Transporting PHI: HIPAA On the Road
PHI in transit consists of either paper documents or records, or portable media and devices. The physical safeguard provisions of the HIPAA Security Rule require covered entities to protect [...]
Extensive Noncompliance with HIPAA Right to Access
medRxiv, a health manuscript archiving company, conducted a study in which they sent 51 healthcare providers medical record requests. The purpose of the study was to determine if healthcare [...]
HIPAA Antivirus Software
The HIPAA Security Rule contains administrative safeguards in the form of security standards. One of these standards requires covered entities and business associates to implement a [...]
HIPAA Compliance for Non-Covered Entities
The HIPAA law subjects covered entities - defined as health plans, health providers, and healthcare clearinghouses - to its regulatory scheme. By definitions, non-covered entities are not subject [...]
19,500 UAB Medicine Patients Affected by Healthcare Phishing Attack
The University of Alabama (UAB) Medicine is the latest victim of a healthcare phishing attack, affecting 19,500 patients. A phishing attack occurs when a hacker disguises [...]
Does HIPAA Impose Medical Record Retention Requirements?
The Health Insurance Portability and Accountability Act (HIPAA) protects the privacy and security of individually identifiable health information. The Act does so through regulations issued by the [...]
What is the National Patient Identifier Repeal Act?
When HIPAA was enacted in 1996, the law called for development of a unique patient identifier (sometimes referred to as a “national patient identifier”). In 1999, [...]
Doctor to Doctor Sharing of PHI Under HIPAA
Generally, doctor to doctor sharing of protected health information (PHI) is permitted under the HIPAA regulations. Read more about HIPAA sharing of information between providers. When [...]
Is Mailing Breach Notification Letters to Wrong Patient a Breach?
Alive Hospice, based in Tennessee, experienced a healthcare breach due to phishing emails. A phishing email occurs when a hacker disguises themselves as a trusted user, prompting recipients to [...]
Steps to Creating an Effective HIPAA Compliant Contingency Plan
Under the HIPAA Security Rule administrative safeguards requirement, covered entities and business associates must develop HIPAA compliant contingency plans. The two major objectives of a HIPAA [...]
