West Georgia Ambulance Pays $65K fine for HIPAA Violations

The Office for Civil Rights of the Department of Health and Human Services has saved an announcement of HIPAA penalties for literally the day before the end of 2019. On December 30, through a press release, OCR announced it has entered into a resolution agreement with West Georgia Ambulance, Inc. on December 23. The agreement requires West Georgia to pay a fine in the amount of $65,000. What HIPAA [...]

2020-01-06T16:30:23-05:00January 2nd, 2020|

Accidental Disclosure of PHI

Even when a covered entity or business associate maintains an effective HIPAA compliance program, an accidental disclosure of PHI may be made. For example, an employee may accidentally view patient records. A mailing may be sent to the wrong recipient. This article discusses how covered entities and business associates should respond in the event of an accidental PHI disclosure or HIPAA violation. How Should Covered Entity Employees Respond to [...]

2020-01-06T16:07:43-05:00December 30th, 2019|

5 HIPAA Covered Entity Employee Tips

Covered entities’ employees play an important role in keeping PHI and ePHI secure. The following HIPAA covered entity employee tips can be used by your organization as part of a broader privacy and security effort.  Five HIPAA Covered Entity Employee Tips - reminders that covered entity employees should give their workforce - include: HIPAA Covered Entity Employee Tips, Tip 1: Employees should never share login credentials. Since login information [...]

2020-01-06T15:58:29-05:00December 27th, 2019|

HIPAA Compliance and AI Solutions

With the growing use of artificial intelligence (AI) solutions in the healthcare industry, executives must ensure that the technology that their organization is using is HIPAA compliant. HIPAA compliance is a complex issue that is constantly evolving to incorporate advancements in technology.  Part of the issue with securing data is the amount of data that is collected from users on a daily basis. The healthcare industry is adopting new [...]

2020-01-14T16:30:21-05:00December 26th, 2019|

HIPAA Security Rule: Risk Analysis Review and Updating

The HIPAA Security Rule requires that covered entities (health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information in connection with a HIPAA related transaction), and business associates, implement security safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any electronic format. Performing a security risk analysis [...]

2020-01-06T15:35:01-05:00December 24th, 2019|

FBI Ransomware Guidance Issued

In early October of 2019, the Department of Justice issued FBI Ransomware Guidance. The FBI Ransomware Guidance is a public service announcement that contains updated information about the ransomware threat. This FBI Ransomware Guidance updates and is a companion to to Ransomware PSA I-091516-PSA posted on www.ic3.gov in 2016. What is Included in Latest FBI Ransomware Guidance? The FBI Ransomware Guidance begins with the definition of ransomware. Ransomware is [...]

2020-01-06T11:56:22-05:00December 23rd, 2019|

The OCR HIPAA Violation Complaint Portal and Portal Assistant

The United States Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) provides an online HIPAA Violation Complaint Portal Assistant that allows individuals who believe their HIPAA rights have been violated to report the incident. Users may input the following information using the Complaint Portal Assistant: When they learned of the most recent HIPAA violation Whom the complaint about the HIPAA violation is against Who the [...]

2020-01-06T11:47:30-05:00December 20th, 2019|

Hospital Data Breaches and Patient Deaths

Researchers for the journal Health Services Research recently conducted a study to determine whether there is a relationship between hospital data breaches and patient deaths. Of particular interest was whether or not remediation efforts for hospital data breaches diminished the quality of hospital care.  Remediation Efforts for Hospital Data Breaches: Related to Quality of Patient Care? A hospital data breach is the unauthorized acquisition, access, use, or disclosure, in [...]

2020-01-06T11:36:03-05:00December 19th, 2019|

HIPAA Enforcement

There are significant consequences for breaking the HIPAA laws. The HIPAA Rule is enforced through several methods.  The most common method of HIPAA enforcement is actions of the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR). State attorneys general may also conduct HIPAA enforcement. How Does HIPAA Enforcement Work? HIPAA enforcement takes place on both the federal government and state government level. The Department of [...]

2020-01-06T10:22:13-05:00December 17th, 2019|

HIPAA Genetic Information

Before passage of the 2013 HIPAA Omnibus Rule, genetic information was not specifically included in the HIPAA regulations’ definition of protected health information (PHI). With passage of the Omnibus Rule, genetic information is now specifically included in the definition of PHI. As such, covered entities must implement safeguards under the HIPAA Privacy Rule to prevent unauthorized use or disclosure of HIPAA genetic information.     What is HIPAA Genetic Information? HIPAA [...]

2020-01-03T16:43:47-05:00December 16th, 2019|