The Compliancy Group's HIPAA Blog

Proposed Stark Law and Anti-Kickback Law Reforms

In October of 2019, the Department of Health and Human Services (HHS) announced proposed changes to modernize and clarify the regulations that interpret the Physician Self-Referral Law (known as the “Stark Law”) and the Federal Anti-Kickback Statute. According to HHS, the proposed rules provide greater certainty for healthcare providers participating in value-based arrangements and providing coordinated care for patients. Value-based arrangements aim to provide patients with affordable access to [...]

Compliancy Group2019-10-18T09:12:04-04:00October 18th, 2019|

Is AWS HIPAA Compliant?

Amazon Web Services (AWS) is a cloud-based service used by healthcare providers and their vendors to store, process, and transmit protected health information (PHI). Under the Health Insurance Portability and Accountability Act (HIPAA), AWS is considered a business associate (BA). As a business associate, before a healthcare entity can use AWS they must first secure a business associate agreement (BAA). Additionally, whenever considering a vendor, healthcare entities must ensure [...]

Compliancy Group2019-10-17T09:54:40-04:00October 17th, 2019|

Beazley Breach Insights Report Notes Increased OCR Enforcement Activity

An August, 2019 report from the Beazley Group, a well-known Lloyd’s of London Risk Underwriter Participant, should put to rest the belief that Office for Civil Rights (OCR) enforcement activity with respect to HIPAA, is less active under the current presidential administration. A Beazley Breach Response Services analysis of 2018 OCR enforcement activity reveals that in 2018, OCR enforcement of the HIPAA regulations was quite thorough. The analysis includes [...]

Compliancy Group2019-10-16T14:12:03-04:00October 16th, 2019|

Patient Data Exposed in Philadelphia Department of Public Health Breach

Patient protected health information (PHI) is extremely sensitive, especially diagnostic information. On Friday, Philadelphia Department of Public Health was informed that the PHI of individuals diagnosed with hepatitis B and C from 2013 to 2018, was available to the public on their website. A reporter discovered the incidents and informed the government agency. The exposed patient data was removed immediately upon the Department’s notification. The information was uploaded to [...]

Compliancy Group2019-10-16T09:07:51-04:00October 16th, 2019|

HIPAA Cybersecurity – Zero Day Exploits

Covered entities (health plans, health care clearinghouses, and health care providers who electronically transmit any health information in connection with a HIPAA-related transaction) and business associates (read more about business associates here) must comply with the HIPAA Security Rule. They must do so by developing security safeguards that protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, [...]

Compliancy Group2019-10-14T10:06:55-04:00October 14th, 2019|

What is the Emotet Trojan?

The Emotet Trojan is malware that first emerged about five years ago, as a banking trojan. Since that time, the trojan has evolved. Today, Emotet can be found in combination with other banking trojans, information stealers, email harvesters, self-propagation mechanisms, and ransomware. What are the Dangers of Emotet? Covered entities and business associates may be at risk of an Emotet attack because of the unique manner in which Emotet [...]

Compliancy Group2019-10-11T15:41:52-04:00October 11th, 2019|

HIPAA Law on Advertising – Patient Testimonials

Patient testimonials are a staple of provider advertising. Solid testimonials can translate into new patients, and with that, increased profits for your practice. Before you can post testimonials, though, you must familiarize yourself with HIPAA law on advertising - specifically, those HIPAA regulations that address patient authorization form requirements. What is the HIPAA Law on Advertising? The HIPAA Privacy Rule requires that you obtain valid, written authorization from a [...]

Compliancy Group2019-10-11T09:49:48-04:00October 11th, 2019|

Phishing Attack on NCH Healthcare Leaves 73 Email Accounts Compromised

Florida-based NCH Healthcare System recently fell victim to an email phishing attack, which allowed an unauthorized individual to gain access to certain NCH employee email accounts. NCH has provided potentially affected individuals with notice of the incident, as required by law. What Is Known about the Phishing Attack? NCH, a large covered entity that employs over 5,000 people, first detected the phishing attack in mid-June of 2019, when NCH [...]

Compliancy Group2019-10-10T15:10:33-04:00October 10th, 2019|

Ransomware Attack Shuts Down Healthcare Provider

Recently, healthcare provider Wood Ranch Medical’s computer system was the victim of a ransomware attack. The ransomware attack resulted in the encryption of approximately 6,000 patients’ protected health information. Wood Ranch Medical (WRM) has been unable to restore patients’ healthcare records. Encryption takes your data or written text/PHI and turns it into unreadable text using software or algorithms. This unreadable text can only be deciphered through an encryption key [...]

Compliancy Group2019-10-09T15:39:40-04:00October 9th, 2019|

How to Limit Cost of Data Breach

Ponemon Institute conducted their “Cost of a Data Breach Report” in conjunction with IBM Security, in which they surveyed more than 500 organizations. The report cited that the average cost of a data breach is $3.92 million. With the cost of data breaches rising significantly, it is important to understand how to mitigate the costs. The report indicated that the most effective way to limit the cost of data [...]

Compliancy Group2019-10-14T16:40:00-04:00October 8th, 2019|