Hundreds of U.S. hospitals may be violating the Rules of the Health Insurance Portability and Accountability Act (HIPAA) by including the Meta Pixel tool on their websites, according to an investigation conducted by The Markup/STAT. […]
A new version of the HHS Security Risk Assessment (SRA) Tool has been jointly developed by the Department of Health and Human Services (HHS)’ Office of the National Coordinator for Health Information Technology (ONC) and […]
The Health Insurance Portability and Accountability Act (HIPAA) Rules permit HIPAA-covered entities to use remote communication technologies for providing telehealth services to patients. In March 2020, OCR issued a Telehealth Notification in response to the […]
In January 2021, the Health Information Technology for Economic and Clinical Health (HITECH) Act was amended (under Public Law 116-321) to require the Department of Health and Human Services to take any recognized security practices […]
Ransomware attacks were often headline news in 2021, especially when healthcare providers were attacked. In many cases, the attacks forced hospitals to postpone appointments and procedures out of safety concerns, causing delays to the provision […]
The benefits of HIPAA compliance for medical practices are often discussed in terms of streamlining administrative functions, improving efficiency, and avoiding penalties for HIPAA violations and data breaches. However, evidence shows that HIPAA-compliant medical practices […]
A recent survey conducted on businesses in the United States by CYTRIO found that, as of March 21, 2022, 90% of U.S. companies were not fully compliant with the Data Subject Access Request (DSAR) requirements […]
The French data protection authority, Commission Nationale Informatique & Libertés (CNIL), has determined the French laboratory software provider, Dedalus Biologie, violated articles 28(3), 29, and 32 of the General Data Protection Regulation (GDPR) and has […]
The answer to the question why is the HITECH Act important can differ depending on whether an organization is a HIPAA Covered Entity or a Business Associate. It is also the case that the HITECH […]
Data Protection Authorities in Ireland and Denmark have proposed sizeable financial penalties for Bank of Ireland and Danske Bank to resolve alleged violations of the General Data Protection Regulation (GDPR). Danish Data Protection Agency Proposes […]
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) is seeking public comment on the HITECH Act requirements for sharing HIPAA penalties with harmed individuals and the implementation of the HIPAA […]
The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its first HIPAA fines of 2022 – Two enforcement actions to resolve HIPAA Right of Access violations and two for impermissible […]
A new Trans-Atlantic Data Privacy Framework has been agreed in principle between the European Commission of the European Union and the United States that will replace the EU-US Privacy Shield, which in 2020 was deemed […]
The answer to the question who does HIPAA apply to is most often generalized as health plans, health care clearinghouses, and health care providers along with their Business Associates. Some sources also include contractors who […]
The actual answer to the question why was HIPAA created may surprise many people who believe the Act´s sole purpose was to safeguard Protected Health Information (PHI). Indeed, the Privacy and Security Rules developed to […]
The Irish Data Protection Commission (DPC) has imposed a €17 million ($18.6 million) financial penalty on Meta to resolve violations of the General Data Protection Regulation (GDPR) related to a string of Facebook data breaches […]
The Department of Health and Human Services’ Office for Civil Rights (OCR) breach portal shows 2021 was a record year for healthcare industry data breaches, with 714 breaches of protected health information reported to OCR […]
The Austrian and French Data Protection Authorities (Datenschutzbehörde and Commission nationale de l’informatique et des Libertés) have both ruled this year that the use of Google Analytics is not compliant with the General Data Protection […]
The question why is HIPAA important can have multiple answers depending on whether you are a healthcare organization, a healthcare professional, or a patient. The answers to the question why is HIPAA important can also […]
HHS’ Office for Civil Rights (OCR) Director Lisa J. Pino is urging HIPAA-regulated entities to improve their cybersecurity posture in 2022 following a year of increased hacking activity and data breaches. There are no indications […]
The Department of Health and Human Services’ Office for Civil Rights has enforced compliance with the Health Insurance Portability and Accountability Act (HIPAA) more aggressively in recent years. While there was a downturn in enforcement […]
California Attorney General Rob Bonta has recently announced his office is conducting “an investigative sweep” of businesses that offer customer loyalty programs to ensure they are fully complying with the California Consumer Privacy Act (CCPA). […]
In recent years, there has been an increase in the number of companies offering online HIPAA training for employees. While there are many circumstances in which training courses of this nature can be beneficial, it […]
The bipartisan Health Data Use and Privacy Commission Act has been introduced to bring HIPAA and health data privacy laws into the modern age and ensure that the use of emerging technologies does not put […]
On May 14, 2021, the Conti ransomware gang conducted a ransomware attack on Ireland’s Health Service Executive (HSE) that resulted in the shutdown of IT systems supporting healthcare across the entire country. The attack resulted […]
The Health Insurance Portability and Accountability Act (HIPAA) requires training to be provided to the workforce on HIPAA policies and procedures, but what is the purpose of HIPAA training? In this article, we explore the […]
Regardless of whether clinics are part of large healthcare systems or independent entities, the nature of HIPAA training for clinics should be the much the same. All members of the workforce should undergo Privacy Rule […]
The Belgian data protection authority (APD) has issued its final decision on a complaint against the digital advertising trade association, Interactive Advertising Bureau (IAB) Europe. The APD has found the pop-up legal form system used […]
Although small hospitals may have fewer resources than larger organizations, the nature of HIPAA training for small hospitals will generally be the same as that provided by larger organizations – the only potential difference being […]
The latest DLA Piper GDPR and data breach report shows data protection authorities in the European Union imposed more than €1.1 billion ($1.2 billion) in financial penalties on organizations to resolve alleged violations to the […]
The HIPAA Breach Notification Rule deadline for reporting 2021 data breaches affecting fewer than 500 individuals to the Secretary of the Department of Health and Human Services is just a few weeks away. The HIPAA […]
Although most Covered Entities fulfil the basic requirements of HIPAA training for nurses, these may not always be enough to prevent avoidable HIPAA violations, data breaches, and patient complaints. Therefore, it is recommended Covered Entities […]
Courses that provide HIPAA certification for students can be valuable assets for Covered Entities attempting to cultivate a HIPAA-compliant workforce as they resolve issues with the training requirements of the HIPAA Privacy and Security Rules […]
The American Hospital Association (AHA) has urged healthcare organizations to review a recent Microsoft blog post that warns of a new malware variant that has been used by an Advanced Persistent Threat (APT) actor to […]
Because of the role nursing students play in the provision of healthcare, the HIPAA guidelines for nursing students are straightforward. Nonetheless, there have been cases in which nursing students have unintentionally violated HIPAA regulations due […]
Xavier Becerra, Secretary of the U.S. Department of Health and Human Services, has renewed the COVID-19 public health emergency for a further 90 days. Earlier this month, the American Hospital Association (AHA) wrote to Becerra […]
The nature of HIPAA training for healthcare administrators can vary considerably depending on factors such as an organization´s size, the responsibilities assigned to healthcare administrators, and individuals´ existing knowledge of HIPAA. It can also be […]
Solo private practices and small group practices are subject to the same HIPAA regulations as nationwide health care systems, and therefore HIPAA training for small medical practices has to cover the same range of subjects […]
HIPAA training for dental offices is a requirement of the Privacy Rule and the Security Rule due to dental offices coming under the definition of a Covered Entity in the Administrative Simplification Provisions of the […]
Because every organization has different HIPAA policies and procedures, what you learn during HIPAA training for new members of the workforce will likely vary from organization to organization. However, what you learn during security and […]
HIPAA training for healthcare workers is a requirement of both the Privacy Rule and the Security Rule. In addition, Covered Entities may need to provide further HIPAA training for healthcare workers if a threat to […]
2021 was another record-breaking year for healthcare data breaches. As of December 31, 2021, 686 healthcare data breaches had been reported to the HHS’ Office for Civil Rights that affected 44,993,618 individuals. That number is […]
There has been a significant growth in recent years in companies offering web-based HIPAA training courses. While these courses can provide valuable information about HIPAA and the reasons why policies and procedures exist to safeguard […]
Are you confused about HIPAA training? Are you unsure if HIPAA training is required annually or how often you should be providing security awareness training to your workforce? If so, we hope this post will […]
There is no one-size-fits-all answer to the question of how often is HIPAA training required because, beyond the training requirements of the Privacy and Security Rules, the frequency of HIPAA training should be determined by […]
The Department of Health and Human Services’ Office for Civil Rights has issued guidance for healthcare providers on how the Health Insurance Portability and Accountability Act (HIPAA) applies to disclosures of protected health information (PHI) […]
Without doubt, the best HIPAA training is training that goes beyond the requirements of the Privacy and Security Rules so that Covered Entities and Business Associates have fully HIPAA-aware workforces that can identify potential HIPAA […]
A review of online HIPAA training courses shows a wide range of courses exist. Undoubtedly there are some which are more comprehensive than others, and while price is no guarantee of quality, those that acknowledge […]
If you study the text of the Health Insurance Portability and Accountability Act, the only mention of HIPAA compliance training for Business Associates appears within the Administrative Safeguards of the Security Rule. However, there are […]
Medical offices tend to have more access to PHI than most other healthcare departments and consequently HIPAA training for medical office staff may need to be more comprehensive – and more frequent – than the […]
It is easy to understand why Covered Entities and Business Associates might assume HIPAA training for IT professionals only needs to consist of the security and awareness training required by the HIPAA Security Rule. However, […]
The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has issued a security alert warning healthcare providers about a high-severity vulnerability that affects certain Hillrom Welch Allyn cardio products. The vulnerability is an authentication bypass issue, […]
The state of New Jersey has imposed another financial penalty to resolve violations of the Health Insurance Portability and Accountability Act (HIPAA) and the New Jersey Consumer Fraud Act, its third penalty in as many […]
The Dutch Data Protection Authority has imposed a €2.75 million (USD 3.1 million) financial penalty on the Dutch Tax Administration for the unlawful processing of the personal data of Dutch citizens with dual nationality, which […]
There are two standards in the Health Insurance Portability and Accountability Act that directly relate to HIPAA training for employees – the training standard of the Privacy Rule´s Administrative Requirements (45 CFR § 164.530) and […]
There is no question that HIPAA training for nurses is mandated by the Administrative Requirements of the HIPAA Privacy Rule. However, the content of HIPAA training for nurses should go further than the minimum requirements […]
The HHS’ Office for Civil Rights has settled 4 more investigations into potential HIPAA Right of Access violations and has imposed one civil monetary penalty for the failure to provide timely access to medical records. […]
Because of some confusion about the HIPAA training requirements, many Covered Entities and Business Associates provide basic HIPAA training to all members of their workforces. While this is a good idea because it ensures everyone […]
HIPAA privacy training is sometimes confused with HIPAA Privacy Rule training which requires Covered Entities to train members of its workforce on policies and procedures “with respect to PHI […] as necessary and appropriate for […]
The issue of HIPAA training for managers is complex because, although the Security Rule states management must be included in security awareness training (45 CFR § 164.308), there is no guidance provided on what other […]
There are training requirements in both the HIPAA Privacy and Security Rules; however, many people are unsure about who should have HIPAA training. In this post, we explain the HIPAA training requirements, and which staff […]
The record retention requirements for different types of documentation can be vastly different. Here we explain how long you should keep employee HIPAA training records and other types of HIPAA documentation to ensure you remain […]
The healthcare and public health sector has been warned to take steps to reduce the risk of cyberattacks exploiting zero-day vulnerabilities. A zero-day vulnerability is a software flaw that has only just been brought to […]
Two bills have been signed by California Governor Gavin Newsom that impact the California Consumer Privacy Act (CCPA). The bills have added new exceptions to the right to opt-out of the sale of personal information […]
When you consider the risk analysis requirements of HIPAA, the potential for corrective action orders, and the inferences of the Security Rule training requirements, the provision of additional HIPAA refresher training training is practically unavoidable. […]
Most Covered Entities are aware that HIPAA training for new staff is a requirement of the Privacy Rule. However, there can be gaps in a Covered Entity´s understanding of which new staff require training, how […]
New Jersey has fined two printing companies $130,000 over an impermissible disclosure of the protected health information (PHI) of almost 56,000 New Jersey residents in 2016. The fine is part of a settlement reached between […]
HIPAA compliance training companies often provide trainees with a certificate at the conclusion of a HIPAA training course to demonstrate trainees have completed the course. This is sometimes referred to as HIPAA Certification, but what […]
HIPAA certification training for employees of HIPAA-covered entities or vendors that provide products or services to the healthcare industry has several advantages. In this post, we explain the benefits of HIPAA certification, but first it […]
An investigation conducted by the Dutch Data Protection Authority (DDPA) – Autoriteit Persoonsgegevens – into the data processing activities of the Dutch Tax and Customs Administration has uncovered violations of the core principles of the […]
Legacy systems and devices are pervasive in healthcare. Large healthcare organizations often have many systems and devices that contain components that have reached end-of-life and are no longer supported. When software, firmware, or hardware reaches […]
Any vendor that wants to provide goods or services to HIPAA-covered entities – healthcare providers, health plans, or healthcare clearinghouses – that requires access to protected health information (PHI) must comply with certain HIPAA provisions. […]
The Irish Data Protection Commission (DPC) has recently published a draft decision on its investigation of a complaint about Facebook’s data processing practices and found “a significant level of non-compliance” with Articles 5(1)(a), 12(1), and […]
An investigation of potential violations of the New Jersey Consumer Fraud Act (CFA), New Jersey Identity Theft Prevention Act (ITFA), and the Health Insurance Portability and Accountability (HIPAA) Act has resulted in a financial penalty […]
HIPAA privacy and security training must be provided to all new employees, when job functions change, or when there has been a material change in policies or procedures, and while training can take many forms, […]
Several vulnerabilities have recently been identified in medical devices such as insulin pumps, infusion pumps, and pacemakers which could be exploited in malicious attacks that could potentially kill patients and concern is growing about the […]
The introduction of vaccine mandates in many places of work has led many people to question how the Health Insurance Portability and Accountability Act (HIPAA) Rules apply to disclosures of COVID-19 vaccination information. There are […]
October is National Cybersecurity Awareness Month, an initiative launched by the National Cyber Security Alliance and the United States Department of Homeland Security in 2004 which is now in its 18th year. Throughout October, cybersecurity […]
How long does HIPAA training take? Basic HIPAA training can be provided in a session of up to an hour, although training can take considerably longer depending on the role of an individual in the […]
Ransomware and other destructive cyberattacks on healthcare delivery organizations (HDOs) can cripple IT systems, prevent access to protected health information, and often see appointments cancelled and patients redirected to other healthcare facilities. The disruption caused […]
A lawsuit filed against Blackbaud Inc. alleging violations of the California Consumer Privacy Act (CCPA) has survived a motion to dismiss. Judge Childs of the United States District Court for the District of South Carolina […]
The Federal Trade Commission (FTC) has a Health Breach Notification Rule, similar to the Breach Notification Rule of the Health Insurance Portability and Accountability Act (HIPAA). The FTC has recently released a Policy Statement confirming […]
HIPAA security awareness training is a requirement of the HIPAA Security Rule, which calls for HIPAA covered entities and their business associates to “implement a security awareness and training program for all members of its workforce (including […]
The Omaha, Nebraska-based pediatric care provider Children’s Hospital & Medical Center (CHMC) has agreed to pay a $80,000 financial penalty to resolve an investigation into an alleged violation of the Right of Access provision of […]
The Department of Health and Human Services’ cybersecurity department, the Health Sector Cybersecurity Coordination Center (HC3), has issued a warning to organizations in the health and public health sector alerting them to an elevated risk […]
The Irish Data Protection Commission (DPC) has imposed a record €225 million ($267m) financial penalty on WhatsApp for ‘severe’ violations of the EU General Data Protection Regulation (GDPR). WhatsApp, which is owned by Facebook, is […]
Following the presidential declaration of an emergency in Louisiana and Mississippi due to Hurricane Ida, the Secretary of the Department of Health and Human Services has declared a public health emergency exists in those states […]
On June 2018, 2018, the California Consumer Privacy Act (CCPA) was signed into law, and the CCPA took effect on January 1, 2020. It has been more than 18 months since compliance with the privacy […]
The Health Insurance Portability and Accountability Act (HIPAA) Rules still apply during public health emergencies such as the 2019 Novel Coronavirus (SARS-CoV-2) outbreak. When preventing and dealing with cases of COVID-19, the respiratory disease caused […]
The General Data Protection Regulation (GDPR) introduced new standards for data protection in Europe. Introduced in May 2018, GDPR changed the way that businesses handle collect, handle, and process consumer data. The regulations also granted […]
The Californian Consumer Privacy Act (CCPA) was signed into law in June 2018. Many data privacy experts have compared CCPA to Europe’s latest data protection legislation, the General Data Protection Regulations (GDPR). Much like GDPR, […]
California Attorney General Xavier Becerra announced today that the California Department of Justice will hold six public forums on the California Consumer Privacy Act (CCPA) starting January 8. During the December press meeting in which […]
Impact of CCPA on Business The Californian Governor Jerry Brown signed the Californian Consumer Privacy Act (CCPA) into law in June 2018. The CCPA has revolutionised the data privacy rights of Californian residents. CCPA offers […]
The EU introduced the General Data Protection Regulation (GDPR) in May 2018. Since its implementation, GDPR has changed the way that businesses handle, collect, and process consumer data. It is a landmark piece of legislation […]
Hilton Honors has started a repermissioning project for members of its loyalty program members. With the GDPR deadline less than 4 weeks away, it’s a surprisingly rare example of an international company launching a repermissioning […]
The Californian multi-specialty physician’s group, Imperial Valley Family Care Medical Group (IVFCMG), has recently been audited by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) following a potential breach of […]
The Department of Homeland Security has issued an alert over vulnerabilities in Siemens medical imaging devices. The vulnerabilities could be exploited remotely and attacks would require only a low level of skill. Exploits are publicly […]
Copyright © 2022 ComplianceJunction