News & Analysis

December 28, 2016
Briefings on HIPAA

Breaches and audits brought much needed attention to HIPAA

December 26, 2016
Briefings on HIPAA

Q. Are we required to use encryption on all email, or only email that contains PHI?

December 12, 2016
Briefings on HIPAA

Information security officers often have their hands full with HIPAA. But as high-deductible health plans have patients paying more out of pocket, it’s time organizations took a closer look at another set of cybersecurity guidance: the Payment Card Industry Data Security Standard (PCI DSS).

December 1, 2016
Briefings on HIPAA

It’s been a challenging year for HIPAA compliance. OCR levied more than $20 million in breach settlement fines. Ransomware rocked the healthcare industry.

October 1, 2016
Briefings on HIPAA

Social media is everywhere—even inside the walls of hospitals. Staff may log into personal accounts during lunch breaks, and many organizations maintain official social media accounts; plus, of course, patients and visitors often rely on social media to keep in touch with friends and family. For many, social media is so much a part of their everyday routine that the benefits are almost too obvious to list. Yet the risks—including potential HIPAA violations—are often not as clear, and privacy and security officers need to stay aware of them.

October 1, 2016
Briefings on HIPAA

As OCR's auditors wrap up the final desk audit reports for phase two of the HIPAA audit program, many covered entities (CE) are breathing a little easier. Only 167 CEs were selected for desk audits in July. Audited CEs can expect to wait several months to see the final audit reports, although they will have the opportunity to review a draft version and submit comments that will be attached to the final report.

But phase two is far from over. Business associates (BA) will be selected for desk audits this fall—the first time these entities will be subject to OCR's HIPAA audits. And early next year, OCR will launch comprehensive on-site audits of both CEs and BAs.

Pages