The Compliancy Group's HIPAA Blog

HIPAA Appointment Reminders

The HIPAA Privacy Rule permits covered entities to use and disclose protected health information (PHI) for treatment, payment, and healthcare operations activities. HIPAA appointment reminders constitute the treatment of an individual, and therefore, can be made without an authorization. Do you have an effective HIPAA compliance program? Find out now by completing the HIPAA compliance checklist. HIPAA Appointment Reminders and the HIPAA Privacy Rule The HIPAA Privacy Rule established [...]

Compliancy Group2019-11-15T11:05:51-05:00November 15th, 2019|

Google Project Nightingale: Access to Patient Data Not a HIPAA Violation

Google is one of the largest public companies in the world. Ascension Medical Group is the largest Catholic healthcare system in the United States. A recent report in the Wall Street Journal has confirmed that the two companies are working on something big: Project Nightingale. According to Ascension in a joint press release with Google, through Project Nightingale, Ascension “is working with Google to optimize the health and wellness [...]

Compliancy Group2019-11-14T09:47:07-05:00November 14th, 2019|

HIPAA Compliant Laptops

HIPAA regulations require healthcare organizations and individual care providers to take measures to keep patient data secure. Failure to do so can result in fines, if an organization suffers a breach of unsecured PHI. The HIPAA Security Rule requires that mobile devices be rendered secure. Security Rule requirements needed for HIPAA-Compliant laptops are discussed below. What is a Security Risk Assessment? The HIPAA Security Rule requires that covered entities [...]

Compliancy Group2019-11-13T11:20:40-05:00November 13th, 2019|

5 Office Guidelines for Complying with HIPAA

As covered entities under HIPAA, medical offices are subject to the HIPAA Privacy Rule and the HIPAA Security Rule. Below are five office guidelines for complying with HIPAA. What are Five Office Guidelines for Complying with HIPAA? 1. Office Guidelines for Complying with HIPAA #1: Provide HIPAA training to employees. 2. Office Guidelines for Complying with HIPAA #2: Conduct the annual HIPAA Security Rule Security Risk Assessment. 3. Office [...]

Compliancy Group2019-11-12T16:17:45-05:00November 12th, 2019|

What are HIPAA Operating System Requirements?

The HIPAA Security Rule, requires covered entities and business associates to develop effective administrative, technical, and physical safeguards to ensure protected health information (PHI) is secure. The Security Rule does not impose minimum HIPAA operating system requirements for a business’ computer systems. Indeed, the HIPAA Security Rule generally does not impose any specific HIPAA software requirements (including HIPAA operating system requirements) on entities. No provision of the Security Rule [...]

Monica McCormack2019-11-11T16:20:30-05:00November 11th, 2019|

Texas Health and Human Services Commission Fined $1.6 Million by OCR

The Texas Health and Human Services Commission (TX HHSC) is a Texas government state agency. Its charge is to improve the health, safety and well-being of Texans with good stewardship of public resources. TX HHSC, which is part of the broader Texas Health and Human Services system, which: Operates state-supported living centers; Provides mental health and substance abuse services; Regulates child care and nursing facilities; and Administers programs for [...]

Compliancy Group2019-11-08T09:52:20-05:00November 8th, 2019|

$3 Million HIPAA Settlement Reached for Lack of Device Encryption

The Office for Civil Rights (OCR) issued a press release on November 5, 2019 discussing a $3 million HIPAA settlement reached with the University of Rochester Medical Center (URMC). URMC filed two separate breach reports in 2013 and 2017, both in reference to unencrypted devices that stored protected health information (PHI). The healthcare breaches stemmed from the loss of an unencrypted flash drive and the theft of an unencrypted [...]

Compliancy Group2019-11-07T14:02:35-05:00November 7th, 2019|

Transporting PHI: HIPAA On the Road

PHI in transit consists of either paper documents or records, or portable media and devices. The physical safeguard provisions of the HIPAA Security Rule require covered entities to protect any portable media or devices, whether permanently stationed or in transit. The HIPAA Privacy Rule also requires covered entities to implement physical safeguards to protect all forms of PHI, including any paper records containing PHI. Transporting PHI therefore implicates aspects [...]

Compliancy Group2019-11-07T10:49:22-05:00November 7th, 2019|

Extensive Noncompliance with HIPAA Right to Access

medRxiv, a health manuscript archiving company, conducted a study in which they sent 51 healthcare providers medical record request. The purpose of the study was to determine if healthcare providers are compliant with the HIPAA right to access. However, the record request had practical applications as medRxiv used requested records to create a legitimate consumer platform that facilitates patient access to their medical records. Requests were made for 30 [...]

Monica McCormack2019-11-06T15:45:24-05:00November 6th, 2019|

152,000 Patients Affected by St. Louis Medical Center Ransomware Attack

A ransomware attack beginning in September has left Betty Jean Kerr People’s Health Centers scrambling. The health center declined to pay the ransom, as such they are unable to access their computer networks. However, they have hired a forensic information tech firm to try to recover the patient data. Protected health information (PHI) that may have been exposed in the ransomware attack includes patient names, addresses, dates of birth, [...]

Compliancy Group2019-11-05T15:26:54-05:00November 5th, 2019|