While the general public may not fully understand what HIPAA does and doesn’t do, you must understand your responsibilities under this federal law and the severe consequences for failing to meet them if you’re a healthcare provider or a business that supports them. Case in point: in August 2022, A Massachusetts dermatology practice agreed to pay more than $300,000 to settle an [...]
In January of 2021, the Department of Health and Human Services (HHS) published a Notice of Proposed Rulemaking (Notice) to modify the HIPAA Privacy Rule. HHS has proposed to modify the Privacy Rule right of access provision by (among other measures) requiring providers, at an individual’s request, to mail or electronically transmit PHI to or through the individual’s personal health application (PHA). HHS seeks to define PHAs as [...]
With more and more remote workers in the healthcare space, PHI security should be a top concern. A recent survey determined that 44% of employees are currently working from home, with several employers expecting workers to continue to work remotely permanently. So what does this mean for cybersecurity and HIPAA compliance? To provide healthcare organizations with guidance, remote workers and HIPAA is discussed. Remote Workers and HIPAA: Data [...]
Philly Fighting COVID, a private startup company tasked with vaccine distribution for the city, is under investigation. The Philadelphia Department of Public Health has ceased their relationship with the startup after allegations that the company’s privacy policies allowed for the sale of private information. More details on the alleged vaccine privacy violations are discussed. Vaccine Privacy Violations: What Do We Know? On [...]
2020 has been an unenviable year of firsts and of worsts. Add to this another undesirable record-breaker. In 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights issued a record 19 fines for failure to comply with the HIPAA regulations. 11 of the fines issued were for a failure to comply with the HIPAA Privacy Rule’s right of access. The message of OCR 2020 [...]
In an effort to stave off the spread of COVID, the Trump administration is proposing changes to the HIPAA Privacy Rule. More details on HIPAA and COVID contact tracing are discussed. HIPAA and COVID Contact Tracing: Proposed Changes Earlier this month the Trump administration proposed changes to the HIPAA Privacy Rule, including giving patients more control over their health information and removing [...]
In light of President Trump's positive COVID diagnosis, a lot of people are wondering if it is permitted to share his health information with the public. Generally under HIPAA, healthcare organizations are prohibited from sharing a patient's health information without authorization from the patient. However, as the President of the United States, Trump’s health condition is a matter of national security, so do the general rules [...]
The OCR seems to be on a fines spree, with a record number of fines issued in September. There were eight September OCR fines issued, amounting to $10,736,500. More details on September OCR fines are discussed below. September OCR Fines: Violating HIPAA Right of Access The HIPAA Right of Access gives patients the right to request copies of their medical records from their healthcare provider. Requested records must [...]
On June 3, 2020, Geisinger was notified by an employee that a Geisinger Clinic employee was accessing patient records without the need to do so. The employee in question accessed 700 patients’ records over a year-long period. More details about the insider breach are discussed below. Insider Breach: What Happened Upon discovery of the insider breach, Geisinger launched an investigation into the [...]
Beware. Hackers have graduated to using vishing attacks to target patients. Vishing attacks occur when hackers call patients disguising themselves as a trusted entity, such as a healthcare organization, prompting patients to share sensitive information over the phone. Spectrum Health is warning patients and Priority Health members of one such vishing attack. Spectrum Health Vishing Attack Spectrum received reports that patients [...]
