HIPAA

Effective privacy and information security programs start with attention to governance. These eight guidelines will help establish and measure privacy and information security structure and processes.

Even the best security can be circumvented by an insider or a cutting-edge cyberattack but an organization doesn’t have to weather the cost alone. Cyber insurance can help cover a variety of breach expenses, and some policies even provide pre-breach services and tools designed to bring an organization’s security to the next level.

Q: Are county entities such as county counsel, public defenders, patient rights advocates, the courts, correctional facilities, and law enforcement required to comply with HIPAA?

Two misdirected faxes cost a New York City hospital $387,200 in a HIPAA settlement.

Q. My facility offers telehealth services as an originating site. Is the distant site acting as a BA in these situations? Is my facility responsible for ensuring the distant site is in compliance with the Security Rule?

A ransomware attack launched May 12 crippled systems around the world and raised questions about the healthcare industry’s ability to withstand a massive cyberattack.

Q: Is a covered entity required to see a copy of a business associate’s risk management and security plan? Do we need to have a copy of this in our files?

Q: Since our last risk analysis, we’ve added a patient portal. Do we need to include the patient portal in our risk analysis?

The Office for Civil Rights (OCR) announced its seventh HIPAA violation settlement of 2017, putting the agency well on its way to topping last year’s record-setting number of HIPAA settlements.