
Is HIPAA Training Required Annually?
Are you confused about HIPAA training? Are you unsure if HIPAA training is required annually or how often you should be providing security awareness training to your workforce? If so, we hope this post will […]
Are you confused about HIPAA training? Are you unsure if HIPAA training is required annually or how often you should be providing security awareness training to your workforce? If so, we hope this post will […]
There is no one-size-fits-all answer to the question of how often is HIPAA training required because, beyond the training requirements of the Privacy and Security Rules, the frequency of HIPAA training should be determined by […]
The Department of Health and Human Services’ Office for Civil Rights has issued guidance for healthcare providers on how the Health Insurance Portability and Accountability Act (HIPAA) applies to disclosures of protected health information (PHI) […]
Without doubt, the best HIPAA training is training that goes beyond the requirements of the Privacy and Security Rules so that Covered Entities and Business Associates have fully HIPAA-aware workforces that can identify potential HIPAA […]
A review of online HIPAA training courses shows a wide range of courses exist. Undoubtedly there are some which are more comprehensive than others, and while price is no guarantee of quality, those that acknowledge […]
If you study the text of the Health Insurance Portability and Accountability Act, the only mention of HIPAA compliance training for Business Associates appears within the Administrative Safeguards of the Security Rule. However, there are […]
Medical offices tend to have more access to PHI than most other healthcare departments and consequently HIPAA training for medical office staff may need to be more comprehensive – and more frequent – than the […]
It is easy to understand why Covered Entities and Business Associates might assume HIPAA training for IT professionals only needs to consist of the security and awareness training required by the HIPAA Security Rule. However, […]
The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has issued a security alert warning healthcare providers about a high-severity vulnerability that affects certain Hillrom Welch Allyn cardio products. The vulnerability is an authentication bypass issue, […]
The state of New Jersey has imposed another financial penalty to resolve violations of the Health Insurance Portability and Accountability Act (HIPAA) and the New Jersey Consumer Fraud Act, its third penalty in as many […]
The Dutch Data Protection Authority has imposed a €2.75 million (USD 3.1 million) financial penalty on the Dutch Tax Administration for the unlawful processing of the personal data of Dutch citizens with dual nationality, which […]
The General Data Protection Regulation applies to any data controller and processor who deals with the data of EU citizens or residents, whether the data handler is based within the European Union or not. In […]
There are two standards in the Health Insurance Portability and Accountability Act that directly relate to HIPAA training for employees – the training standard of the Privacy Rule´s Administrative Requirements (45 CFR § 164.530) and […]
There is no question that HIPAA training for nurses is mandated by the Administrative Requirements of the HIPAA Privacy Rule. However, the content of HIPAA training for nurses should go further than the minimum requirements […]
The HHS’ Office for Civil Rights has settled 4 more investigations into potential HIPAA Right of Access violations and has imposed one civil monetary penalty for the failure to provide timely access to medical records. […]
Because of some confusion about the HIPAA training requirements, many Covered Entities and Business Associates provide basic HIPAA training to all members of their workforces. While this is a good idea because it ensures everyone […]
HIPAA privacy training is sometimes confused with HIPAA Privacy Rule training which requires Covered Entities to train members of its workforce on policies and procedures “with respect to PHI […] as necessary and appropriate for […]
The issue of HIPAA training for managers is complex because, although the Security Rule states management must be included in security awareness training (45 CFR § 164.308), there is no guidance provided on what other […]
There are training requirements in both the HIPAA Privacy and Security Rules; however, many people are unsure about who should have HIPAA training. In this post, we explain the HIPAA training requirements, and which staff […]
The record retention requirements for different types of documentation can be vastly different. Here we explain how long you should keep employee HIPAA training records and other types of HIPAA documentation to ensure you remain […]
The healthcare and public health sector has been warned to take steps to reduce the risk of cyberattacks exploiting zero-day vulnerabilities. A zero-day vulnerability is a software flaw that has only just been brought to […]
Two bills have been signed by California Governor Gavin Newsom that impact the California Consumer Privacy Act (CCPA). The bills have added new exceptions to the right to opt-out of the sale of personal information […]
When you consider the risk analysis requirements of HIPAA, the potential for corrective action orders, and the inferences of the Security Rule training requirements, the provision of additional HIPAA refresher training training is practically unavoidable. […]
Most Covered Entities are aware that HIPAA training for new staff is a requirement of the Privacy Rule. However, there can be gaps in a Covered Entity´s understanding of which new staff require training, how […]
New Jersey has fined two printing companies $130,000 over an impermissible disclosure of the protected health information (PHI) of almost 56,000 New Jersey residents in 2016. The fine is part of a settlement reached between […]
HIPAA compliance training companies often provide trainees with a certificate at the conclusion of a HIPAA training course to demonstrate trainees have completed the course. This is sometimes referred to as HIPAA Certification, but what […]
HIPAA certification training for employees of HIPAA-covered entities or vendors that provide products or services to the healthcare industry has several advantages. In this post, we explain the benefits of HIPAA certification, but first it […]
An investigation conducted by the Dutch Data Protection Authority (DDPA) – Autoriteit Persoonsgegevens – into the data processing activities of the Dutch Tax and Customs Administration has uncovered violations of the core principles of the […]
The General Data Protection Regulation came into effect throughout the member states of the European Union on the 25th May 2018. As you are no doubt already well aware, the GDPR is, in simple terms, […]
Legacy systems and devices are pervasive in healthcare. Large healthcare organizations often have many systems and devices that contain components that have reached end-of-life and are no longer supported. When software, firmware, or hardware reaches […]
Any vendor that wants to provide goods or services to HIPAA-covered entities – healthcare providers, health plans, or healthcare clearinghouses – that requires access to protected health information (PHI) must comply with certain HIPAA provisions. […]
The Irish Data Protection Commission (DPC) has recently published a draft decision on its investigation of a complaint about Facebook’s data processing practices and found “a significant level of non-compliance” with Articles 5(1)(a), 12(1), and […]
An investigation of potential violations of the New Jersey Consumer Fraud Act (CFA), New Jersey Identity Theft Prevention Act (ITFA), and the Health Insurance Portability and Accountability (HIPAA) Act has resulted in a financial penalty […]
HIPAA privacy and security training must be provided to all new employees, when job functions change, or when there has been a material change in policies or procedures, and while training can take many forms, […]
Several vulnerabilities have recently been identified in medical devices such as insulin pumps, infusion pumps, and pacemakers which could be exploited in malicious attacks that could potentially kill patients and concern is growing about the […]
The introduction of vaccine mandates in many places of work has led many people to question how the Health Insurance Portability and Accountability Act (HIPAA) Rules apply to disclosures of COVID-19 vaccination information. There are […]
October is National Cybersecurity Awareness Month, an initiative launched by the National Cyber Security Alliance and the United States Department of Homeland Security in 2004 which is now in its 18th year. Throughout October, cybersecurity […]
How long does HIPAA training take? Basic HIPAA training can be provided in a session of up to an hour, although training can take considerably longer depending on the role of an individual in the […]
Ransomware and other destructive cyberattacks on healthcare delivery organizations (HDOs) can cripple IT systems, prevent access to protected health information, and often see appointments cancelled and patients redirected to other healthcare facilities. The disruption caused […]
A lawsuit filed against Blackbaud Inc. alleging violations of the California Consumer Privacy Act (CCPA) has survived a motion to dismiss. Judge Childs of the United States District Court for the District of South Carolina […]
The Federal Trade Commission (FTC) has a Health Breach Notification Rule, similar to the Breach Notification Rule of the Health Insurance Portability and Accountability Act (HIPAA). The FTC has recently released a Policy Statement confirming […]
HIPAA security awareness training is a requirement of the HIPAA Security Rule, which calls for HIPAA covered entities and their business associates to “implement a security awareness and training program for all members of its workforce (including […]
The Omaha, Nebraska-based pediatric care provider Children’s Hospital & Medical Center (CHMC) has agreed to pay a $80,000 financial penalty to resolve an investigation into an alleged violation of the Right of Access provision of […]
The Department of Health and Human Services’ cybersecurity department, the Health Sector Cybersecurity Coordination Center (HC3), has issued a warning to organizations in the health and public health sector alerting them to an elevated risk […]
Universities that aim to train the leaders of tomorrow´s healthcare industry must do everything in their power to prepare their students for the many challenges that they will face during their educational and professional lives. […]
The Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules must be adhered to by all covered entities and their business associates, hence it is particularly important for nurses to clearly […]
The healthcare sector in the United States faces escalating data security challenges due to the increased activity of cybercriminals – particularly since the beginning of the COVID-19 pandemic. Consequently, it may be necessary to commit […]
The Irish Data Protection Commission (DPC) has imposed a record €225 million ($267m) financial penalty on WhatsApp for ‘severe’ violations of the EU General Data Protection Regulation (GDPR). WhatsApp, which is owned by Facebook, is […]
Following the presidential declaration of an emergency in Louisiana and Mississippi due to Hurricane Ida, the Secretary of the Department of Health and Human Services has declared a public health emergency exists in those states […]
On June 2018, 2018, the California Consumer Privacy Act (CCPA) was signed into law, and the CCPA took effect on January 1, 2020. It has been more than 18 months since compliance with the privacy […]
Following best practices for GDPR compliance is vital for all businesses, organizations, and individuals covered by the EU privacy law. Compliance places a significant burden on covered entities, and if best practices for GDPR compliance […]
In most organizations, the recommended practices for password creation involve setting a unique password for all accounts, making sure the password is as random as possible – combining upper- and lower-case letters, numbers and special […]
The largest ever financial penalty for GDPR violations has been handed to Amazon by the Luxembourg Data Protection Authority – Commission Nationale pour la Protection des Données (CNPD). The fine eclipses the previous highest GDPR […]
Who can sue for a HIPAA violation? Unlike the California Consumer Privacy Act (CCPA), there is no private cause of action in HIPAA, so that means a patient cannot sue for a HIPAA breach even […]
The average cost of a data breach has increased 10% year-over-year, according to the IBM Security 2021 Cost of a Data Breach Report. Data breach costs have reached record levels and are higher than at […]
During the past twelve months, the number of recorded ransomware attacks against healthcare organizations – particularly small and medium sized practices – has increased significantly. Security experts believe the increase in recorded ransomware attacks is […]
It has been more than 3 years since the EU General Data Protection Regulation (GDPR) took effect, and while there was a slow start to policing compliance with the GDPR, the number of violations being […]
It has been a year since compliance with the California Consumer Privacy Act (CCPA) has been mandatory and financial penalties and sanctions have been possible for CCPA violations. The CCPA was introduced on January 3, […]
In Illinois Lake County Health Department has revealed that it has been impacted by two separate data breaches that could have impacted the protected health information (PHI) of approximately 25,000 patients. The initial breach took […]
Many healthcare data breaches are reported each year that involve unauthorized individuals gaining access to electronic protected health information (ePHI) stored on unsecured servers, including on-premises servers and those of cloud service providers. Without proper […]
The vast majority of entities covered by the Health Insurance Portability and Accountability Act (HIPAA) provide regular training to employees on their responsibilities under HIPAA, and employees are diligent and take care not to violate […]
A TLP:White Alert has been issued by the HHS’ Health Sector Cybersecurity Coordination Center (HC3) regarding vulnerabilities identified in Picture Archiving Communication Systems (PACS) that hospitals and other healthcare providers and research institutions use for sharing […]
Due to the volume of federal, state, and international privacy regulations, it is understandable some businesses may be uncertain about whether you can ask for proof of COVID-19 vaccination status. The short answer to the […]
The HIPAA breaches reported during April 2021 show a huge increase in the number of data breaches recorded from January to April 2021 compared with the same period in 2020. The amount of HIPAA breach […]
Introduced on September 1, 2012, Texas House Bill 300 (HB 300) expands the existing privacy requirements of the Texas Medical Records Privacy Act to any individual or organization that has access to the Protected Health […]
Four new zero-day vulnerabilities in Microsoft Exchange Server versions 2013, 2016, and 2019 have been discovered by the U.S. National Security Agency (NSA). These versions of Microsoft Exchange Server must be patched as soon as […]
On January 28, 2021 malware was discovered on databases holding private patient at the data La Clinica de la Raza in Oakland, CA. The clinic is now getting in touch with a range of patients to […]
Booking.com has been penalised and fined to the tune of €475,000 ($560,000) after being found guilty of failing to report a data breach within the time period set down by the European Union’s General Data […]
Although the text of HIPAA contains only one reference to passwords, there are several other areas of the Act in which it is inferred HIPAA password requirements exist. For example, under the Technical Safeguards of […]
The new General Data Protection Regulation (GDPR) which comes into force in May 2018 does not outlaw the use of a simple username and static password system for accessing personal data, but GDPR does state […]
The value of providing healthcare students with Health Insurance Portability and Accountability Act (HIPAA) training cannot be underestimated as it can prevent serious data breaches from occurring while also increasing the employability of the individuals […]
In any healthcare or healthcare insurance organization it is crucial anyone who comes into contact with patient data is fully aware of what is defined as Protected Health Information (PHI) under HIPAA to ensure they […]
Most HR managers will be aware that if the organization operates a self-funded health insurance plan which is also self-administered, employees with access to protected health information (PHI) are required to undergo HIPAA training. HIPAA […]
Any entity found to have violated the Health Insurance Portability and Accountability Act (HIPAA) Rules can face massive financial penalties and administrative sanctions. For this reason it is crucial for employees to have an in-depth […]
Law firm DLA Piper has published a report that shows European Union-based businesses paid fines totalling €272.5m ($329m) for an extensive list of breaches of the General Data Protection Regulation (GDPR) since it was first […]
Trying to come up with a definitive answer to the question ‘Who Enforces HIPAA?’ can bring up two very different answers. On one hand there are the official bodies and agencies that are charged with […]
It is crucial that all members of staff at a HIPAA governed entity are completely aware of their obligations under the data privacy legislation – if not it could lead to financial penalties for the […]
Every HIPAA-covered entity must conduct HIPAA training on an ongoing basis to ensure that all employees know what they must do to avoid a HIPAA breach occurring. Equally important as conducting the training is choosing […]
In Norway the data protection body, Datatilsynet, has sanctioned a fine of over $11.7 million for Gay dating app Grindr as it failed to get proper consent from users before sharing their personal information with […]
Roper St. Francis Healthcare has made contact with 189,761 patients to make them aware that a portion of their protected health information was included in the staff employee email account to which access was illegally […]
Following a preliminary judgement released by the Data Protection Commission (DPC) in Ireland, which has been shared with other European Union-based data protection regulation bodies for further review, WhatsApp may be sanctioned with a penalty […]
With the passing, in November 2020, of the California Privacy Rights Act, came a range of new obligations for businesses operating in the State. They must now move swift to make sure that every member […]
In Germany the data regulation authority in the Lower Saxony region has sanctioned a financial penalty of €10.4m against a a local laptop retailer due to the breach of the European Union’s general Data Protection […]
The General Data Protection Regulation (GDPR) became enforceable on May 25 2018 and brought with it a number of rules that could, if broken, may result in the sanctioning of heavy fines. One sector where […]
The European Court of Justice is considering issuing a ruling that will allow a complaint in relation to the General Data Protection Regulation (GDPR) to be heard by the the data protection authority in any […]
Telehealth is an area that is very important to pay particular attention to when addressing the Health Insurance Portability and Accountability Act (HIPAA) compliance so it is important to be aware of the many different […]
A recent report published by Finbold, the online financial news and analysis portal, relating to fines sanctioned during 2020 for breaches of the European Union’s General Data Protection Regulation, has indicated that €171.3m in financial […]
An update on the Departments of Health and Human Services’ (HHS) Office for Civil Rights (OCR) breach portal has revealed that a previously-employed contract staff member may have illegally accessed the medical records of a […]
In the third quarter of 2020, an alert was released for the healthcare and public health sector in the aftermath of a spike in ransomware activity being identified. The joint CISA, FBI, and HHS cybersecurity […]
Due to the end of the Brexit transition period on January 1 2021, the United Kingdom was dues to be designated as a ‘third country’ in relation to the the European Union’s General Data Protection […]
Copyright © 2023 ComplianceJunction