Patient Portals and the HIPAA Security Rule

Healthcare providers frequently allow patients to access their electronic health records (EHRs) through a patient portal. Online patient portals allow patients to view their medical records, schedule appointments, and even request refills of prescriptions, anywhere the patient has access to the Internet. Patient portals contain information that constitutes electronic protected health information (ePHI) under the HIPAA Security Rule. ePHI is defined as any protected health information (PHI) that [...]

2023-08-07T15:31:15-04:00September 9th, 2019|

HIPAA Security Risk Analysis Element 3: Assessing Current Security Measures

The HIPAA Security Rule requires that covered entities (health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information in connection with a HIPAA related transaction), and business associates, implement security safeguards. These security safeguards must protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any electronic format. Performing [...]

2023-08-07T15:38:34-04:00September 3rd, 2019|

HIPAA Security Risk Analysis Element 2: Identifying and Documenting Potential Threats and Vulnerabilities

The HIPAA Security Rule requires covered entities (health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information in connection with a HIPAA related transaction) and business associates to implement security safeguards. These security safeguards must protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any [...]

2023-08-07T15:48:16-04:00August 23rd, 2019|

HIPAA Security Rule Technical Safeguards and Employee Logins

Under the HIPAA Security Rule, covered entities must implement security safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any electronic format. One type of security safeguard that must be implemented is known as  “technical safeguards.”  What Are HIPAA Security Rule Technical Safeguards? [...]

2023-08-28T16:28:24-04:00August 16th, 2019|

The Integrity of ePHI Under HIPAA Security Rule

The HIPAA Security Rule requires that covered entities (health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information in connection with a HIPAA-related transaction), and business associates, implement reasonable and appropriate technical safeguards. These safeguards must protect (among other things) the integrity of ePHI, electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received [...]

2023-08-10T10:45:05-04:00August 15th, 2019|

Cryptomining Malware Can Affect HIPAA Obligations

The well-established security firm Check Point recently ranked cryptomining as the leading cyber threat in healthcare - ahead of ransomware. Cryptomining malware, also known as cryptocurrency mining malware, refers to software programs and malware components developed to take over a computer's resources and use them for cryptocurrency mining, without a user's authorization. This hijacking of computer resources can result in shutdown and even total systems failure.  Cryptomining is [...]

2023-08-07T16:05:14-04:00August 8th, 2019|

The Difference Between HIPAA Risk Analysis and Gap Analysis

The terms “HIPAA risk analysis” and “HIPAA gap analysis” are commonly confused because they sound the same, and embody similar concepts. However, the two activities are unique, involve processes that are distinct from each other, and target different components of HIPAA compliance - so it’s important to avoid confusing them. What is a HIPAA Risk Analysis? A HIPAA risk analysis is required under the [...]

2023-08-07T16:13:20-04:00July 29th, 2019|

Double Trouble: Indiana Engineering Company Hit with Federal AND Multistate Data Breach Fines

Medical Informatics Engineering, Inc. (MIE) is an Indiana-based company that develops and offers solutions enabling the exchange of electronic protected health information (ePHI). In May of 2019, the company paid the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) $100,000 to settle potential HIPAA Privacy Rule and Security Rule violations.  The events causing the violations are now commonplace, MIE had discovered [...]

2023-08-07T16:15:07-04:00July 24th, 2019|

HIPAA Privacy and Security Rules

The Health Insurance Portability and Accountability Act (HIPAA) established several rules that covered entities (CEs) and business associates (BAs) must follow in order to be compliant. View the HIPAA Privacy and Security Rules Summary below. A covered entity (CE) is anyone who is directly involved in the treatment, payment, or operations; while a business associate (BA) is a vendor that a CE hires to complete a service, that [...]

2023-09-14T16:11:29-04:00July 10th, 2019|

Phishing Attack Exposes 23,811 Patients’ PHI

The threat from phishing attacks are growing faster than ever before. Healthcare organizations now need to implement the appropriate security measures in order to protect their patient’s information, otherwise you are susceptible to having a data breach-- and being fined thousands of dollars. Palmetto Health recently became a victim of a phishing scam after several emails were sent to their employees which contained a malicious hyperlink. When the [...]

2023-08-07T16:56:18-04:00April 15th, 2019|