March 20, 2024
Briefings on HIPAA

Rebecca Herold, CDPSE, FIP, CISSP, CIPM, CIPP/US, CIPT, CISM, CISA, FLMI, answers submitted questions on a variety of HIPAA topics.

March 13, 2024
Briefings on HIPAA

A January report unveiled a staggering data leak dubbed the “Mother of All Breaches”, which encompassed data from numerous previous breaches, totaling approximately 12 terabytes and over 26 billion records.

March 6, 2024
Briefings on HIPAA

OCR recently announced a significant settlement with a medical group that represents the first resolution of an investigation into a phishing cyberattack under HIPAA.

February 21, 2024
Briefings on HIPAA

Julia Huddleston, CIPP/US, CIPM, CCSFP, answers submitted questions on a variety of HIPAA topics.

February 14, 2024
Briefings on HIPAA

Learn why staff training is crucial for maintaining HIPAA compliance around media and news outlets and how to protect your organization.

February 7, 2024
Briefings on HIPAA

The Cybersecurity and Infrastructure Security Agency toolkit provides resources, training, and information to help organizations build a strong cybersecurity foundation and advance their defenses against threats.

January 17, 2024
Briefings on HIPAA

Rebecca Herold, CDPSE, FIP, CISSP, CIPM, CIPP/US, CIPT, CISM, CISA, FLMI, answers submitted questions on a variety of HIPAA topics.

January 10, 2024
Briefings on HIPAA

The Office for Civil Rights has issued guidance on media access to protected health information that can serve as a resource to providers and patients.

January 3, 2024
Briefings on HIPAA

A recently published government guide outlines defensive strategies, recommendations, and best practices to combat pervasive cyberthreats affecting critical infrastructure. It also identifies known vulnerabilities that providers can assess their networks for, thereby minimizing risks before intrusions occur.

December 20, 2023
Briefings on HIPAA

Julia Huddleston, CIPP/US, CIPM, CCSFP, answers submitted questions on a variety of HIPAA topics.

December 13, 2023
Briefings on HIPAA

HIPAA security compliance leaders should ensure that their organization’s sanction policies are well documented, transparent, understood by all workforce members, and applied consistently to reinforce a robust HIPAA compliance program.

December 6, 2023
Briefings on HIPAA

The Office for Civil Rights recently issued two resources to help explain to patients the privacy and security risks associated with telehealth services, as related to personal health information.

November 15, 2023
Briefings on HIPAA

Rebecca Herold, CDPSE, FIP, CISSP, CIPM, CIPP/US, CIPT, CISM, CISA, FLMI, answers submitted questions on a variety of HIPAA topics.

November 8, 2023
Briefings on HIPAA

HHS released two reports recently that provide in-depth insights and compliance tips to help healthcare covered entities contend with cybersecurity threats.

November 1, 2023
Briefings on HIPAA

Healthcare covered entities continue to have trouble getting patients their medical records. Since 2019, when the Office for Civil Rights began its Right of Access initiative, the HIPAA privacy and security enforcer has settled 45 cases related to patient requests for medical records.

October 18, 2023
Briefings on HIPAA

As the Office for Civil Rights celebrates Cybersecurity Awareness Month in October, review Briefings on HIPAA's best cybersecurity-related Q&As.

October 11, 2023
Briefings on HIPAA

A recent settlement between the Office for Civil Rights and UnitedHealthcare serves as a stark reminder of the importance of HIPAA compliance and the right of patients to access their medical records in a timely manner.

October 4, 2023
Briefings on HIPAA

Robust authentication processes are often the first line of defense against cyberthreats. A recent Office for Civil Rights Cybersecurity newsletter emphasizes the importance of strong authentication in safeguarding electronic protected health information (ePHI).

September 20, 2023
Briefings on HIPAA

Julia Huddleston, CIPP/US, CIPM, CCSFP, answers submitted questions on a variety of HIPAA topics.

September 13, 2023
Briefings on HIPAA

Government regulators that enforce HIPAA privacy and security compliance are doubling down this year on risk analysis and risk management as a primary avenue to safeguard protected health information.

September 6, 2023
Briefings on HIPAA

In an era where digital transformation is reshaping industries, healthcare finds itself at the crossroads of innovation and privacy. Telehealth, a symbol of this transformation, promises unparalleled convenience and accessibility. Yet it also brings forth a myriad of challenges, especially concerning the protection of patient data.

August 16, 2023
Briefings on HIPAA

Rebecca Herold, CDPSE, FIP, CISSP, CIPM, CIPP/US, CIPT, CISM, CISA, FLMI, answers submitted questions on a variety of HIPAA topics.

August 9, 2023
Briefings on HIPAA

Every click, swipe, and keystroke can lead to a breach in today’s digital healthcare landscape. Robust data protection procedures have never been more critical.

August 2, 2023
Briefings on HIPAA

The conclusion of the COVID-19 public health emergency has led to the termination of the Office for Civil Rights’ relaxed enforcement and providers are in the midst of a 90-day transition period back to full compliance with the HIPAA rules for telehealth.

July 19, 2023
Briefings on HIPAA

Julia Huddleston, CIPP/US, CIPM, CCSFP, answers submitted questions on a variety of HIPAA topics.

July 12, 2023
Briefings on HIPAA

In this article, we will dissect the latest significant breach reported by the Office of Civil Rights. It involved MedEvolve Inc. and resulted in a $350,000 fine. We’ll explore the potential preventive strategies that healthcare entities can implement.

July 5, 2023
Briefings on HIPAA

Learn which rules and regulations are changing as providers navigate the post-COVID-19 public health emergency transition period to full OCR compliance with HIPAA telehealth rules.

June 21, 2023
Briefings on HIPAA

Rebecca Herold, CDPSE, FIP, CISSP, CIPM, CIPP/US, CIPT, CISM, CISA, FLMI, answers submitted questions on a variety of HIPAA topics.

June 14, 2023
Briefings on HIPAA

Frank Ruelas, MBA, Briefings on HIPAA advisory board member, answers questions on best access control practices and provides compliance tips.

June 7, 2023
Briefings on HIPAA

Information system activity reviews are not only a compliance requirement, but also a crucial element of any effective cybersecurity strategy.

May 17, 2023
Briefings on HIPAA

Julia Huddleston, CIPP/US, CIPM, CCSFP, answers submitted questions on a variety of HIPAA topics.

May 10, 2023
Briefings on HIPAA

As the adoption of digital technologies, such as telehealth and electronic health records, increases, organizations face evolving cybersecurity threats that have the potential to compromise patient data and disrupt healthcare operations.

May 3, 2023
Briefings on HIPAA

The Office for Civil Rights (OCR) reached another resolution in January during its ongoing effort to ensure the comprehensive enforcement of the HIPAA Privacy Rule’s right of access provision.

April 19, 2023
Briefings on HIPAA

Rebecca Herold, CDPSE, FIP, CISSP, CIPM, CIPP/US, CIPT, CISM, CISA, FLMI, answers submitted questions on a variety of HIPAA topics.

April 12, 2023
Briefings on HIPAA

In this article, we continue our examination of HHS’ reports to Congress regarding HIPAA compliance and data from 2021, specifically focusing on the HIPAA Privacy, Security, and Breach Notification Rule Compliance report released in February.  

 

April 5, 2023
Briefings on HIPAA

In February, HHS published two reports covering HIPAA privacy and security compliance and breaches of protected health information to help HIPAA compliance privacy and security professionals better conduct their roles.

March 15, 2023
Briefings on HIPAA

This month, we’ve compiled some questions for HIPAA security and privacy officers to consider when trying to strengthen compliance in their organizations.

March 8, 2023
Briefings on HIPAA

OCR released its “Improving Cybersecurity Posture in Healthcare for 2022” news bulletin last February, noting that healthcare organizations are prime targets for cyberattacks due to the sensitive nature of the data they hold.

March 1, 2023
Briefings on HIPAA

The Office for Civil Rights (OCR) has announced two resolutions for potential HIPAA violations two months into 2023. These resolutions fall at opposite ends of the HIPAA compliance spectrum—cybersecurity and medical record access. Each is focused on the goal of protecting patient privacy.

February 15, 2023
Briefings on HIPAA

Rebecca Herold, CDPSE, FIP, CISSP, CIPM, CIPP/US, CIPT, CISM, CISA, FLMI, answers submitted questions on a variety of HIPAA topics.

February 8, 2023
Briefings on HIPAA

What changes will be made to HIPAA compliance in 2023? Looking back at OCR’s compiled data on the topic may provide some insight.

February 1, 2023
Briefings on HIPAA

The Office for Civil Rights finished 2022 with some enforcement action relating to the HIPAA Security and Privacy Rule enforcer’s Right of Access Initiative.

January 18, 2023
Briefings on HIPAA

Julia Huddleston, CIPP/US, CIPM, CCSFP, answers submitted questions on a variety of HIPAA topics.

January 11, 2023
Briefings on HIPAA

When it comes to HIPAA compliance, there’s always something new to learn. In 2022, Paubox, a security provider, reported more than 3 million people were affected by breaches involving electronic medical records.

January 4, 2023
Briefings on HIPAA

The Office for Civil Rights (OCR) has had a busy fall putting out guidance and proposing rule changes in some crucial areas of HIPAA compliance. Here’s a breakdown of some of its current operations.

December 21, 2022
Briefings on HIPAA

Rebecca Herold, CDPSE, FIP, CISSP, CIPM, CIPP/US, CIPT, CISM, CISA, FLMI, answers submitted questions on a variety of HIPAA topics.

December 14, 2022
Briefings on HIPAA

In September, the Office for Civil Rights (OCR) released its fall 2022 data for enforcement. Covered entities (CE) and business associates (BA) can review this data to determine areas that most commonly trigger enforcement on behalf of the government’s regulator for the HIPAA Privacy and Security rules.

December 7, 2022
Briefings on HIPAA

Those in charge of overseeing HIPAA compliance at their healthcare organizations need to have a firm understanding of privacy laws outside of the healthcare arena.

November 16, 2022
Briefings on HIPAA

Julia Huddleston, CIPP/US, CIPM, CCSFP, answers submitted questions on a variety of HIPAA topics.

November 9, 2022
Briefings on HIPAA

The Office for Civil Rights (OCR) issued guidance on audio-only telehealth in June. This guidance provides helpful tips on how covered entities (CE) can use remote communication technologies to provide audio-only telehealth services in a manner consistent with HIPAA requirements.

November 2, 2022
Briefings on HIPAA

Now that the fourth quarter has arrived, things are winding down for 2022. This is a good time to reflect on the past year of HIPAA compliance and prepare for 2023. Here is a roundup of HIPAA topics and some actionable tips for compliance.

October 26, 2022
Briefings on HIPAA

In early June, Congress released a bipartisan draft bill called the American Data Privacy and Protection Act. The goal of this bill is to create a regulation that organizations in any industry would need to accord with compliance. On the surface, this sounds great, but in reality, it is unrealistic.

October 19, 2022
Briefings on HIPAA

In August, the Office for Civil Rights (OCR) announced a settlement with New England Dermatology P.C., known as New England Dermatology and Laser Center, over the improper disposal of PHI, which is a potential HIPAA Privacy Rule violation.

October 12, 2022
Briefings on HIPAA

Starting on October 6, the definition of electronic health information (EHI) will include “the entire scope of the EHI definition [i.e., ePHI that is or would be in a Designated Record Set (DRS)].”

October 5, 2022
Briefings on HIPAA

The 21st Century Cures Act fundamentally changes how patients can interact with their health information — and October 6 is a significant milestone for these changes.

September 21, 2022
Briefings on HIPAA

Julia Huddleston, CIPP/US, CIPM, CCSFP, and Rebecca Herold, answer reader questions on a variety of HIPAA-related topics.

September 14, 2022
Briefings on HIPAA

The Office for Civil Rights (OCR) recently announced version 3.3 of the HHS Security Risk Assessment Tool. According to OCR officials, this tool is designed to aid small and medium-sized healthcare organizations in their efforts to assess security risks.

September 7, 2022
Briefings on HIPAA

Covered entities and business associates still have trouble getting patients their medical records in a timely fashion.

August 17, 2022
Briefings on HIPAA

Rebecca Herold, CDPSE, FIP, CISSP, CIPM, CIPP/US, CIPT, CISM, CISA, FLMI, answers submitted questions on a variety of HIPAA topics.

August 10, 2022
Briefings on HIPAA

It may be summer, but there is no vacation when it comes to HIPAA privacy and security. In fact, OCR was extremely busy and active with enforcement in July.

August 3, 2022
Briefings on HIPAA

In June, the Supreme Court overturned Roe v. Wade, the decades-old decision on abortion rights and it was enough to have OCR weigh in with some guidance on privacy regulations. OCR issued guidance June 29 to protect patient privacy in the wake of the decision.

July 20, 2022
Briefings on HIPAA

Julia Huddleston, CIPP/US, CIPM, CCSFP, answers submitted questions on a variety of HIPAA topics.

July 13, 2022
Briefings on HIPAA

The growing number of cybersecurity threats is a significant concern, driving the need for enhanced safeguards of electronic protected health information, according to the Office for Civil Rights.

July 6, 2022
Briefings on HIPAA

To better prepare for the rest of the year, here are some topical privacy and security compliance tips and reminders as we surge toward a strong second half of 2022.

June 15, 2022
Briefings on HIPAA

Rebecca Herold, CDPSE, FIP, CISSP, CIPM, CIPP/US, CIPT, CISM, CISA, FLMI, answers submitted questions on a variety of HIPAA topics.

June 8, 2022
Briefings on HIPAA

Jay Hodes, president of HIPAA compliance company Colington Consulting in Burke, Virginia, sees eight specific challenges organizations face when trying to comply with HIPAA regulations.

June 1, 2022
Briefings on HIPAA

OCR released a report on audits it conducted. It found that most CEs failed to meet the requirements for selected provisions in the audit. One of the first steps to improving is learning more about audits and assessments, which are trouble spots for entities.

May 25, 2022
Briefings on HIPAA

Julia Huddleston, CIPP/US, CIPM, CCSFP, answers submitted questions on a variety of HIPAA topics.

May 18, 2022
Briefings on HIPAA

As part of our continuing series, BOH caught up with Rebecca Herold, CDPSE, FIP, CISSP, CIPM, CIPP/US, CIPT, CISM, CISA, FLMI, to ask the privacy expert HIPAA compliance questions. 

May 11, 2022
Briefings on HIPAA

Martin Fisher has been the director of information security and chief information security officer for Atlanta-based Northside Hospital for more than eight years. He discusses what’s top of mind in his role and what challenges lay ahead.

May 4, 2022
Briefings on HIPAA

Dave Bailey, CISSP, knows firsthand what challenges arise daily for healthcare security officials. He explains what is on the minds of CIOs/CISOs and the security lessons learned from the COVID-19 pandemic.

April 27, 2022
Briefings on HIPAA

Mary D. Brandt, MBA, RHIA, CHE, CHPS, answers submitted questions on a variety of HIPAA topics.

April 20, 2022
Briefings on HIPAA

We caught up with privacy expert Rebecca Herold, FIP, CIPM, CIPP/US, CIPT, CISSP, CISM, CISA, FLMI, CEO and founder of The Privacy Professor, and co-founder of Privacy & Security Brainiacs, to ask her some important HIPAA compliance questions.

April 13, 2022
Briefings on HIPAA

Privacy expert Rebecca Herold, FIP, CIPM, CIPP/US, CIPT, CISSP, CISM, CISA, FLMI, CEO and founder of The Privacy Professor, and co-founder of Privacy & Security Brainiacs, recommends some key actions for practitioners to identify vulnerabilities in their security and privacy practices.

April 6, 2022
Briefings on HIPAA

According to the Office for Civil Rights, the most commonly alleged HIPAA complaints include impermissible uses and disclosures of protected health information (PHI), lack of PHI safeguards, lack of patient access to PHI, lack of administrative safeguards of electronic PHI, and use or disclosure of more than the minimum necessary PHI.

March 16, 2022
Briefings on HIPAA

Julia Huddleston, CIPP/US, CIPM, CCSFP, answers submitted questions on a variety of HIPAA topics.

March 9, 2022
Briefings on HIPAA

We caught up for a HIPAA compliance checkpoint Q&A with Rebecca Herold, FIP, CIPM, CIPP/US, CIPT, CISSP, CISM, CISA, FLMI, CEO and founder of The Privacy Professor, and co-founder of Privacy Security Brainiacs.

March 2, 2022
Briefings on HIPAA

Providing patients with access to their medical records remains a struggle for many healthcare providers.

February 16, 2022
Briefings on HIPAA

Mary D. Brandt, MBA, RHIA, CHE, CHPS, answers submitted questions on a variety of HIPAA topics.

February 9, 2022
Briefings on HIPAA

What makes a strong privacy officer? What skills and traits does a successful privacy officer need in 2022 and beyond?

February 2, 2022
Briefings on HIPAA

Cybersecurity and ransomware never sleep. The Office for Civil Rights wrote about the need to stay vigilant against cybersecurity threats in a security email.

January 19, 2022
Briefings on HIPAA

To celebrate the start of the new year, Briefings on HIPAA is highlighting some of our most popular Q&As of 2021. Here are some of our best answers:

January 12, 2022
Briefings on HIPAA

Having a good lawyer often comes in handy. Having a lawyer who understands HIPAA and works well with your HIPAA compliance officers, though, is priceless.

January 5, 2022
Briefings on HIPAA

The past couple of years have been filled with challenges for healthcare workers, to say the least. It’s also been a time to reflect on lessons learned, especially in the arena of HIPAA privacy and security. And, naturally, there are lessons to be learned from other healthcare entities.

December 1, 2021
Briefings on HIPAA

Mary D. Brandt, MBA, RHIA, CHE, CHPS, answers submitted questions on a variety of HIPAA topics.

December 1, 2021
Briefings on HIPAA

As HIPAA privacy and security officers gear up for another year of compliance, it’s always a good time to rethink training. How often should you train? How should you tailor content? How should you assess learning competency?

December 1, 2021
Briefings on HIPAA

In its fall 2021 cybersecurity newsletter, OCR said it’s a great time for organizations to revisit the protections they have in place for their legacy systems.

November 1, 2021
Briefings on HIPAA

Learn about the most important parts of the 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program final rule for HIPAA compliance officers.

November 1, 2021
Briefings on HIPAA

It’s almost a new year. And for HIPAA security officers, that means it’s time to reflect on the year that was and also look forward to the next 12 months. One way to do that is to sharpen their toolkit of skills and traits.

November 1, 2021
Briefings on HIPAA

Chris Apgar, CISSP, answers submitted questions on a variety of HIPAA topics.

October 1, 2021
Briefings on HIPAA

Mary D. Brandt, MBA, RHIA, CHE, CHPS, answers submitted questions on a variety of HIPAA topics.

October 1, 2021
Briefings on HIPAA

In its July newsletter, OCR announced a collaboration with the HHS Office of the National Coordinator for Health Information Technology (ONC) to seek user feedback and improvement suggestions on its Security Risk Assessment (SRA) Tool.

October 1, 2021
Briefings on HIPAA

H.R. 7898 became law on January 5, 2021, and amended the Health Information Technology for Economic and Clinical Health (HITECH) Act to require the secretary of HHS to consider certain recognized security practices of covered entities and business associates when making certain determinations, and for other purposes.

September 1, 2021
Briefings on HIPAA

With the first month of fall arrived, it’s time to start thinking of the year ahead—and, of course, to finish the year strong. We’ve gathered some HIPAA compliance tips to consider while getting through the final third of the year and building some compliance momentum heading into 2022.

September 1, 2021
Briefings on HIPAA

Chris Apgar, CISSP, answers submitted questions on a variety of HIPAA topics.

September 1, 2021
Briefings on HIPAA

HHS recently issued its Summer 2021 OCR Cybersecurity Newsletter, covering the topic of controlling access to ePHI. HHS officials cited a Verizon 2021 Data Breach Investigations report that found 61% of analyzed data breaches in the healthcare sector were perpetrated by external threat actors and 39% were carried out by insiders.

August 1, 2021
Briefings on HIPAA

Before the final HIPAA Privacy Rule updates are released, providers have a change to weigh in on the proposals. Read what they've said and how it might influence the final rule.

August 1, 2021
Briefings on HIPAA

Mary D. Brandt, MBA, RHIA, CHE, CHPS, answers submitted questions on a variety of HIPAA topics.

August 1, 2021
Briefings on HIPAA

The agency responsible for setting the rules for healthcare IT compliance underwent its own audit by the Office of Inspector General (OIG) recently. See what auditors found and where HHS needs to improve. 

July 1, 2021
Briefings on HIPAA

The Cybersecurity and Infrastructure Security Agency (CISA) and FBI have observed continued targeting through spearphishing campaigns using TrickBot malware in North America, according to a Joint Cybersecurity Advisory published in March and updated in May.