Beware. Hackers have graduated to using vishing attacks to target patients. Vishing attacks occur when hackers call patients disguising themselves as a trusted entity, such as a healthcare organization, prompting patients to share sensitive information over the phone. Spectrum Health is warning patients and Priority Health members of one such vishing attack. Spectrum Health Vishing Attack Spectrum received reports that patients [...]
It was recently discovered that advancements in search engine capability may pose a risk to PHI security. Researchers from American College of Radiology (ACR), Radiological Society of North America (RSNA), and Society for Imaging Informatics in Medicine (SIIM) warned healthcare professionals and radiologists of the risk of using medical images for educational purposes. How Can Search Engines Identify Medical Images Optical Character [...]
42 CFR Part 2 is a federal regulation that requires substance abuse disorder treatment providers observe privacy and confidentiality restrictions with respect to patient records. These regulations, together with the privacy regulations found in the HIPAA Privacy Rule, work to protect the confidentiality of patient identifying information and protected health information (PHI) found in substance abuse disorder (SUD) medical records. Recently, the Substance Abuse and Mental Health Services Administration [...]
Recently, the Centers for Medicare and Medicaid Services (CMS) issued a final rule on electronic protected health information (ePHI) sharing. The rule is scheduled to become effective by 2021. The rule contains provisions designed to discourage the practice of health information blocking. Health information blocking is information or data blocking that occurs when healthcare providers or IT vendors deliberately and unreasonably interfere with the exchange [...]
The Food and Drug Administration (FDA) is an agency of the United States Department of Health and Human Services (HHS). FDA regulations provide for review and monitoring of biomedical research that involves human subjects, by groups known as Institutional Review Boards (IRBs). Institutional Review Boards are required to review and monitor all research that receives federal government funding. FDA regulations give Institutional Review Boards the authority to approve, require [...]
The HIPAA Privacy Rule generally requires HIPAA covered entities (health plans and most healthcare providers) to provide individuals, upon request, with access to the protected health information (PHI) about them in a designated record set (or sets) maintained by or for the covered entity. What is PHI? PHI is defined as individually identifiable information relating to the past, present, or future health status of an [...]
Sunshine Behavioral Health, LLC, is a network of drug and alcohol addiction rehabilitation centers based in San Juan Capistrano, California. According to Dissent of the website databreaches.net, an AWS (Amazon Web Services) S3 storage bucket has been misconfigured. The misconfiguration, notes Dissent, resulted in online exposure of PHI. Amazon S3 buckets are public cloud storage resources. These buckets, which are essentially the online equivalent of [...]
Protected health information (PHI) is any individually identifying health information classified by the Department of Health and Human Services (HHS) into 18 identifiers, such as name, date of birth, address, payment information, treatment information, etc. The Health Insurance Portability and Accountability Act (HIPAA) mandates that organizations that work with PHI have safeguards in place in the form of administrative, technical, and physical, to protect PHI. [...]
The HIPAA Privacy Rule permits patients to request that PHI contained in their medical records, be amended. The right is not unlimited, however, and a covered entity may deny a request to amend PHI under several circumstances. What is the HIPAA Privacy Rule Right to Amend PHI? Under the HIPAA Privacy Rule, covered entities must honor certain patient requests to amend protected health information (PHI). [...]
Under the HIPAA Privacy Rule, the use or disclosure of protected health information (PHI) is permitted for treatment purposes. Electronic health information exchange - a method of data transmission allowing healthcare professionals and patients to access and secure PHI electronically - facilitates quality treatment, without running afoul of the HIPAA Privacy Rule or the HIPAA Security Rule. What is Electronic Health Information Exchange? Electronic health information exchange (HIE) is [...]
© 2023 Compliancy Group LLC. All Rights Reserved | Terms of Use | Privacy Policy
Become Compliant, Get The Seal!
