September 21, 2020
Briefings on HIPAA

Q: We recently took a survey and many of our employees admitted to saving their passwords in a Word® document or a Notes® file on their phone. Is this riskier than having passwords written down on paper and stored in a safe place at work or home? How can we discourage employees from writing down their passwords anywhere?

September 14, 2020
Briefings on HIPAA

In the world of security, there is one question that never seems to go away: Are ransomware attacks automatically considered to be breaches?

September 7, 2020
Briefings on HIPAA

HHS and the Substance Abuse and Mental Health Services Administration (SAMHSA) finalized the 42 CFR Part 2 Revised Rule in July, implementing updated regulations governing the confidentiality of patient records for the treatment of substance use disorders (SUD).

August 31, 2020
Briefings on HIPAA

As hospitals and health systems continue to learn about the growing number of security threats and their consequences, the role of the chief information security officer (CISO) has become more significant.

August 24, 2020
Briefings on HIPAA

Q: Many organizations have outsourced their PHI disposal for years. With coronavirus limiting the number of people coming in and out of medical facilities, what are your suggestions for organizations that now have to take care of PHI disposal themselves? What are the most important things to remember when handling this process?

August 17, 2020
Briefings on HIPAA

Have you ever heard someone say, “I can’t tell you because HIPAA says I can’t”? Often, that’s not true.

August 10, 2020
Briefings on HIPAA

The novel coronavirus (COVID-19) pandemic upended the U.S. healthcare system in innumerable ways. Experts believe the new post-COVID-19 normal will not be exactly the same as it was pre-pandemic. For one, telehealth is here to stay.

August 3, 2020
Briefings on HIPAA

An organization’s privacy and security policies are only as effective as its training. All the right work can be done at the top level, but if the messages are not clearly disseminated to staff, an organization can find itself in a difficult position.

July 27, 2020
Briefings on HIPAA

Q: I have read recently about the uptick in “vishing,” or voicemail messaging scams, targeting remote healthcare workers. What are your recommendations for protecting against this type of threat?

July 20, 2020
Briefings on HIPAA

As the healthcare industry continues to transition from face-to-face appointments to telehealth during the novel coronavirus (COVID-19) pandemic, reports of video conference hijacking are emerging nationwide.

July 13, 2020
Briefings on HIPAA

When the severity of the novel coronavirus (COVID-19) became apparent in March, employers across the country sent their workers home. Nonclinical employees of healthcare organizations were among those who were forced to create a new office space in the living room or kitchen.

July 6, 2020
Briefings on HIPAA

Healthcare organizations can discover breaches in a variety of ways. Unfortunately, some organizations may not be aware that they have been breached until an outside party contacts them with the two dreaded words: dark web.

June 29, 2020
Briefings on HIPAA

Q: Many media organizations are filming outside the premises or sometimes even in the hospital. When they interview hospital leaders and health officials, this can be done with things happening in the background. How can hospitals prevent accidental disclosures—a patient’s face showing up in the background during an interview, for example? What should the rules be for media looking to film at the facility?

June 22, 2020
Briefings on HIPAA

Two months into the COVID-19 pandemic, people are gradually beginning to return to work. What steps need to be taken to make sure data and devices are secure?

June 15, 2020
Briefings on HIPAA

As soon as the novel coronavirus (COVID-19) entered the United States, reports began to surface detailing an increased rate of cyberattacks against healthcare entities. That trend is unlikely to change anytime soon.

June 8, 2020
Briefings on HIPAA

The spike in malicious cyberactivity during the COVID-19 pandemic creates an increased risk for healthcare organizations.

June 1, 2020
Briefings on HIPAA

Q: Like other hospitals, we have had many patients transported via ambulance with COVID-19 symptoms. Once these patients are tested for the virus, are we permitted under HIPAA to disclose their test results to the first responders who treated them and brought them to the hospital? Should the first responders be made aware when they have interacted with a patient who has tested positive?

May 25, 2020
Briefings on HIPAA

As we cope with the COVID-19 pandemic, it is important to take a few extra measures to protect your organization, your patients, and your clients—as well as your data.

May 18, 2020
Briefings on HIPAA

Society has become increasingly reliant on social media, utilizing various platforms to connect with friends and colleagues, share opinions, and access information.

May 11, 2020
Briefings on HIPAA

Even before the floodgates opened with COVID-19, healthcare providers were dealing with a dramatic increase in ransomware attacks.

May 4, 2020
Briefings on HIPAA

Q: I understand that disclosures of PHI can be made to law enforcement without patient authorization when the patient is suspected of committing a crime. What disclosures are permitted when law enforcement officials are investigating another person of a crime and a patient’s PHI may or may not provide evidence?

April 27, 2020
Briefings on HIPAA

Hospitals, health systems, and long-term care facilities are being challenged by census workers requesting information about patients and residents to conduct an accurate census. Some have gone as far as stating that they have a right to access hospital electronic health records (EHR).

April 20, 2020
Briefings on HIPAA

As employers prepare for possible impacts of the Coronavirus (COVID-19), one important step is to review the types of health disclosures that the Health Insurance Portability and Accountability Act (HIPAA) does and does not allow in such times of crisis.

April 13, 2020
Briefings on HIPAA

While the healthcare industry rightfully remains focused on handling the COVID-19 pandemic, compliance officers should also be aware of two rules that dropped in early March.

April 6, 2020
Briefings on HIPAA

Healthcare facilities across the world are faced with myriad challenges as they aim to diagnose and treat cases of COVID-19. HHS and the Office for Civil Rights (OCR) have instituted several changes during the nationwide public health emergency, some of which modify HIPAA laws and directly impact healthcare organizations around the country.

March 30, 2020
Briefings on HIPAA

Q: HHS recently issued a notice that fee limitations will apply only to an individual’s request for access to their own records and not to an individual’s request to transmit records to a third party. Will limitations imposed by state law now apply?

March 23, 2020
Briefings on HIPAA

The healthcare industry in the United States has experienced a significant increase in ransomware attacks, and the trend is likely to continue. It’s easy money for the hackers.

March 16, 2020
Briefings on HIPAA

As the novel coronavirus remains a threat across the globe, healthcare organizations should brush up on procedures for handling and sharing protected health information (PHI) during the outbreak of an infectious disease.

March 1, 2020
Briefings on HIPAA

As we move into a new decade, the burgeoning partnerships between giant tech companies and healthcare organizations bring great promise and many questions.

February 24, 2020
Briefings on HIPAA

Front-office staff in facilities can see frequent turnover, requiring frequent training in order to keep them up to date. Use the following information to ensure staff is prepared for handing PHI and responding to patient requests.

February 17, 2020
Briefings on HIPAA

Now that training gaps have been identified, training development can begin. Some topics to consider here are subject matter experts, training delivery method, and the use of outside vendors.

February 10, 2020
Briefings on HIPAA

Education and training are critical components of an effective compliance plan. Training and education serve to set the tone for the compliance program and the ethics of the organization.

February 3, 2020
Briefings on HIPAA

Click on the following links to see all the stories Briefings on HIPAA published in 2019.

January 27, 2020
Briefings on HIPAA

A large HIPAA breach settlement after a hospital system’s alleged failure to follow the feds’ suggested solution is a reminder that when it comes to enforcement, the government is holding all the cards.

January 20, 2020
Briefings on HIPAA

While the Privacy Rule applies to various types of health information, the Security Rule only applies to electronic protected health information (ePHI). The major goal of the Security Rule is to ensure proper safeguards are in place for the storing, maintaining, and transmission of ePHI.

January 1, 2020
Briefings on HIPAA

With 2020 underway, it’s a good time for facilities to review the standards set forth by the rules that define HIPAA regulations. Without a thorough understanding throughout an organization, it can be easy for violations to occur.

December 1, 2019
Briefings on HIPAA

Behavioral health facilities and professionals experience some unique challenges when it comes to handling PHI and patient requests. The following article offers tips for handling those challenges and scenarios to consider.

December 1, 2019
Briefings on HIPAA

When voluntary disclosure for overpayments is an option rather than an obligation, the provider may encounter diverse opinions among its decision-makers. Some may express a desire to bring the potential problem to the attention of the government and attempt to resolve the matter quickly without incurring criminal penalties, civil fines, or exclusions.

December 1, 2019
Briefings on HIPAA

The application of attorney-client privilege is somewhat more complicated in situations where the client is a corporation. Although corporations are entitled to the same protection of confidentiality as noncorporate clients, the application of the privilege often turns on which corporate officials and employees sufficiently personify the corporation as a client.

December 1, 2019
Briefings on HIPAA

In many companies, the compliance officer is the first to become aware of a potential compliance problem that could lead to civil or criminal liability. A best practice is to give the compliance officer the authority to conduct internal investigations.

November 1, 2019
Briefings on HIPAA

OCR enforces the HIPAA Privacy, Security, and Breach Notification rules. Failing to properly manage and oversee remote access to and the protection of health information can be costly, as the following three cases demonstrate. 

November 1, 2019
Briefings on HIPAA

Our expert answers questions about patient diagnosis codes, same-sex partners, and privacy screens.

November 1, 2019
Briefings on HIPAA

In addition to physical and technical safeguards, the HIPAA Security Rule requires covered entities and business associates to implement administrative protections, including workforce training and management.

November 1, 2019
Briefings on HIPAA

Working remotely has many benefits for employers and employees. A Stanford study found that working from home boosts employee productivity, which was attributed to taking fewer breaks and sick days and working in quieter, more convenient work environments.

October 28, 2019
Briefings on HIPAA

Our expert answers HIPAA questions about right to access, file transfer protocol (FTP) servers, and former employees.

October 21, 2019
Briefings on HIPAA

HIPAA-compliance experts discuss the most significant changes that have taken place since January 1, 2010.

October 14, 2019
Briefings on HIPAA

In an interview with Briefings on HIPAA, Tim Noonan, deputy director for the Division of Health Information Privacy at OCR, discussed cybersecurity and trends in reports of unsecured PHI to OCR. This article includes the highlights.

October 7, 2019
Briefings on HIPAA

OCR meant what it said in February of this year about patients’ right of access to their medical records. The HIPAA Privacy and Security Rule enforcer issued its first enforcement action under its “Right of Access Initiative” in September.

September 30, 2019
Briefings on HIPAA

Employees need to know what to do and what not to do when it comes to ensuring protected health information (PHI) remains secure. That’s where TeachPrivacy comes in as an excellent resource for quality staff training.

September 23, 2019
Briefings on HIPAA

Our expert answers HIPAA questions about nurse snooping, BA breach notifications, NPP placement.

September 16, 2019
Briefings on HIPAA

Many healthcare organizations aren’t doing a great job assessing the HIPAA risks associated with third parties. Some are having a hard time devoting resources. And many are worried that their current manual risk management processes cannot keep pace with cyberthreats.

September 9, 2019
Briefings on HIPAA

Patients are getting emboldened in the digital age and want quicker, more efficient—immediate, really—access to medical records. Further, the government is reinforcing existing regulations and creating new rules around data sharing that require entities to make healthcare records more accessible and deliver records to patients in their desired electronic format. Technology innovation has made this much easier for healthcare facilities to accomplish.

August 1, 2019
Briefings on HIPAA

OCR in 2013, through the Health Information Technology for Economic and Clinical Health (HITECH) Ac,t issued a final rule identifying provisions of the HIPAA rules that apply directly to business associates (BA) and those provisions for which BAs are directly liable.

August 1, 2019
Briefings on HIPAA

HIPAA training is required by the HIPAA rules, under § 164.530, Administrative requirements. But just because it’s required doesn’t mean it has to be repetitive, boring, or unappealing. There are ways to make your healthcare staff excited about HIPAA training. At the very least, you can do your part to make sure they’re engaged.

August 1, 2019
Briefings on HIPAA

HIPAA security officers arguably have more on their plates now than ever before as the cloud and mobile era are fully upon us and potential cybercriminal access to PHI increases,

August 1, 2019
Briefings on HIPAA

Our expert answers HIPAA questions about out-of-state patients, smartphones, and HIPAA training.

July 29, 2019
Briefings on HIPAA

Consider hiring a CPA firm to conduct Service and Organization Controls audits and penetration testing to assess your security.

July 29, 2019
Briefings on HIPAA

Our expert answers HIPAA questions about disclosures of entire medical records, accidental records access, and more.

July 22, 2019
Briefings on HIPAA

A recent HIPAA breach that involved transmission of PHI to only one party—a reporter—nonetheless cost a Connecticut practice $125,000, in part because the practice didn’t take simple precautions.

July 15, 2019
Briefings on HIPAA

Large-scale data breaches in the healthcare industry show no sign of decreasing. In this mid-year recap, we discuss the largest breach of 2019.

July 8, 2019
Briefings on HIPAA

Blockchain technology solutions have recently become a hot topic in the healthcare industry. Before considering blockchain as a future security solution, it is important to understand what it is, how it could work for medical facilities, and what the risks and benefits are.

June 24, 2019
Briefings on HIPAA

In this month's security Q&A, our expert answers questions on smart devices used in residential care, security incidents vs. security breaches, clinical staff using personal cell phones, and more.

June 17, 2019
Briefings on HIPAA

It can be impractical for medical researchers to seek authorization from all the patients whose medical records are sought for a study. That’s why HIPAA allows researchers to use de-identified PHI from records without individual authorization.

June 10, 2019
Briefings on HIPAA

In June 2018, the state of California passed the California Consumer Privacy Act of 2018 (CaCPA), which has implications for healthcare professionals doing business in California, but with other states proposing similar bills, it’s worth taking a look to see what these privacy laws mean for HIPAA compliance and privacy more broadly.

June 3, 2019
Briefings on HIPAA

HIPAA professionals all work to prevent their facilities from getting fined by OCR for violations of HIPAA’s Privacy, Security, and Breach Notification rules, but you need to stay up to date on what those penalties could be and where OCR stands on enforcement.

May 27, 2019
Briefings on HIPAA

In this month's HIPAA Q&A, our expert answers questions on color-coded filing systems, overseas providers, coordinating with research hospitals, and more!

May 27, 2019
Briefings on HIPAA

In this month's issue, our expert answers questions on color-coded filing systems, sharing information with overseas providers, coordinating research with hospital employees, and more!  

May 20, 2019
Briefings on HIPAA

Not all governance, risk management, and compliance (GRC) solutions are built the same. If you’re in the market for one and are working in the healthcare industry, check out ComplyAssistant.

May 13, 2019
Briefings on HIPAA

Care coordination has been at the heart of recent healthcare redesign efforts, which includes integrating primary care with behavioral and mental healthcare, but misunderstandings about how and when HIPAA applies can lead to unnecessary delays and leave organizations vulnerable to compliance risks.

May 6, 2019
Briefings on HIPAA

If a lawyer hits you with a subpoena for a patient’s protected health information, don’t panic—or you may not only violate the patient’s privacy rights under HIPAA, but also be subject to civil action under state law.

April 29, 2019
Briefings on HIPAA

In this month's security Q&A, our expert answers questions on the location of data backups, telehealth services using video conferencing, cloud service providers outside the U.S., and more!

April 22, 2019
Briefings on HIPAA

There are fewer hoops to jump through when another provider requests a practice’s patient records than when an attorney requests them, but the requesting providers don’t have an automatic right to those records, and you can’t just hand them over.

April 15, 2019
Briefings on HIPAA

Once you understand the basics of privacy and disclosure of PHI under HIPAA, strive to keep staff trained. According to Section 164.530 (b) of the Privacy Rule, a covered entity must train all members of their workforce on the policies and procedures with respect to PHI as necessary and appropriate.

April 8, 2019
Briefings on HIPAA

Hospital mergers and acquisitions remain the trend, and many hospital systems and other healthcare organizations cover multiple states, so understanding and keeping track of different state privacy laws can get complicated.

April 1, 2019
Briefings on HIPAA

Gaps in mobile security remain a threat to your protected health information and leave you vulnerable to HIPAA violations, so train and, if necessary, restrain employees to reduce the risk.

March 25, 2019
Briefings on HIPAA

In this month's HIPAA Q&A, our expert answers questions on shared insurance policies, posting thank-you notes in employee-only areas, referrals to Part 2 facilities, and more!

March 18, 2019
Briefings on HIPAA

In this month's Product Watch, we look at a managed service provider (MSP) that offers HIPAA-compliant MSP services, managed security services, disaster recovery sites, and the technical support to help covered entities and business associates breathe easier

March 11, 2019
Briefings on HIPAA

As telehealth expands and technology improves, there are an increasing number of options for communication between healthcare providers and patients as well as between providers, but such services raise concerns for HIPAA compliance due to the method of transmission and issues of security compliance.

March 4, 2019
Briefings on HIPAA

Patient matching is a concern at every level of patient care, and it can have ramifications for HIPAA compliance as well.

February 25, 2019
Briefings on HIPAA

In this month's HIPAA Q&A, our expert answers questions on medical record requests, health insurance exchanges, fines when there has been no breach of PHI, and mandatory encryption.  

February 18, 2019
Briefings on HIPAA

Not only does your organization need  appropriate policies and procedures in place to comply with HIPAA, you also need to make sure that staff members follow those policies and procedures. It’s not an easy task, and each organization has its own way of auditing compliance.

February 11, 2019
Briefings on HIPAA

Keeping your privacy, security, and breach notification policies and procedures up to date is part of HIPAA compliance, and this requires regular audits and monitoring.

February 4, 2019
Briefings on HIPAA

In recent months, OCR has expressed concern that providers and other covered entities may be reluctant to inform and involve the loved ones of individuals facing health crises like opioid use disorder for fear of violating HIPAA. Here, we look at some common misconceptions about privacy under HIPAA and point to the information that patients and families need to know.

January 28, 2019
Briefings on HIPAA

In this month's HIPAA Q&A, we answer your questions about making changes to patient records, the difference between consent and authorization, vaccination data, and more!

January 21, 2019
Briefings on HIPAA

In this month's Product Watch, we look at a phishing and social engineering threat simulator that includes security awareness training intended to mitigate the threat of phishing and the risk of a data breach.

January 14, 2019
Briefings on HIPAA

The healthcare sector is a frequent target of cyberattacks due to the value of PHI, which is the target of financial identity theft and medical identity theft. To safeguard PHI, you need to know the differences among phishing, ransomware, and DoS attacks.

January 7, 2019
Briefings on HIPAA

In December, HHS Office for Civil Rights (OCR) released a request for information seeking input from the public in order to identify provisions of HIPAA that may impede value-based care or limit care coordination among individuals and covered entities, and which do not meaningfully contribute to protecting the privacy and security of protected health information.

December 24, 2018
Briefings on HIPAA

In this month's HIPAA Q&A, we answer your questions about sending unencrypted emails to the right recipient, discussing patients with colleagues, scheduling appointments for spouses, and filing complaints against insurance companies.

December 17, 2018
Briefings on HIPAA

2018 was a year of large settlements and high-volume data breaches. According to OCR’s breach report portal, among the more than 250 reported data breaches under investigation, 14 incidents exposed the PHI of more than 100,000 individuals each.

December 10, 2018
Briefings on HIPAA

The opioid crisis in the U.S. continues to touch on issues of patient rights and privacy. In October, OCR launched an education campaign about civil rights protections that include specific guidelines for covered entities under HIPAA

December 3, 2018
Briefings on HIPAA

The HHS published its semiannual agenda in October, and some items on the list could mean changes for HIPAA.

November 26, 2018
Briefings on HIPAA

This month's HIPAA Q&A includes answers on destroying paper records, doctors communicating with patients from their phones, copies of subcontractor agreements, and more!

November 26, 2018
Briefings on HIPAA

In this month's Product Watch, we look at a training service that uses modules focused on specific HIPAA requirements such as business associate management, staff involvement in conducting a risk analysis, and mobile device security.

November 19, 2018
Briefings on HIPAA

There is a lot of pressure on hospitals and other healthcare providers to improve the patient experience by utilizing mobile health apps to make it easier to communicate with patients and their families. But with the pros of mobile apps come cons.

November 12, 2018
Briefings on HIPAA

As healthcare becomes more mobile, there are increasing concerns with device security, particularly when physicians and other healthcare professionals use their personal mobile devices to do their work and to communicate with patients.

November 5, 2018
Briefings on HIPAA

Third-party business associates and medical device vendors play a huge role in healthcare, and as healthcare becomes more network-reliant, security for medical devices and third-party vendors is critical.

October 29, 2018
Briefings on HIPAA

This month's Q&A answers to readers' questions on collecting payment, contacting physicians, overhearing medical examinations in the emergency department, and discussing the health of adult children.

October 22, 2018
Briefings on HIPAA

HIPAA allows patients to request amendments to their medical records. Facilities are not required to automatically make whatever change a patient requests, but they must allow patients to make the requests and follow a specific process for handling them.

October 15, 2018
Briefings on HIPAA

After two delays, the revisions to Federal Policy for the Protection for Human Subjects (45 CFR 46), also known as the “Common Rule,” will now go into effect January 21, 2019.

October 8, 2018
Briefings on HIPAA

 Millions of medical records are sent to insurance companies every year by hospital and health system business office personnel to expedite claims payment, respond to payer audits, or fulfill other payer denial requests for information. And any time medical records are handled, HIPAA concerns come into play.