What is a HIPAA Data Use Agreement?

Under the HIPAA Privacy Rule, a limited data set is a set of identifiable healthcare information that covered entities are permitted to share with certain entities for research purposes, public health activities, and healthcare operations, without obtaining prior patient written authorization. A limited data set excludes specified direct identifiers (identifiers constituting protected health information, or PHI,  that directly identifies research subjects) of the individual or of relatives, employers, or [...]

2020-04-29T09:20:45-04:00April 29th, 2020|

HIPAA Photo Violations

HIPAA photo violations occur when healthcare providers release images of a patient without prior authorization. HIPAA requires organizations working with protected health information (PHI) to ensure the confidentiality of the sensitive information. There are 18 HIPAA identifiers that constitute PHI, one of which is full-face photos. What are HIPAA Photo Violations? Some organizations may be surprised at what may be considered HIPAA photo violations. It is not permitted to [...]

2020-05-11T11:20:37-04:00April 28th, 2020|

HIPAA Privacy Rule: PHI Reidentification

Under the HIPAA Privacy Rule, de-identification of protected health information (PHI) is the removal of specific information about a patient that can be used alone or in combination with other information to identify that patient. Covered entities often wish to use de-identified protected health information to conduct research and perform comparative studies. Once PHI has been properly deidentified, its use is permitted without patient authorization. A recent study published [...]

2020-05-11T11:31:18-04:00April 27th, 2020|

What are Coronavirus Email Scams?

Predictably, cyberattackers have figured out how to take advantage of public fear over coronavirus. Cyberattackers have developed new coronavirus email scams that literally threaten the life of the victim. How do Email Scams Work? In a coronavirus email scam, the cybercriminal uses extortion to obtain bitcoins or cash. Bitcoin extortion is a tried and true method of attack. In a typical extortion email, the cyberthief would claim he or [...]

2020-05-19T12:12:15-04:00April 24th, 2020|

March Healthcare Breaches Compromise 800,000 Patients

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) reported 38 March healthcare breaches, affecting 828,921 patients. Of the reported incidents, there were 19 breaches due to hacking/IT incidents, 9 breaches from the unauthorized access/disclosure of protected health information (PHI), 6 breaches due to theft, and 2 breaches due to loss. Is your organization secure? Find out now with our HIPAA compliance checklist. March Healthcare [...]

2020-04-23T10:16:16-04:00April 23rd, 2020|

HIPAA and State Public Records Laws

State public records laws, also known as open records or freedom of information laws, provide for certain public access to government records.  However, HIPAA requires covered entities to take measures to prevent unauthorized use or disclosure of protected health information (PHI). The intersection of HIPAA and state public records laws is discussed below. Are State Public Records Laws Subject to the HIPAA Privacy Rule? HIPAA regulations define covered entities [...]

2020-05-05T17:51:32-04:00April 22nd, 2020|

The HIPAA Privacy Rule and Institutional Review Boards

The Food and Drug Administration (FDA) is an agency of the United States Department of Health and Human Services (HHS). FDA regulations provide for review and monitoring of biomedical research that involves human subjects, by groups known as Institutional Review Boards (IRBs). Institutional Review Boards are required to review and monitor all research that receives federal government funding. FDA regulations give Institutional Review Boards the authority to approve, require [...]

2020-05-05T17:54:51-04:00April 21st, 2020|

HIPAA Security Official Requirement

Under the HIPAA Security Rule, covered entities and business associates are required to implement appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information (ePHI). The administrative safeguard provision of the HIPAA regulations is broken into a series of standards whose requirements must be met. One of these standards is known as the Assigned Security Responsibility Standard. The standard requires that [...]

2020-05-05T17:52:14-04:00April 20th, 2020|

What is a Picture Archiving and Communication System (PACS)?

A Picture Archiving and Communication System (PACS) is a computer system used by healthcare providers. A Picture Archiving and Communication System captures, stores, distributes, and then displays medical images. The medical system also digitally transmits electronic images and reports. The medical images include (among others) X-rays, CT scans, and MRI scans.  What Does a Picture Archiving and Communication System Consist of? A PACS system consists of four main components: [...]

2020-05-05T17:53:14-04:00April 17th, 2020|

HIPAA Workers Compensation Disclosures

The HIPAA Privacy Rule dictates how a healthcare provider may share protected information, or PHI in the workers compensation context. PHI disclosures to the employer and the workers compensation board must be HIPAA compliant. HIPAA workers compensation requirements are discussed below. What is Workers Compensation? Many employers are required, under state law, to purchase and maintain a workers compensation insurance policy (or to self-insure). When an employee sustains an [...]

2020-04-23T17:15:40-04:00April 16th, 2020|