Accidental Disclosure of PHI

Even when a covered entity or business associate maintains an effective HIPAA compliance program, an accidental disclosure of PHI may be made. For example, an employee may accidentally view patient records. A mailing may be sent to the wrong recipient. This article discusses how covered entities and business associates should respond in the event of an accidental PHI disclosure or HIPAA violation. How Should Covered [...]

2022-05-06T13:55:39-04:00December 30th, 2019|

Hospital Data Breaches and Patient Deaths

Researchers for the journal Health Services Research recently conducted a study to determine whether there is a relationship between hospital data breaches and patient deaths. Of particular interest was whether or not remediation efforts for hospital data breaches diminished the quality of hospital care.  Remediation Efforts for Hospital Data Breaches: Related to Quality of Patient Care? A hospital data breach is the unauthorized acquisition, access, use, or disclosure, in [...]

2022-05-06T14:38:19-04:00December 19th, 2019|

HIPAA Genetic Information

Before passage of the 2013 HIPAA Omnibus Rule, genetic information was not specifically included in the HIPAA regulations’ definition of protected health information (PHI). With passage of the Omnibus Rule, genetic information is now specifically included in the definition of PHI. As such, covered entities must implement safeguards under the HIPAA Privacy Rule to prevent unauthorized use or disclosure of HIPAA genetic information.     What is [...]

2022-05-06T13:55:40-04:00December 16th, 2019|

HIPAA Requirements for Sending PHI

Healthcare entities require a means to easily share protected health information (PHI). When sending PHI it is imperative to keep HIPAA requirements in mind. The Health Insurance Portability and Accountability Act (HIPAA) set forth industry standards for creating, storing, and maintaining of PHI, including HIPAA requirements for sending PHI. Email The most convenient means of sending PHI is via email, however when sending PHI through [...]

2022-05-06T13:55:40-04:00December 13th, 2019|

What is a Unique Patient Identifier?

When HIPAA was enacted in 1996, the law called for development of a unique patient identifier (sometimes referred to as a “national patient identifier”). In 1999, Congress passed legislation prohibiting the Department of Health and Human Services (HHS) from funding, implementing or developing a unique patient identifier system. This ban has been in place since then. Has Congress Lifted the Ban on Unique [...]

2022-05-06T13:55:40-04:00December 12th, 2019|

 HIPAA Business Email Compromise 

A cyberthreat known as business email compromise has caused businesses, religious institutions, educational institutions, non-profits, and other companies, to lose billions of dollars since the FBI first began tracking the threat in 2013. Business email compromise (BEC) - also known as CEO impersonation - is a favorite crime of Internet con artists because the practice relies on what any con operation requires for success: deception. These criminals target a [...]

2022-05-06T14:04:12-04:00December 10th, 2019|

Is a Covered Entity’s Sale of PHI Permitted Under HIPAA?

Under the HIPAA Privacy Rule, sale of PHI is generally prohibited.  What Constitutes a Sale of PHI? Generally, under the HIPAA Privacy Rule, covered entities and business associates may not engage in a sale of an individual’s protected health information (PHI) without the individual’s prior written authorization to do so.  A sale of PHI takes place when a covered entity or business associate: Directly or [...]

2022-05-06T13:55:40-04:00December 5th, 2019|

Patient PHI Discovered to be Freely Accessible

WizCase is a company that has years of experience testing and evaluating cybersecurity tools and products. Recently, WizCase researchers discovered significant database leaks from a number of websites around the globe. Patient PHI was discovered to readily available. What Patient PHI was Leaked? The information that was leaked consists of protected health information (PHI) in the form of (among other items): Prescriptions Medical observations Lab visits  Social Security numbers [...]

2022-05-06T13:55:40-04:00November 27th, 2019|

Congress Introduces the Smartwatch Data Act

Congress recently introduced the Stop Marketing and Revealing the Wearables and Trackers Consumer Health Data Act, nicknamed the Smartwatch Data Act. The legislation, introduced by Democratic Senator Jacky Rosen and Republican Senator Bill Cassidy, aims to ensure that health data collected through fitness trackers, smartwatches, and health apps, cannot be sold without consumer consent. What is the Smartwatch Data Act? The Smartwatch Data Act is [...]

2022-05-06T13:55:41-04:00November 25th, 2019|

HIPAA Law Enforcement

The battle between individuals’ privacy rights and the needs of law enforcement, has raged for centuries in one form or another. When the HIPAA Privacy Rule was implemented, the authors of this rule tried to appease, as it were, both sides. The resulting “compromise” is that protected health information - the information the HIPAA Privacy Rule affords some protection from disclosure - can be disclosed [...]

2022-05-06T12:13:33-04:00November 19th, 2019|