News & Analysis

ONC's risk assessment tool helps entities comply

May 1, 2014
Briefings on HIPAA

You hear it over and over again. Covered Entity (CE) A failed to produce an ongoing risk assessment for HIPAA security compliance. CE B had an incomplete risk analysis, leading to a failure to recognize security weaknesses and vulnerabilities. And in come the fines.

HIPAA Omnibus Rule simplified

May 1, 2014
Briefings on HIPAA

The HIPAA Omnibus Rule, which includes modifications to the privacy and security rules, is in full effect now. And guess what? There's no reason to be terrified.

Securing email and file transfers

May 1, 2014
Briefings on HIPAA

Despite gains in compliance and security potentially linked to industry emphasis on the HIPAA Omnibus Rule, some dangerous gaps remain regarding corporate email and file transfer habits.

Mental health records, marketing, PHI disposal

May 1, 2014
HIM Briefings

Q: I work for a hospital with a geriatric psychiatry unit. Many patients are discharged to nursing homes.

Wisconsin hospital restricts the use of thumb drives for storing PHI

April 1, 2014
Briefings on HIPAA

Rick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP, has one word for the HIPAA breach posted to OCR's wall of shame at the close of 2013: depressing.

Finish these sentences

April 1, 2014
Briefings on HIPAA

We ask one BOH advisory board member and columnist to answer some questions about how the roles of CEs and BAs have changed over the years.

Pages