The purpose of HIPAA training is to educate healthcare professionals and employees about the regulations and requirements of the HIPAA, enabling them to understand their roles and responsibilities in protecting patient privacy, ensuring the security of protected...
In recent years, there has been an increase in the number of companies offering online HIPAA training for employees. While there are many circumstances in which training courses of this nature can be beneficial, it is important for Covered Entities and Business...
There is no question that HIPAA training for nurses is mandated by the Administrative Requirements of the HIPAA Privacy Rule. However, the content of HIPAA training for nurses should go further than the minimum requirements of the Privacy Rule training standard to...
In July 2019, members of the workforce at Aveanna Healthcare were targeted with more than 600 phishing emails from an unknown source, attempting to trick the recipients into disclosing login credentials and other sensitive information. Many of the phishing emails were...
The HHS’ Office for Civil Rights has recently issued guidance on online tracking technologies and HIPAA for covered entities and business associates to help them avoid violations of HIPAA and patient privacy. Online tracking technologies consist of a script or code...
HIPAA privacy training is sometimes confused with HIPAA Privacy Rule training which requires Covered Entities to train members of its workforce on policies and procedures “with respect to PHI […] as necessary and appropriate for the members of the workforce to carry...
Although small hospitals may have fewer resources than larger organizations, the nature of HIPAA training for small hospitals will generally be the same as that provided by larger organizations – the only potential difference being that small hospitals may have...
Most Covered Entities are aware that HIPAA training for new staff is a requirement of the Privacy Rule. However, there can be gaps in a Covered Entity´s understanding of which new staff require training, how much training should be provided to meet the training...
Regardless of whether clinics are part of large healthcare systems or independent entities, the nature of HIPAA training for clinics should be the much the same. All members of the workforce should undergo Privacy Rule training and participate in a security and...
HIPAA compliance training companies often provide trainees with a certificate at the conclusion of a HIPAA training course to demonstrate trainees have completed the course. This is sometimes referred to as HIPAA Certification, but what exactly does HIPAA...
In January 2021, an amendment to the HITECH Act was enacted by Congress that required the Secretary of the Department of Health and Human Services to consider the “Recognized Security Practices” that have been implemented by a HIPAA-regulated entity when making...
Medical offices tend to have more access to PHI than most other healthcare departments and consequently HIPAA training for medical office staff may need to be more comprehensive – and more frequent – than the training typically provided to a Covered Entity´s...
For healthcare professionals, including those in clinical and administrative roles, the typical duration of HIPAA training for annual refresher sessions is around 90 minutes. This timeframe allows for a comprehensive review of key concepts, updates to regulations, and...
There are training requirements in both the HIPAA Privacy and Security Rules; however, many people are unsure about who should have HIPAA training. In this post, we explain the HIPAA training requirements, and which staff members should be provided with training to...
It is easy to understand why Covered Entities and Business Associates might assume HIPAA training for IT professionals only needs to consist of the security and awareness training required by the HIPAA Security Rule. However, there are many circumstances in which the...
The nature of HIPAA training for healthcare administrators can vary considerably depending on factors such as an organization´s size, the responsibilities assigned to healthcare administrators, and individuals´ existing knowledge of HIPAA. It can also be the case...
A hacking incident reported by Oklahoma State University – Center for Health Sciences (OSU-CHS) in January 2018 was investigated by the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) which identified violations of 7 provisions of the...
Let us imagine the following scenario: In an effort to improve data security and conform with GDPR requirements, a small to medium sized business decides to implement a new policy of password protection; new passwords are to be issued to each employee on a weekly...
Universities that aim to train the leaders of tomorrow´s healthcare industry must do everything in their power to prepare their students for the many challenges that they will face during their educational and professional lives. Healthcare students are facing...
The healthcare sector in the United States faces escalating data security challenges due to the increased activity of cybercriminals – particularly since the beginning of the COVID-19 pandemic. Consequently, it may be necessary to commit more resources to...
There has been a significant growth in recent years in companies offering web-based HIPAA training courses. While these courses can provide valuable information about HIPAA and the reasons why policies and procedures exist to safeguard Protected Health Information...
The HHS’ Office for Civil Rights has announced it has resolved 11 more cases involving violations of the HIPAA Right of Access. 10 of the cases were settled with OCR, and one Civil Monetary Penalty was imposed due to the lack of cooperation with OCR and the failure to...
There are two standards in the Health Insurance Portability and Accountability Act that directly relate to HIPAA training for employees – the training standard of the Privacy Rule´s Administrative Requirements (45 CFR § 164.530) and the security awareness and training...
The issue of HIPAA training for managers is complex because, although the Security Rule states management must be included in security awareness training (45 CFR § 164.308), there is no guidance provided on what other areas of HIPAA managers should be trained on....
Solo private practices and small group practices are subject to the same HIPAA regulations as nationwide health care systems, and therefore HIPAA training for small medical practices has to cover the same range of subjects as much larger organizations – with fewer...
The HIPAA EHR rules stipulate the measures healthcare organizations are required to implement to protect health information maintained on EHRs against impermissible uses and disclosures. Unfortunately, not all healthcare organizations fully comply with the HIPAA EHR...
President Biden has issued an Executive Order on Protecting Access to Reproductive Healthcare Services following the Supreme Court decision that overturned Roe v. Wade. According to the Supreme Court, there is no right to abortion in the Constitution of the United...
Two U.S. senators have written to Xavier Becerra, Secretary of the Department of Health and Human Services, requesting a change to the HIPAA Privacy Rule in the wake of the decision of the Supreme Court (SCOTUS) in Dobbs v. Jackson Women’s Health Organization and the...
A warning has been issued to the healthcare and public health (HPH) sector that North Korean state-sponsored hackers are conducting targeted ransomware attacks using Maui ransomware. The warning was issued by the Federal Bureau of Investigation (FBI), the...
The American Data Privacy and Protection Act (ADPPA) has been formally introduced in the House of Representatives and seeks to introduce a comprehensive Federal consumer data privacy law. This is not the first such privacy law to be proposed, but all other attempts to...
California Attorney General, Rob Bonta, recently issued a reminder to health app developers about their obligations to protect healthcare data – and specifically reproductive health data – under California law following the SCOTUS decision in Dobbs v. Jackson...
The HHS’ Office for Civil Rights (OCR) has recently issued guidance on HIPAA and explained how HIPAA protects the privacy of individuals’ reproductive health information following the decision of the U.S. Supreme Court in Dobbs v. Jackson Women’s Health...
The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 introduced new breach reporting requirements for HIPAA-regulated entities and called for the Secretary of the Department of Health and Human Services to create a mechanism for...
Given that more than a year has passed since the European Union’s General Data Protection Regulation (GDPR) was implemented, on the 25th May 2018 to be precise, most businesses are aware that they have a legal obligation to protect any ‘personal data’ which they...
Hundreds of U.S. hospitals may be violating the Rules of the Health Insurance Portability and Accountability Act (HIPAA) by including the Meta Pixel tool on their websites, according to an investigation conducted by The Markup/STAT. The revelation has also sparked a...
A new version of the HHS Security Risk Assessment (SRA) Tool has been jointly developed by the Department of Health and Human Services (HHS)’ Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR). A...
Google and its products are ubiquitous and are extensively used by healthcare organizations, but is the Google Cloud platform HIPAA compliant? Healthcare was already on a steady path to digitization, but with the COVID-19 pandemic and shift to remote working,...
The Health Insurance Portability and Accountability Act (HIPAA) Rules permit HIPAA-covered entities to use remote communication technologies for providing telehealth services to patients. In March 2020, OCR issued a Telehealth Notification in response to the COVID-19...
In January 2021, the Health Information Technology for Economic and Clinical Health (HITECH) Act was amended (under Public Law 116-321) to require the Department of Health and Human Services to take any recognized security practices into account when investigating...
Commonly recognised as the toughest privacy and security law on the planet, the European Union’s General Data Protection Regulation (or GDPR), imposes legal obligations on companies and organizations anywhere, so long as they handle data related to people situated in,...
Ransomware attacks were often headline news in 2021, especially when healthcare providers were attacked. In many cases, the attacks forced hospitals to postpone appointments and procedures out of safety concerns, causing delays to the provision of treatment. According...
Amazon Web Services (AWS) is a cloud computing platform with millions of customers, and includes more than 200 products from cloud storage to high-performance computing services, but can AWS be used by healthcare organizations? Is AWS HIPAA compliant? One of AWS’s...
The answer to the question why is the HITECH Act important can differ depending on whether an organization is a HIPAA Covered Entity or a Business Associate. It is also the case that the HITECH Act is important to patients, as patients now benefit from more efficient...
HIPAA privacy and security training must be provided to all new employees, when job functions change, or when there has been a material change in policies or procedures, and while training can take many forms, conducting HIPAA privacy and security training online is...
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) is seeking public comment on the HITECH Act requirements for sharing HIPAA penalties with harmed individuals and the implementation of the HIPAA Safe Harbor for entities that adhere to...
On May 25th, 2018, the European Union’s General Data Protection Regulation (GDPR) replaced the Data Protection Directive of 1995. Unlike the previous legislation, the GDPR affects businesses and organisations which are based outside of the EU. The simple fact that all...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its first HIPAA fines of 2022 – Two enforcement actions to resolve HIPAA Right of Access violations and two for impermissible PHI disclosures. No financial penalties were...
The answer to the question who does HIPAA apply to is most often generalized as health plans, health care clearinghouses, and health care providers along with their Business Associates. Some sources also include contractors who provide services to Business Associates....
The actual answer to the question why was HIPAA created may surprise many people who believe the Act´s sole purpose was to safeguard Protected Health Information (PHI). Indeed, the Privacy and Security Rules developed to protect PHI were only by-products of the Act´s...
The Department of Health and Human Services’ Office for Civil Rights (OCR) breach portal shows 2021 was a record year for healthcare industry data breaches, with 714 breaches of protected health information reported to OCR for 2021. The breach reports do not show the...
The question why is HIPAA important can have multiple answers depending on whether you are a healthcare organization, a healthcare professional, or a patient. The answers to the question why is HIPAA important can also help explain why HIPAA compliance is important....
HHS’ Office for Civil Rights (OCR) Director Lisa J. Pino is urging HIPAA-regulated entities to improve their cybersecurity posture in 2022 following a year of increased hacking activity and data breaches. There are no indications that the hacking attempts will...
HIPAA certification training for employees of HIPAA-covered entities or vendors that provide products or services to the healthcare industry has several advantages. In this post, we explain the benefits of HIPAA certification, but first it is important to explain what...
The GDPR was approved by the Parliament of the European Union on the 14th April 2016 and has been in force since the 25th May 2018. Organisations that are not compliant can now face heavy fines. Suffice to say, significant changes to the way businesses and companies...
The Department of Health and Human Services’ Office for Civil Rights has enforced compliance with the Health Insurance Portability and Accountability Act (HIPAA) more aggressively in recent years. While there was a downturn in enforcement actions in 2021, the number...
California Attorney General Rob Bonta has recently announced his office is conducting “an investigative sweep” of businesses that offer customer loyalty programs to ensure they are fully complying with the California Consumer Privacy Act (CCPA). The enforcement drive,...
The bipartisan Health Data Use and Privacy Commission Act has been introduced to bring HIPAA and health data privacy laws into the modern age and ensure that the use of emerging technologies does not put health data at risk. HIPAA was signed into law in 1996 at a time...
On May 14, 2021, the Conti ransomware gang conducted a ransomware attack on Ireland’s Health Service Executive (HSE) that resulted in the shutdown of IT systems supporting healthcare across the entire country. The attack resulted in the encryption of around 80% of all...
The HIPAA Breach Notification Rule deadline for reporting 2021 data breaches affecting fewer than 500 individuals to the Secretary of the Department of Health and Human Services is just a few weeks away. The HIPAA Breach Notification Rule – 45 CFR §§ 164.400-414...
Although most Covered Entities fulfil the basic requirements of HIPAA training for nurses, these may not always be enough to prevent avoidable HIPAA violations, data breaches, and patient complaints. Therefore, it is recommended Covered Entities provide annual...
Courses that provide HIPAA certification for students can be valuable assets for Covered Entities attempting to cultivate a HIPAA-compliant workforce as they resolve issues with the training requirements of the HIPAA Privacy and Security Rules and maintain students´...
The American Hospital Association (AHA) has urged healthcare organizations to review a recent Microsoft blog post that warns of a new malware variant that has been used by an Advanced Persistent Threat (APT) actor to attack critical infrastructure organizations in...
Because of the role nursing students play in the provision of healthcare, the HIPAA guidelines for nursing students are straightforward. Nonetheless, there have been cases in which nursing students have unintentionally violated HIPAA regulations due to a lack of...
Xavier Becerra, Secretary of the U.S. Department of Health and Human Services, has renewed the COVID-19 public health emergency for a further 90 days. Earlier this month, the American Hospital Association (AHA) wrote to Becerra to request an extension to the public...
Because every organization has different HIPAA policies and procedures, what you learn during HIPAA training for new members of the workforce will likely vary from organization to organization. However, what you learn during security and awareness training and...
HIPAA training for healthcare workers is a requirement of both the Privacy Rule and the Security Rule. In addition, Covered Entities may need to provide further HIPAA training for healthcare workers if a threat to the confidentiality, integrity, or availability of...
2021 was another record-breaking year for healthcare data breaches. As of December 31, 2021, 686 healthcare data breaches had been reported to the HHS’ Office for Civil Rights that affected 44,993,618 individuals. That number is sure to grow over the coming days as...