Vishing Attack Targets Spectrum Health Patients

Beware. Hackers have graduated to using vishing attacks to target patients. Vishing attacks occur when hackers call patients disguising themselves as a trusted entity, such as a healthcare organization, prompting patients to share sensitive information over the phone. Spectrum Health is warning patients and Priority Health members of one such vishing attack. Spectrum Health Vishing Attack Spectrum received reports that patients [...]

2020-11-16T09:02:41-05:00September 18th, 2020|

Are Search Engines Compromising PHI Security?

It was recently discovered that advancements in search engine capability may pose a risk to PHI security. Researchers from American College of Radiology (ACR), Radiological Society of North America (RSNA), and Society for Imaging Informatics in Medicine (SIIM) warned healthcare professionals and radiologists of the risk of using medical images for educational purposes. How Can Search Engines Identify Medical Images Optical Character [...]

2022-05-06T14:38:17-04:00September 8th, 2020|

SAMHSA Proposes Changes to Substance Abuse Privacy Regulations

42 CFR Part 2 is a federal regulation that requires substance abuse disorder treatment providers observe privacy and confidentiality restrictions with respect to patient records. These regulations, together with the privacy regulations found in the HIPAA Privacy Rule, work to protect the confidentiality of patient identifying information and protected health information (PHI) found in substance abuse disorder (SUD) medical records. Recently, the Substance Abuse and Mental Health Services Administration [...]

2020-11-16T17:01:53-05:00May 28th, 2020|

What is Health Information Blocking?

Recently, the Centers for Medicare and Medicaid Services (CMS) issued a final rule on electronic protected health information (ePHI) sharing. The rule is scheduled to become effective by 2021. The rule contains provisions designed to discourage the practice of health information blocking. Health information blocking is information or data blocking that occurs when healthcare providers or IT vendors deliberately and unreasonably interfere with the exchange [...]

2022-05-06T14:25:56-04:00May 19th, 2020|

The HIPAA Privacy Rule and Institutional Review Boards

The Food and Drug Administration (FDA) is an agency of the United States Department of Health and Human Services (HHS). FDA regulations provide for review and monitoring of biomedical research that involves human subjects, by groups known as Institutional Review Boards (IRBs). Institutional Review Boards are required to review and monitor all research that receives federal government funding. FDA regulations give Institutional Review Boards the authority to approve, require [...]

2022-05-06T12:13:31-04:00April 21st, 2020|

What is a Designated Record Set Under HIPAA?

The HIPAA Privacy Rule generally requires HIPAA covered entities (health plans and most healthcare providers) to provide individuals, upon request, with access to the protected health information (PHI) about them in a designated record set (or sets) maintained by or for the covered entity.  What is PHI? PHI is defined as individually identifiable information relating to the past, present, or future health status of an [...]

2023-03-16T14:55:06-04:00March 9th, 2020|

Exposure of PHI at Drug and Alcohol Addiction Rehabilitation Center

Sunshine Behavioral Health, LLC, is a network of drug and alcohol addiction rehabilitation centers based in San Juan Capistrano, California. According to Dissent of the website databreaches.net, an AWS (Amazon Web Services) S3 storage bucket has been misconfigured. The misconfiguration, notes Dissent, resulted in online exposure of PHI. Amazon S3 buckets are public cloud storage resources. These buckets, which are essentially the online equivalent of [...]

2022-05-06T13:55:39-04:00January 24th, 2020|

PHI Protection for 50 Years After Death

Protected health information (PHI) is any individually identifying health information classified by the Department of Health and Human Services (HHS) into 18 identifiers, such as name, date of birth, address, payment information, treatment information, etc. The Health Insurance Portability and Accountability Act (HIPAA) mandates that organizations that work with PHI have safeguards in place in the form of administrative, technical, and physical, to protect PHI. [...]

2022-05-06T13:55:39-04:00January 20th, 2020|

When Can a Covered Entity Deny a Request to Amend PHI?

The HIPAA Privacy Rule permits patients to request that PHI contained in their medical records, be amended. The right is not unlimited, however, and a covered entity may deny a request to amend PHI under several circumstances. What is the HIPAA Privacy Rule Right to Amend PHI? Under the HIPAA Privacy Rule, covered entities must honor certain patient requests to amend protected health information (PHI). [...]

2022-05-06T12:13:32-04:00January 17th, 2020|

Electronic Health Information Exchange and HIPAA

Under the HIPAA Privacy Rule, the use or disclosure of protected health information (PHI) is permitted for treatment purposes. Electronic health information exchange - a method of data transmission allowing healthcare professionals and patients to access and secure PHI electronically - facilitates quality treatment, without running afoul of the HIPAA Privacy Rule or the HIPAA Security Rule. What is Electronic Health Information Exchange? Electronic health information exchange (HIE) is [...]

2022-05-06T13:55:39-04:00January 3rd, 2020|