANCE: HIPAA Security Officer, Security Incidents, and Sanction Policy

Q: Is a HIPAA Security Officer necessary? Can we make do without having one? A: The short answer is "No."...

Open Notes as Mandated by the 21st Century Cures Act: A Clinician's Condensed Guide

In 2016, the 21st Century Cures Act came into effect under President Obama; as of April 5th, 2021, the program rule on...

Do Business Associates have direct liability under HIPAA?

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), issued a fact sheet enumerating a list of HIPAA...

Is Encryption Essential in HIPAA Compliance?

“Encryption is a method of converting an original message of regular text into encoded text. The text is encrypted by means of an algorithm...

HIPAA Physical Safeguards and Workstation Security

Physical Safeguards (45 CFR § 164.304) refers to physical measures, policies, and procedures to protect a covered entity’s or business...

System Patch Management Role in HIPAA Security

By this time you should have a basic understanding of cybersecurity, cyber attacks, cyber tools, and malware. If you need a refresher on these...

The Flexibility of Approach Clause on HIPAA Policies and Procedures

The words "policies" and "procedure(s)" are not specifically defined in HIPAA. However, in the publication...

Know what HIPAA says: Security Officer, Security Incidents, and Sanction Policy

Assigning a HIPAA Security Officer is one of the mandates of HIPAA as indicated in 45 CFR § 164.308 (a) (2). It specifically...

Aetna to pay $1 million in fines plus Corrective Action Plan for HIPAA breaches according to OCR HHS findings

Aetna has entered into a resolution agreement with the Office of the Civil Rights (OCR), U.S. Department of Health and Human Services...