The HHS’ Office for Civil Rights (OCR) has announced its first HIPAA enforcement action of 2023, which serves as a reminder that individuals and their personal representatives must be provided with timely access to their medical records. Life Hope Labs, LLC, has agreed to settle the case and will pay a $16,500 penalty. 43 Enforcement… Read More »
Ransomware attacks continue to be conducted on healthcare organizations in high numbers but determining the extent to which healthcare organizations are being targeted by ransomware gangs is a challenge. Victims of ransomware attacks do not always report the incidents as involving ransomware, and ransomware gangs do not publicly disclose attacks when ransoms are paid. The… Read More »
The information risk management, standards, and certification body, HITRUST, has announced that it will be releasing a new version of its popular cybersecurity framework this month. Version 11 of the HITRUST CSF includes several improvements to ensure the framework stays relevant, with improved mitigations against evolving and emerging cyber threats, while reducing the burden on… Read More »
The majority of HIPAA-covered entities, business associates, and healthcare employees take great care to ensure HIPAA Rules are followed, but what happens when there is accidental HIPAA The majority of HIPAA-covered entities, business associates, and healthcare employees take great care to ensure HIPAA Rules are followed, but what happens when there is an accidental HIPAA… Read More »
Healthcare organizations and their business associates that want to share protected health information in a HIPAA-compliant way must do so in accordance with the HIPAA Privacy Rule, which limits the possible uses and disclosures of PHI, but de-identification of protected health information means HIPAA Privacy Rule restrictions no longer apply. HIPAA Privacy Rule restrictions only… Read More »
The issue of how to secure patient information and PHI is challenging because HIPAA does not require all patient information to be secured. Additionally, if Protected Health Information (PHI) is secured too much, it can prevent the flow of information needed to perform treatment, payment, and healthcare operations efficiently. To best explain how to secure… Read More »
A limited data set under HIPAA is a set of identifiable healthcare information that the HIPAA Privacy Rule permits covered entities to share with certain entities for research purposes, public health activities, and healthcare operations without obtaining prior authorization from patients, if certain conditions are met. In contrast to de-identified protected health information, which is… Read More »
Throughout the text of the Health Insurance Portability and Accountability Act (HIPAA) a lot of content connects HIPAA law and employers. From the exclusions to guaranteed health plan renewability in Title I to the conditions for deducting loan interest on life insurance plans in Title V, there are plenty of HIPAA laws for employers to… Read More »
The Health Insurance Portability and Accountability Act (HIPAA) is a landmark piece of legislation, but why is HIPAA compliance important? What changes did HIPAA introduce and what are the benefits to the healthcare industry and patients? HIPAA was introduced in 1996, primarily to address one particular issue: Insurance coverage for individuals that are between jobs.… Read More »
HIPAA requires covered entities to provide training to staff to ensure HIPAA Rules and regulations are understood. During HIPAA training, healthcare employees should be aware of the possible penalties for HIPAA violations, but what are those penalties, and what happens if you break HIPAA Rules? What Happens if You Break HIPAA Rules? If you break… Read More »