HIPAA Law Enforcement

The battle between individuals’ privacy rights and the needs of law enforcement, has raged for centuries in one form or another. When the HIPAA Privacy Rule was implemented, the authors of this rule tried to appease, as it were, both sides. The resulting “compromise” is that protected health information - the information the HIPAA Privacy Rule affords some protection from disclosure - can be disclosed [...]

2023-04-06T14:24:37-04:00November 19th, 2019|

Updated HHS SRA Tool Issued

In 2011, the Department of Health and Human Services (HHS), the federal agency for enforcing HIPAA, issued a Security Risk Assessment (SRA) tool through its Office for Civil Rights (OCR). In 2019, after several updates, OCR is offering its newest updated HHS SRA tool, version 3.1. The updated HHS SRA Tool contains several features that the prior tools did not contain. What is the Updated HHS SRA Tool? [...]

2023-04-06T14:24:38-04:00November 18th, 2019|

HIPAA Compliance for Non-Covered Entities

The HIPAA law subjects covered entities - defined as health plans, health providers, and healthcare clearinghouses - to its regulatory scheme. By definitions, non-covered entities are not subject to HIPAA regulations. Apps and consumer devices that collect protected health information (PHI), and the vendors that manufacture them, do not meet the definition of a “covered entity.” However, a number of organizations have called for HIPAA compliance for [...]

2023-04-06T14:24:46-04:00November 4th, 2019|

What is the National Patient Identifier Repeal Act?

When HIPAA was enacted in 1996, the law called for development of a unique patient identifier (sometimes referred to as a “national patient identifier”). In 1999, Congress passed legislation prohibiting the Department of Health and Human Services from funding, implementing, or developing a unique patient identifier system. This ban has been in place since then. Recent legislative activity in the US Senate seeks to preserve [...]

2023-04-06T14:24:51-04:00October 25th, 2019|

HIPAA Firewall Controls

The HIPAA Security Rule and HIPAA Firewall Controls Under the technical safeguard requirements of the HIPAA Security Rule, covered entities must implement policies and procedures to protect electronic protected health information (ePHI) from improper alteration or destruction. HIPAA firewall controls are used to provide such protection. Proper firewall use can help to ensure that a covered entity’s network does not fall victim to unauthorized access [...]

2023-04-06T14:24:52-04:00October 24th, 2019|

How MSPs Can Break Into the Healthcare Vertical

The healthcare industry is the fastest growing industry in the U.S. economy and it is also the most vulnerable. Ransomware attacks are targeting healthcare organizations with increasing frequency, this is in part a result of the lack of knowledge surrounding cybersecurity best practices across the healthcare sector. A recent study determined that 24% of healthcare workers cannot identify malware on their computers and 18% cannot [...]

2023-04-06T14:25:07-04:00October 4th, 2019|

OCR’s Strict Enforcement of HIPAA Laws on Healthcare Organizations

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was designed to protect individuals' health information. The HIPAA Privacy Rule ensures the protection of “individually identifiable health information” kept by a covered entity or a business associate. This protects patient information such as an individual’s physical or mental health, the distribution of healthcare, and the payment for healthcare. Such information is considered Protected Health Information (PHI).  OCR Settlements [...]

2023-04-06T14:25:16-04:00September 19th, 2019|

HIPAA Security Risk Analysis Element 3: Assessing Current Security Measures

The HIPAA Security Rule requires that covered entities (health plans, healthcare clearinghouses, and healthcare providers who electronically transmit any health information in connection with a HIPAA related transaction), and business associates, implement security safeguards. These security safeguards must protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or received in any electronic format. Performing a [...]

2023-04-06T14:26:31-04:00September 3rd, 2019|

3 Easy Steps to Get your Microsoft Business Associate Agreement

The Health Insurance Portability and Accountability Act (HIPAA) set forth industry standards for the handling of protected health information (PHI). PHI is any individually identifying health information such as name, date of birth, treatment information, Social Security number, etc. Under HIPAA, any organization working with PHI, in any capacity, must be HIPAA compliant. This includes covered entities (CEs) and the vendors that service them. Before a CE can [...]

2023-04-06T14:26:32-04:00August 29th, 2019|

New Hampshire Insurance Data Security Law

Recently, the Governor of New Hampshire approved Senate Bill 194 (SB 194), an insurance data security law that requires insurers who handle nonpublic information (including health information) to implement a series of cybersecurity measures. The New Hampshire insurance data security law goes into effect on January 1, 2020.  To Whom Does the New Hampshire Insurance Data Security Law Apply? The law regulates “licensees” – insurers [...]

2023-04-06T14:26:34-04:00August 27th, 2019|