Online HIPAA certification training provides healthcare professionals with a comprehensive and convenient solution to enhance their compliance knowledge and expertise in handling protected health information (PHI) in accordance with the HIPAA regulations. This HIPAA...
New hires need to receive comprehensive IT training on HIPAA and HITECH, which includes educating them about the regulations, security practices for handling electronic protected health information (ePHI), proper use of technology systems, potential security risks,...
The purpose of HIPAA training is to educate healthcare professionals and employees about the regulations and requirements of the HIPAA, enabling them to understand their roles and responsibilities in protecting patient privacy, ensuring the security of protected...
In recent years, there has been an increase in the number of companies offering online HIPAA training for employees. While there are many circumstances in which training courses of this nature can be beneficial, it is important for Covered Entities and Business...
There is no question that HIPAA training for nurses is mandated by the Administrative Requirements of the HIPAA Privacy Rule. However, the content of HIPAA training for nurses should go further than the minimum requirements of the Privacy Rule training standard to...
In July 2019, members of the workforce at Aveanna Healthcare were targeted with more than 600 phishing emails from an unknown source, attempting to trick the recipients into disclosing login credentials and other sensitive information. Many of the phishing emails were...
The HHS’ Office for Civil Rights has recently issued guidance on online tracking technologies and HIPAA for covered entities and business associates to help them avoid violations of HIPAA and patient privacy. Online tracking technologies consist of a script or code...
HIPAA privacy training is sometimes confused with HIPAA Privacy Rule training which requires Covered Entities to train members of its workforce on policies and procedures “with respect to PHI […] as necessary and appropriate for the members of the workforce to carry...
Although small hospitals may have fewer resources than larger organizations, the nature of HIPAA training for small hospitals will generally be the same as that provided by larger organizations – the only potential difference being that small hospitals may have...
Most Covered Entities are aware that HIPAA training for new staff is a requirement of the Privacy Rule. However, there can be gaps in a Covered Entity´s understanding of which new staff require training, how much training should be provided to meet the training...
Regardless of whether clinics are part of large healthcare systems or independent entities, the nature of HIPAA training for clinics should be the much the same. All members of the workforce should undergo Privacy Rule training and participate in a security and...
HIPAA compliance training companies often provide trainees with a certificate at the conclusion of a HIPAA training course to demonstrate trainees have completed the course. This is sometimes referred to as HIPAA Certification, but what exactly does HIPAA...
In January 2021, an amendment to the HITECH Act was enacted by Congress that required the Secretary of the Department of Health and Human Services to consider the “Recognized Security Practices” that have been implemented by a HIPAA-regulated entity when making...
Medical offices tend to have more access to PHI than most other healthcare departments and consequently HIPAA training for medical office staff may need to be more comprehensive – and more frequent – than the training typically provided to a Covered Entity´s...
For healthcare professionals, including those in clinical and administrative roles, the typical duration of HIPAA training for annual refresher sessions is around 90 minutes. This timeframe allows for a comprehensive review of key concepts, updates to regulations, and...
There are training requirements in both the HIPAA Privacy and Security Rules; however, many people are unsure about who should have HIPAA training. In this post, we explain the HIPAA training requirements, and which staff members should be provided with training to...
It is easy to understand why Covered Entities and Business Associates might assume HIPAA training for IT professionals only needs to consist of the security and awareness training required by the HIPAA Security Rule. However, there are many circumstances in which the...
The nature of HIPAA training for healthcare administrators can vary considerably depending on factors such as an organization´s size, the responsibilities assigned to healthcare administrators, and individuals´ existing knowledge of HIPAA. It can also be the case...
A hacking incident reported by Oklahoma State University – Center for Health Sciences (OSU-CHS) in January 2018 was investigated by the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) which identified violations of 7 provisions of the...
There has been a significant growth in recent years in companies offering web-based HIPAA training courses. While these courses can provide valuable information about HIPAA and the reasons why policies and procedures exist to safeguard Protected Health Information...
The HHS’ Office for Civil Rights has announced it has resolved 11 more cases involving violations of the HIPAA Right of Access. 10 of the cases were settled with OCR, and one Civil Monetary Penalty was imposed due to the lack of cooperation with OCR and the failure to...
There are two standards in the Health Insurance Portability and Accountability Act that directly relate to HIPAA training for employees – the training standard of the Privacy Rule´s Administrative Requirements (45 CFR § 164.530) and the security awareness and training...
The issue of HIPAA training for managers is complex because, although the Security Rule states management must be included in security awareness training (45 CFR § 164.308), there is no guidance provided on what other areas of HIPAA managers should be trained on....
Solo private practices and small group practices are subject to the same HIPAA regulations as nationwide health care systems, and therefore HIPAA training for small medical practices has to cover the same range of subjects as much larger organizations – with fewer...
The HIPAA EHR rules stipulate the measures healthcare organizations are required to implement to protect health information maintained on EHRs against impermissible uses and disclosures. Unfortunately, not all healthcare organizations fully comply with the HIPAA EHR...
President Biden has issued an Executive Order on Protecting Access to Reproductive Healthcare Services following the Supreme Court decision that overturned Roe v. Wade. According to the Supreme Court, there is no right to abortion in the Constitution of the United...
Two U.S. senators have written to Xavier Becerra, Secretary of the Department of Health and Human Services, requesting a change to the HIPAA Privacy Rule in the wake of the decision of the Supreme Court (SCOTUS) in Dobbs v. Jackson Women’s Health Organization and the...
A warning has been issued to the healthcare and public health (HPH) sector that North Korean state-sponsored hackers are conducting targeted ransomware attacks using Maui ransomware. The warning was issued by the Federal Bureau of Investigation (FBI), the...
The American Data Privacy and Protection Act (ADPPA) has been formally introduced in the House of Representatives and seeks to introduce a comprehensive Federal consumer data privacy law. This is not the first such privacy law to be proposed, but all other attempts to...
California Attorney General, Rob Bonta, recently issued a reminder to health app developers about their obligations to protect healthcare data – and specifically reproductive health data – under California law following the SCOTUS decision in Dobbs v. Jackson...
The HHS’ Office for Civil Rights (OCR) has recently issued guidance on HIPAA and explained how HIPAA protects the privacy of individuals’ reproductive health information following the decision of the U.S. Supreme Court in Dobbs v. Jackson Women’s Health...
The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 introduced new breach reporting requirements for HIPAA-regulated entities and called for the Secretary of the Department of Health and Human Services to create a mechanism for...
Hundreds of U.S. hospitals may be violating the Rules of the Health Insurance Portability and Accountability Act (HIPAA) by including the Meta Pixel tool on their websites, according to an investigation conducted by The Markup/STAT. The revelation has also sparked a...
A new version of the HHS Security Risk Assessment (SRA) Tool has been jointly developed by the Department of Health and Human Services (HHS)’ Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR). A...
Google and its products are ubiquitous and are extensively used by healthcare organizations, but is the Google Cloud platform HIPAA compliant? Healthcare was already on a steady path to digitization, but with the COVID-19 pandemic and shift to remote working,...
The Health Insurance Portability and Accountability Act (HIPAA) Rules permit HIPAA-covered entities to use remote communication technologies for providing telehealth services to patients. In March 2020, OCR issued a Telehealth Notification in response to the COVID-19...
In January 2021, the Health Information Technology for Economic and Clinical Health (HITECH) Act was amended (under Public Law 116-321) to require the Department of Health and Human Services to take any recognized security practices into account when investigating...
Ransomware attacks were often headline news in 2021, especially when healthcare providers were attacked. In many cases, the attacks forced hospitals to postpone appointments and procedures out of safety concerns, causing delays to the provision of treatment. According...
Amazon Web Services (AWS) is a cloud computing platform with millions of customers, and includes more than 200 products from cloud storage to high-performance computing services, but can AWS be used by healthcare organizations? Is AWS HIPAA compliant? One of AWS’s...
The answer to the question why is the HITECH Act important can differ depending on whether an organization is a HIPAA Covered Entity or a Business Associate. It is also the case that the HITECH Act is important to patients, as patients now benefit from more efficient...
HIPAA privacy and security training must be provided to all new employees, when job functions change, or when there has been a material change in policies or procedures, and while training can take many forms, conducting HIPAA privacy and security training online is...
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) is seeking public comment on the HITECH Act requirements for sharing HIPAA penalties with harmed individuals and the implementation of the HIPAA Safe Harbor for entities that adhere to...
The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its first HIPAA fines of 2022 – Two enforcement actions to resolve HIPAA Right of Access violations and two for impermissible PHI disclosures. No financial penalties were...
The answer to the question who does HIPAA apply to is most often generalized as health plans, health care clearinghouses, and health care providers along with their Business Associates. Some sources also include contractors who provide services to Business Associates....
The actual answer to the question why was HIPAA created may surprise many people who believe the Act´s sole purpose was to safeguard Protected Health Information (PHI). Indeed, the Privacy and Security Rules developed to protect PHI were only by-products of the Act´s...
The Department of Health and Human Services’ Office for Civil Rights (OCR) breach portal shows 2021 was a record year for healthcare industry data breaches, with 714 breaches of protected health information reported to OCR for 2021. The breach reports do not show the...
The question why is HIPAA important can have multiple answers depending on whether you are a healthcare organization, a healthcare professional, or a patient. The answers to the question why is HIPAA important can also help explain why HIPAA compliance is important....
HHS’ Office for Civil Rights (OCR) Director Lisa J. Pino is urging HIPAA-regulated entities to improve their cybersecurity posture in 2022 following a year of increased hacking activity and data breaches. There are no indications that the hacking attempts will...
HIPAA certification training for employees of HIPAA-covered entities or vendors that provide products or services to the healthcare industry has several advantages. In this post, we explain the benefits of HIPAA certification, but first it is important to explain what...
The Department of Health and Human Services’ Office for Civil Rights has enforced compliance with the Health Insurance Portability and Accountability Act (HIPAA) more aggressively in recent years. While there was a downturn in enforcement actions in 2021, the number...
California Attorney General Rob Bonta has recently announced his office is conducting “an investigative sweep” of businesses that offer customer loyalty programs to ensure they are fully complying with the California Consumer Privacy Act (CCPA). The enforcement drive,...
The bipartisan Health Data Use and Privacy Commission Act has been introduced to bring HIPAA and health data privacy laws into the modern age and ensure that the use of emerging technologies does not put health data at risk. HIPAA was signed into law in 1996 at a time...
On May 14, 2021, the Conti ransomware gang conducted a ransomware attack on Ireland’s Health Service Executive (HSE) that resulted in the shutdown of IT systems supporting healthcare across the entire country. The attack resulted in the encryption of around 80% of all...
The HIPAA Breach Notification Rule deadline for reporting 2021 data breaches affecting fewer than 500 individuals to the Secretary of the Department of Health and Human Services is just a few weeks away. The HIPAA Breach Notification Rule – 45 CFR §§ 164.400-414...
Although most Covered Entities fulfil the basic requirements of HIPAA training for nurses, these may not always be enough to prevent avoidable HIPAA violations, data breaches, and patient complaints. Therefore, it is recommended Covered Entities provide annual...
Courses that provide HIPAA certification for students can be valuable assets for Covered Entities attempting to cultivate a HIPAA-compliant workforce as they resolve issues with the training requirements of the HIPAA Privacy and Security Rules and maintain students´...
The American Hospital Association (AHA) has urged healthcare organizations to review a recent Microsoft blog post that warns of a new malware variant that has been used by an Advanced Persistent Threat (APT) actor to attack critical infrastructure organizations in...
Because of the role nursing students play in the provision of healthcare, the HIPAA guidelines for nursing students are straightforward. Nonetheless, there have been cases in which nursing students have unintentionally violated HIPAA regulations due to a lack of...
Xavier Becerra, Secretary of the U.S. Department of Health and Human Services, has renewed the COVID-19 public health emergency for a further 90 days. Earlier this month, the American Hospital Association (AHA) wrote to Becerra to request an extension to the public...
Because every organization has different HIPAA policies and procedures, what you learn during HIPAA training for new members of the workforce will likely vary from organization to organization. However, what you learn during security and awareness training and...
HIPAA training for healthcare workers is a requirement of both the Privacy Rule and the Security Rule. In addition, Covered Entities may need to provide further HIPAA training for healthcare workers if a threat to the confidentiality, integrity, or availability of...
2021 was another record-breaking year for healthcare data breaches. As of December 31, 2021, 686 healthcare data breaches had been reported to the HHS’ Office for Civil Rights that affected 44,993,618 individuals. That number is sure to grow over the coming days as...
The Department of Health and Human Services’ Office for Civil Rights has issued guidance for healthcare providers on how the Health Insurance Portability and Accountability Act (HIPAA) applies to disclosures of protected health information (PHI) to support...
Without doubt, the best HIPAA training is training that goes beyond the requirements of the Privacy and Security Rules so that Covered Entities and Business Associates have fully HIPAA-aware workforces that can identify potential HIPAA violations and take a compliant...
A review of online HIPAA training courses shows a wide range of courses exist. Undoubtedly there are some which are more comprehensive than others, and while price is no guarantee of quality, those that acknowledge that training is only one piece of the compliance...
If you study the text of the Health Insurance Portability and Accountability Act, the only mention of HIPAA compliance training for Business Associates appears within the Administrative Safeguards of the Security Rule. However, there are multiple reasons why Business...
The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has issued a security alert warning healthcare providers about a high-severity vulnerability that affects certain Hillrom Welch Allyn cardio products. The vulnerability is an authentication bypass issue,...
The state of New Jersey has imposed another financial penalty to resolve violations of the Health Insurance Portability and Accountability Act (HIPAA) and the New Jersey Consumer Fraud Act, its third penalty in as many months. Regional Cancer Care Associates will pay...
The HHS’ Office for Civil Rights has settled 4 more investigations into potential HIPAA Right of Access violations and has imposed one civil monetary penalty for the failure to provide timely access to medical records. The HIPAA Privacy Rule introduced several new...
Because of some confusion about the HIPAA training requirements, many Covered Entities and Business Associates provide basic HIPAA training to all members of their workforces. While this is a good idea because it ensures everyone is familiar with what HIPAA is, what...
The healthcare and public health sector has been warned to take steps to reduce the risk of cyberattacks exploiting zero-day vulnerabilities. A zero-day vulnerability is a software flaw that has only just been brought to the attention of a software developer, often as...
Two bills have been signed by California Governor Gavin Newsom that impact the California Consumer Privacy Act (CCPA). The bills have added new exceptions to the right to opt-out of the sale of personal information and the definition of personal information in the...
When you consider the risk analysis requirements of HIPAA, the potential for corrective action orders, and the inferences of the Security Rule training requirements, the provision of additional HIPAA refresher training training is practically unavoidable. Most Covered...
New Jersey has fined two printing companies $130,000 over an impermissible disclosure of the protected health information (PHI) of almost 56,000 New Jersey residents in 2016. The fine is part of a settlement reached between Acting Attorney General Andrew J. Bruck and...
Legacy systems and devices are pervasive in healthcare. Large healthcare organizations often have many systems and devices that contain components that have reached end-of-life and are no longer supported. When software, firmware, or hardware reaches end-of-life and...
An investigation of potential violations of the New Jersey Consumer Fraud Act (CFA), New Jersey Identity Theft Prevention Act (ITFA), and the Health Insurance Portability and Accountability (HIPAA) Act has resulted in a financial penalty for the New Jersey infertility...
Several vulnerabilities have recently been identified in medical devices such as insulin pumps, infusion pumps, and pacemakers which could be exploited in malicious attacks that could potentially kill patients and concern is growing about the threat of attacks....
The introduction of vaccine mandates in many places of work has led many people to question how the Health Insurance Portability and Accountability Act (HIPAA) Rules apply to disclosures of COVID-19 vaccination information. There are a number of misconceptions about...
October is National Cybersecurity Awareness Month, an initiative launched by the National Cyber Security Alliance and the United States Department of Homeland Security in 2004 which is now in its 18th year. Throughout October, cybersecurity advice will be issued, and...
Ransomware and other destructive cyberattacks on healthcare delivery organizations (HDOs) can cripple IT systems, prevent access to protected health information, and often see appointments cancelled and patients redirected to other healthcare facilities. The...
A lawsuit filed against Blackbaud Inc. alleging violations of the California Consumer Privacy Act (CCPA) has survived a motion to dismiss. Judge Childs of the United States District Court for the District of South Carolina declined to dismiss the plaintiffs’ claims...
HIPAA security awareness training is a requirement of the HIPAA Security Rule, which calls for HIPAA covered entities and their business associates to “implement a security awareness and training program for all members of its workforce (including management).”...
The Omaha, Nebraska-based pediatric care provider Children’s Hospital & Medical Center (CHMC) has agreed to pay a $80,000 financial penalty to resolve an investigation into an alleged violation of the Right of Access provision of the HIPAA Privacy Rule. The...
The Department of Health and Human Services’ cybersecurity department, the Health Sector Cybersecurity Coordination Center (HC3), has issued a warning to organizations in the health and public health sector alerting them to an elevated risk of BlackMatter ransomware...
Following the presidential declaration of an emergency in Louisiana and Mississippi due to Hurricane Ida, the Secretary of the Department of Health and Human Services has declared a public health emergency exists in those states and has announced HIPAA sanctions and...
On June 2018, 2018, the California Consumer Privacy Act (CCPA) was signed into law, and the CCPA took effect on January 1, 2020. It has been more than 18 months since compliance with the privacy law became mandatory, so how effective has it been so far? The main aim...
In most organizations, the recommended practices for password creation involve setting a unique password for all accounts, making sure the password is as random as possible – combining upper- and lower-case letters, numbers and special characters – is at...
The average cost of a data breach has increased 10% year-over-year, according to the IBM Security 2021 Cost of a Data Breach Report. Data breach costs have reached record levels and are higher than at any other point in the past 17 years that IBM Security has been...
It has been a year since compliance with the California Consumer Privacy Act (CCPA) has been mandatory and financial penalties and sanctions have been possible for CCPA violations. The CCPA was introduced on January 3, 2018 and was signed into law by California...
Many healthcare data breaches are reported each year that involve unauthorized individuals gaining access to electronic protected health information (ePHI) stored on unsecured servers, including on-premises servers and those of cloud service providers. Without proper...
A TLP:White Alert has been issued by the HHS’ Health Sector Cybersecurity Coordination Center (HC3) regarding vulnerabilities identified in Picture Archiving Communication Systems (PACS) that hospitals and other healthcare providers and research institutions use for...
The Athens Orthopedic Clinic has agreed to pay $1.5 million and comply with a corrective action plan in order to resolve allegations of multiple HIPAA violations made against the clinic by HHS’ Office for Civil Rights. In June 2016, a journalist working for...
The Health Insurance Portability and Accountability Act (HIPAA) Rules still apply during public health emergencies such as the 2019 Novel Coronavirus (SARS-CoV-2) outbreak. When preventing and dealing with cases of COVID-19, the respiratory disease caused by...
The General Data Protection Regulation (GDPR) introduced new standards for data protection in Europe. Introduced in May 2018, GDPR changed the way that businesses handle collect, handle, and process consumer data. The regulations also granted new rights to...
The Californian Consumer Privacy Act (CCPA) was signed into law in June 2018. Many data privacy experts have compared CCPA to Europe’s latest data protection legislation, the General Data Protection Regulations (GDPR). Much like GDPR, CCPA has changed how businesses...
California Attorney General Xavier Becerra announced today that the California Department of Justice will hold six public forums on the California Consumer Privacy Act (CCPA) starting January 8. During the December press meeting in which the public forums were...
Impact of CCPA on Business The Californian Governor Jerry Brown signed the Californian Consumer Privacy Act (CCPA) into law in June 2018. The CCPA has revolutionised the data privacy rights of Californian residents. CCPA offers new rights to consumers over their data...
The Californian multi-specialty physician’s group, Imperial Valley Family Care Medical Group (IVFCMG), has recently been audited by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) following a potential breach of patients’ protected...
The Department of Homeland Security has issued an alert over vulnerabilities in Siemens medical imaging devices. The vulnerabilities could be exploited remotely and attacks would require only a low level of skill. Exploits are publicly available that could allow...
The Health Information Trust Alliance (HITRUST) is looking to improve its threat information sharing capabilities and provide more assistance to HIPAA covered entities to help them manage cyber threats more effectively. HITRUST is already providing detailed...