The Compliancy Group's HIPAA Blog

PHI Protection for 50 Years After Death

Protected health information (PHI) is any individually identifying health information classified by the Department of Health and Human Services (HHS) into 18 identifiers, such as name, date of birth, address, payment information, treatment information, etc. The Health Insurance Portability and Accountability Act (HIPAA) mandates that organizations that work with PHI have safeguards in place in the form of administrative, technical, and physical, to protect PHI. Safeguarding PHI is extremely [...]

Compliancy Group2020-01-20T10:32:55-05:00January 20th, 2020|

When Can a Covered Entity Deny a Request to Amend PHI?

The HIPAA Privacy Rule grants permits patients to request that PHI contained in their medical records, be amended. The right is not unlimited, however, and a covered entity may deny a request to amend PHI under several circumstances. What is the HIPAA Privacy Rule Right to Amend PHI? Under the HIPAA Privacy Rule, covered entities must honor certain patient requests to amend protected health information (PHI). Generally, a patient [...]

Compliancy Group2020-01-17T17:12:35-05:00January 17th, 2020|

HIPAA Role-Based Access

HIPAA Role-Based Access is a key concept of the HIPAA Security Rule. Under the Security Rule, healthcare organizations are required to implement access controls. Access controls are a security technique that restrict access to an organization’s network to those individuals for whom access is required. What is HIPAA Role-Based Access? Under the technical safeguards provision of the HIPAA Security Rule, covered entities and business associates must implement technical policies [...]

Compliancy Group2020-01-16T13:07:23-05:00January 16th, 2020|

HIPAA Right of Access Noncompliance

A recent report from Ciitizen, a patients’ rights advocacy group, has revealed more than half of healthcare providers (51%) are not fully compliant with the HIPAA Right of Access provision under the HIPAA Privacy Rule. Acting with authorization from patients, Ciitizen made requests for copies of patient records from 169 medical providers. The results indicate widespread HIPAA Right of Access compliance. What is HIPAA Right of Access Noncompliance? HIPAA [...]

Compliancy Group2020-01-15T10:08:38-05:00January 14th, 2020|

300,000 Patients Affected by December Healthcare Breaches

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) reported 34 December healthcare breaches, affecting 313,249 patients. Of the reported incidents, there were 18 breaches due to hacking/IT incidents, 10 breaches from the unauthorized access/disclosure of protected health information (PHI), 3 breaches due to loss, 2 breaches due to theft, and one breach due to improper disposal of PHI. Are you following HIPAA law? Find [...]

Monica McCormack2020-01-16T13:02:14-05:00January 13th, 2020|

Banner Health Settles Data Breach Lawsuit

Banner Health is a non-profit healthcare organization based in Phoenix, Arizona. It operates a total of 34 hospitals and specialized facilities across six states. Banner employs over 50,000 employees. Recently, Banner agreed to settle a data breach lawsuit for $6 million. What Are the Details of the Data Breach Lawsuit? In August of 2016, a class-action data breach lawsuit was filed against covered entity Banner Health in federal court [...]

Compliancy Group2020-01-10T12:26:41-05:00January 10th, 2020|

HIPAA Cloud Service Providers

Cloud service providers (CSP) are businesses that provide network services, business applications, or infrastructure, in the cloud. The services are hosted in a remote data center that can be accessed through a company network connection. Cloud service providers that create, receive, maintain, or transmit electronic protected health information (ePHI) on behalf of a covered entity or business associate, are considered HIPAA business associates. HIPAA cloud service providers must comply [...]

Monica McCormack2020-01-08T17:00:29-05:00January 8th, 2020|

MSP Security Rule Compliance

A managed service provider (MSP) is an entity that remotely manages a covered entity’s IT infrastructure, and/or end-user systems. Managed service providers who work with clients in the healthcare sector must comply with the HIPAA Security Rule. Under the HIPAA Security Rule, MSPs must perform a security risk analysis. What Does MSP Security Rule Compliance Consist of? MSP Security Rule compliance has several components. One central component is performing [...]

Compliancy Group2020-01-09T09:01:28-05:00January 7th, 2020|

HIPAA Privacy Complaints Lead to More Informal Intervention Efforts

The numbers seem to paint an odd picture. In 2018, the federal Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) received 25,912 health information privacy complaints - HIPAA privacy complaints relating to the HIPAA Privacy Rule and the HIPAA Security Rule. The annual number of HIPAA privacy complaints has gone up each year since 2015. The number of HIPAA privacy complaints - and required corrective [...]

Compliancy Group2020-01-06T16:53:29-05:00January 6th, 2020|

Electronic Health Information Exchange and HIPAA

Under the HIPAA Privacy Rule, the use or disclosure of protected health information (PHI) is permitted for treatment purposes. Electronic health information exchange - a method of data transmission allowing healthcare professionals and patients to access and secure PHI electronically - facilitates quality treatment, without running afoul of the HIPAA Privacy Rule or the HIPAA Security Rule. What is Electronic Health Information Exchange? Electronic health information exchange (HIE) is [...]

Compliancy Group2020-01-06T16:44:34-05:00January 3rd, 2020|