OCR Provides Update on HIPAA Enforcement Efforts

The recent WannaCry ransomware attack impacting hospital and healthcare information systems worldwide shone a bright light on the vulnerabilities of most healthcare provider’s networks. But the problem extends far beyond this one case. In fact, there are near daily reports of patients’ private information being accessed due to a lack of appropriate security measures. And, […]

Is Your Telemedicine Company HIPAA Compliant?

UPDATE: According to a news release, the lawsuit filed against MDLive, Inc. was voluntarily dropped by the law firm that originally filed it. MDLive has since published a fact sheet responding to the allegations. A lawsuit seeking class action status recently filed against Telehealth provider MDLive, Inc. underscores the need for all healthcare companies using […]

Why You Need a HIPAA-Compliant Business Associate Agreement

The recent announcement by The Department of Health and Human Services’ Office for Civil Rights (OCR) that it agreed to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) with The Center for Children’s Digestive Health (CCDH) should serve as a lesson to other healthcare organizations about the need to obtain signed, […]

HIPAA Data Breach Deadline Fast Approaching

Last week, we wrote about the increasing number of healthcare-related data breaches and how important it is for providers to find better ways to protect their patients’ personal healthcare information. In just a few days – on March 1 – HIPAA-covered entities must submit reports of certain breaches of unsecured protected health information affecting fewer […]

HIPAA Compliance in 2017: The Heat is on

The doctor-patient relationship has always involved a certain level of privacy. But over the years, the stakes for healthcare providers who violate patient privacy have increased exponentially. Barely two months into 2017 and already we are seeing increased activity. A newly released report from Protenus in conjunction with databreaches.net, January saw 31 healthcare data breaches […]

New Rule Makes it Easier to Share Substance Abuse Information While Protecting Privacy

The U.S. Department of Health and Human Services recently finalized changes to federal regulations relating to the confidentiality of substance-use disorder patient records. Published in the Federal Register on January 18, the rule makes it easier to share the medical history of patients undergoing substance abuse treatment in federally funded drug and alcohol treatment programs, […]

EHR disruptions: Do you have a Plan B?

We’ve all lived through them – power outages, computer malfunctions, etc. And, for the most part, they are minor inconveniences. But for healthcare institutions, disruptions such as these can mean the inability to access patient health records and that can literally mean the difference between life and death. Add in the recent incidences of cyberattacks […]

HIPAA Compliance Crackdown Requires Increased Vigilance

Last month, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced two big settlements involving alleged violations of the Health Insurance Portability and Accountability Act (HIPAA). Those cases brought to six the number of HIPAA-related cases settled since the start of 2016. It also underscores the need for healthcare providers […]

OCR launches Phase 2 HIPAA Audits

The U.S. Department of Health and Human Services Office of Civil Rights has launched Phase 2 of its long-awaited HIPAA Audit Program. OCR has already begun sending out address verification letters, which will be followed by a questionnaire. The new round of privacy and security audits will focus on the business associates of healthcare providers, […]

With the new year comes greater HIPAA oversight

HIPAA-regulated entities can expect 2016 to be the year of increased oversight. That’s when the Health and Human Services Department’s Office for Civil Rights (OCR) begins Phase II of its audit program. The program is expected to focus on common areas of noncompliance and will include HIPAA-covered entities as well as business associates. Phase 2 […]