Category Archives: HIPAA

Business Associate Agreement

Why Must Covered Entities Have a Business Associate Agreement? Both the HIPAA Privacy Rule and the HIPAA Security Rule require that a HIPAA covered entity enter into a business associate agreement with each of its business associates. A “business associate” is a person or entity, other than a member of the workforce of a covered… Read More »

HIPAA Employee Training: Training Staff on HIPAA Security

HIPAA Employee Training: Training Staff on HIPAA Security Covered entities should make employee HIPAA training on security for employees a top priority. HIPAA-compliant security training should foster in employees an understanding of HIPAA Security Rule principles, and data security practices. When a covered entity is faced with the prospect of a Department of Health and… Read More »

HIPAA Risk Assessment

HIPAA Risk Assessment Under the HIPAA Security Rule, covered entities and business associates must perform a HIPAA Risk Assessment. This risk assessment is referred to by several names, including “Security Rule Risk Assessment,” “Security Rule Risk Analysis,” “Security Risk Assessment,” or “Security Risk Analysis.”  What is the Purpose of a HIPAA Risk Assessment? A HIPAA… Read More »

HIPAA Notice of Privacy Practices

HIPAA Notice of Privacy Practices: Timing The HIPAA Privacy Rule requires health plans and covered health care providers to develop and distribute a notice that provides a clear, user-friendly explanation of individuals’ rights with respect to their personal health information (PHI), and the privacy practices of health plans and health care providers. This page provides… Read More »

Canadian HIPAA: PIPEDA and the Provinces

Canadian HIPAA: PIPEDA and the Provinces The “Canadian HIPAA” is known as the Personal Information Protection and Electronic Documents Act, or PIPEDA. This “Canadian HIPAA” is notably different from HIPAA in several aspects. Most significantly, under PIPEDA, the data that is protected is not limited to individual health information. All personal data, health or otherwise,… Read More »

Free HIPAA Training: You Get What You Pay For

Many companies claim to offer “Free HIPAA Training,” promising to train you and your workforce in all aspects of the HIPAA law and HIPAA rules. Many of these same companies claim that, through their “Free HIPAA Training Process,” you, the trainee, will become “HIPAA-certified.” Cliches are often cliches are a reason; with respect to these… Read More »

HIPAA and Law Enforcement

The HIPAA regulation found at 45 C.F.R. § 164.512 allows for uses and disclosures of protected health information (PHI) that do not require individual consent, authorization, or an opportunity to agree or consent. HIPAA and law enforcement are mentioned frequently in this provision. Individual privacy rights under HIPAA and law enforcement needs to keep the… Read More »

HIPAA Canada: PIPEDA

HIPAA Canada: PIPEDA The “HIPAA Canada” is known as the Personal Information Protection and Electronic Documents Act, or PIPEDA. This “HIPAA Canada” is notably different from HIPAA in several aspects. Most significantly, under PIPEDA, the data that is protected is not limited to individual health information. All personal data, health or otherwise, is protected by… Read More »

3 Steps to Bolster Healthcare Cybersecurity

3 Steps to Bolster Healthcare Cybersecurity Healthcare cybersecurity is an issue that has become a major topic of discussion for anyone working in healthcare. Healthcare breaches are rapidly increasing, with millions of patients affected by healthcare breaches so far this year. As healthcare cybersecurity is top-of-mind, the following are steps that you can take to… Read More »

HIPAA Compliance and Working From Home

HIPAA Compliance and Working From Home When businesses choose to have their employees work from home there is a lot to consider, especially if those businesses work with protected health information (PHI). HIPAA compliance and working from home can be a difficult feat, as HIPAA Privacy Rule and Security Rule standards must be upheld. HIPAA… Read More »