Category Archives: HIPAA

U.S. Senate Considers Making Telehealth Policies Permanent

Recently, the U.S. Senate Health, Education, Labor, and Pensions (HELP) Committee met to discuss telehealth policies. In the wake of the COVID-19 crisis, the federal government adopted a number of regulations related to telehealth. The HELP Committee is strongly considering making many of these regulations permanent. What is the Purpose of Telehealth Policies? Telehealth policies… Read More »

The HIPAA Breach Notification Rule: What is a Breach, And What is Not a Breach?

The HIPAA Breach Notification Rule requires HIPAA-covered entities and their business associates to provide notification following a breach of unsecured protected health information (PHI).  The rule defines both what constitutes a breach, as well as the exceptions to that general definition. What is the Definition of a “Breach”? Generally, a breach is an impermissible (unauthorized)… Read More »

Business Associate Agreement

Why Must Covered Entities Have a Business Associate Agreement? Both the HIPAA Privacy Rule and the HIPAA Security Rule require that a HIPAA covered entity enter into a business associate agreement with each of its business associates. A “business associate” is a person or entity, other than a member of the workforce of a covered… Read More »

HIPAA Employee Training: Training Staff on HIPAA Security

HIPAA Employee Training: Training Staff on HIPAA Security Covered entities should make employee HIPAA training on security for employees a top priority. HIPAA-compliant security training should foster in employees an understanding of HIPAA Security Rule principles, and data security practices. When a covered entity is faced with the prospect of a Department of Health and… Read More »

HIPAA Risk Assessment

HIPAA Risk Assessment Under the HIPAA Security Rule, covered entities and business associates must perform a HIPAA Risk Assessment. This risk assessment is referred to by several names, including “Security Rule Risk Assessment,” “Security Rule Risk Analysis,” “Security Risk Assessment,” or “Security Risk Analysis.”  What is the Purpose of a HIPAA Risk Assessment? A HIPAA… Read More »

HIPAA Notice of Privacy Practices

HIPAA Notice of Privacy Practices: Timing The HIPAA Privacy Rule requires health plans and covered health care providers to develop and distribute a notice that provides a clear, user-friendly explanation of individuals’ rights with respect to their personal health information (PHI), and the privacy practices of health plans and health care providers. This page provides… Read More »

Canadian HIPAA: PIPEDA and the Provinces

Canadian HIPAA: PIPEDA and the Provinces The “Canadian HIPAA” is known as the Personal Information Protection and Electronic Documents Act, or PIPEDA. This “Canadian HIPAA” is notably different from HIPAA in several aspects. Most significantly, under PIPEDA, the data that is protected is not limited to individual health information. All personal data, health or otherwise,… Read More »

Free HIPAA Training: You Get What You Pay For

Many companies claim to offer “Free HIPAA Training,” promising to train you and your workforce in all aspects of the HIPAA law and HIPAA rules. Many of these same companies claim that, through their “Free HIPAA Training Process,” you, the trainee, will become “HIPAA-certified.” Cliches are often cliches are a reason; with respect to these… Read More »

HIPAA and Law Enforcement

The HIPAA regulation found at 45 C.F.R. § 164.512 allows for uses and disclosures of protected health information (PHI) that do not require individual consent, authorization, or an opportunity to agree or consent. HIPAA and law enforcement are mentioned frequently in this provision. Individual privacy rights under HIPAA and law enforcement needs to keep the… Read More »

HIPAA Canada: PIPEDA

HIPAA Canada: PIPEDA The “HIPAA Canada” is known as the Personal Information Protection and Electronic Documents Act, or PIPEDA. This “HIPAA Canada” is notably different from HIPAA in several aspects. Most significantly, under PIPEDA, the data that is protected is not limited to individual health information. All personal data, health or otherwise, is protected by… Read More »