HIPAA Now: What you Need to Know About HIPAA Compliance

Since the start of the coronavirus pandemic, there have been a lot of questions about HIPAA compliance and software. At the beginning of the crisis, the Department of Health and Human Services (HHS) released guidance temporarily easing HIPAA restrictions around the use of telehealth. This loosening led many organizations to falsely assume that they no longer have to comply with HIPAA. To clear up this misconception, HIPAA compliance now [...]

2020-11-16T09:02:51-05:00July 17th, 2020|

The HHS To-Do List: HHS Privacy and Security Regulatory Priorities

The Health Insurance Portability and Accountability Act of 1996, or HIPAA, has not undergone significant regulatory change since 2013. Since then, HHS privacy and security initiatives have been proposed. These HHS privacy and security initiatives remain stalled, for the most part. HHS has announced that it intends to tackle some of these HHS privacy and security regulatory initiatives in 2020. Are you following HIPAA law?  Find out if your [...]

2020-11-16T09:02:51-05:00July 14th, 2020|

SAMHSA Proposes Changes to Substance Abuse Privacy Regulations

42 CFR Part 2 is a federal regulation that requires substance abuse disorder treatment providers observe privacy and confidentiality restrictions with respect to patient records. These regulations, together with the privacy regulations found in the HIPAA Privacy Rule, work to protect the confidentiality of patient identifying information and protected health information (PHI) found in substance abuse disorder (SUD) medical records. Recently, the Substance Abuse and Mental Health Services Administration [...]

2020-11-16T17:01:53-05:00May 28th, 2020|

HIPAA Wiki: A Brief Summary of HIPAA Rights

The Hawaiian language has a memorable equivalent of the English word for “fast”: “wikiwiki.” The term “wikiwiki” can be spoken quickly. Similarly, when a person looks up a “wiki” for information, what the person hopes to find is information on a particular topic that can be quickly overviewed, covering all of the highlights. A HIPAA wiki contains the following information about patient rights. Do you have an effective [...]

2020-11-16T17:01:53-05:00May 21st, 2020|

MSP Compliance Solutions

There is a lot of opportunity for MSPs looking to enter the healthcare vertical. More organizations are relying on MSP compliance solutions, as they do not have the budget to hire a full-time healthcare IT staff; a recent study, by Black Book Market Research, surveyed 2,876 security professionals across 733 provider organizations, finding that 84% of hospitals don’t have full-time cybersecurity employees.  As staffing shortages have increased by [...]

2022-11-10T12:25:45-05:00March 10th, 2020|

HIPAA Role-Based Access

HIPAA Role-Based Access is a key concept of the HIPAA Security Rule. Under the Security Rule, healthcare organizations are required to implement access controls. Access controls are a security technique that restrict access to an organization’s network to those individuals for whom access is required. What is HIPAA Role-Based Access? Under the technical safeguards provision of the HIPAA Security Rule, covered entities and [...]

2022-05-06T12:13:32-04:00January 16th, 2020|

Extensive Noncompliance with HIPAA Right to Access

medRxiv, a health manuscript archiving company, conducted a study in which they sent 51 healthcare providers medical record requests. The purpose of the study was to determine if healthcare providers are compliant with the HIPAA right to access. However, the record request had practical applications as medRxiv used requested records to create a legitimate consumer platform that facilitates patient access to their medical records.  Requests were made for 30 [...]

2020-11-16T17:02:46-05:00November 6th, 2019|

What is the National Patient Identifier Repeal Act?

When HIPAA was enacted in 1996, the law called for development of a unique patient identifier (sometimes referred to as a “national patient identifier”). In 1999, Congress passed legislation prohibiting the Department of Health and Human Services from funding, implementing, or developing a unique patient identifier system. This ban has been in place since then. Recent legislative activity in the US Senate seeks to preserve [...]

2020-11-09T15:41:54-05:00October 25th, 2019|

NIST CSF and HIPAA Compliance: Healthcare Providers at Risk

The sensitive health information maintained by healthcare organizations has grown to be a very attractive target for cyberattackers over the last few years. Healthcare organizations must ensure that they are addressing the full extent of their regulatory requirements when it comes to maintaining cybersecurity and HIPAA compliance, adhering to NIST CSF and HIPAA compliance standards. However, according to a recent study , many healthcare organizations [...]

2022-05-06T14:38:22-04:00April 26th, 2019|

Will New Laws Allow Patients to Cash-In on HIPAA Fines?

This coming November, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is slated to discuss an “advance notice of proposed rulemaking” that is requesting for public input on how OCR could share HIPAA fines with the victims of security breaches. This is not the first time OCR has called this action, as this is the 13th time since fall of 2012 that they [...]

2019-11-12T16:50:03-05:00June 20th, 2018|