HIPAA Advice

The new report from Proofpoint not only provides further evidence of a correlation between cyberattacks and increased patient mortality but also suggests healthcare organizations are better prepared and more resilient against security incidents. In 2018, […]

The HIPAA EHR rules stipulate the measures healthcare organizations are required to implement to protect health information maintained on EHRs against impermissible uses and disclosures. Unfortunately, not all healthcare organizations fully comply with the HIPAA […]

The HHS’ Office for Civil Rights (OCR) has recently issued guidance on HIPAA and explained how HIPAA protects the privacy of individuals’ reproductive health information following the decision of the U.S. Supreme Court in Dobbs […]

Google and its products are ubiquitous and are extensively used by healthcare organizations, but is the Google Cloud platform HIPAA compliant? Healthcare was already on a steady path to digitization, but with the COVID-19 pandemic […]

The Health Insurance Portability and Accountability Act (HIPAA) Rules permit HIPAA-covered entities to use remote communication technologies for providing telehealth services to patients. In March 2020, OCR issued a Telehealth Notification in response to the […]

The benefits of HIPAA compliance for medical practices are often discussed in terms of streamlining administrative functions, improving efficiency, and avoiding penalties for HIPAA violations and data breaches. However, evidence shows that HIPAA-compliant medical practices […]

The answer to the question why is the HITECH Act important can differ depending on whether an organization is a HIPAA Covered Entity or a Business Associate. It is also the case that the HITECH […]

The answer to the question who does HIPAA apply to is most often generalized as health plans, health care clearinghouses, and health care providers along with their Business Associates. Some sources also include contractors who […]

The actual answer to the question why was HIPAA created may surprise many people who believe the Act´s sole purpose was to safeguard Protected Health Information (PHI). Indeed, the Privacy and Security Rules developed to […]

The question why is HIPAA important can have multiple answers depending on whether you are a healthcare organization, a healthcare professional, or a patient. The answers to the question why is HIPAA important can also […]

In recent years, there has been an increase in the number of companies offering online HIPAA training for employees. While there are many circumstances in which training courses of this nature can be beneficial, it […]

The Health Insurance Portability and Accountability Act (HIPAA) requires training to be provided to the workforce on HIPAA policies and procedures, but what is the purpose of HIPAA training? In this article, we explore the […]

Regardless of whether clinics are part of large healthcare systems or independent entities, the nature of HIPAA training for clinics should be the much the same. All members of the workforce should undergo Privacy Rule […]

Although small hospitals may have fewer resources than larger organizations, the nature of HIPAA training for small hospitals will generally be the same as that provided by larger organizations – the only potential difference being […]

The HIPAA Breach Notification Rule deadline for reporting 2021 data breaches affecting fewer than 500 individuals to the Secretary of the Department of Health and Human Services is just a few weeks away. The HIPAA […]

Although most Covered Entities fulfil the basic requirements of HIPAA training for nurses, these may not always be enough to prevent avoidable HIPAA violations, data breaches, and patient complaints. Therefore, it is recommended Covered Entities […]

Courses that provide HIPAA certification for students can be valuable assets for Covered Entities attempting to cultivate a HIPAA-compliant workforce as they resolve issues with the training requirements of the HIPAA Privacy and Security Rules […]

Because of the role nursing students play in the provision of healthcare, the HIPAA guidelines for nursing students are straightforward. Nonetheless, there have been cases in which nursing students have unintentionally violated HIPAA regulations due […]

The nature of HIPAA training for healthcare administrators can vary considerably depending on factors such as an organization´s size, the responsibilities assigned to healthcare administrators, and individuals´ existing knowledge of HIPAA. It can also be […]

Solo private practices and small group practices are subject to the same HIPAA regulations as nationwide health care systems, and therefore HIPAA training for small medical practices has to cover the same range of subjects […]

HIPAA training for dental offices is a requirement of the Privacy Rule and the Security Rule due to dental offices coming under the definition of a Covered Entity in the Administrative Simplification Provisions of the […]

Because every organization has different HIPAA policies and procedures, what you learn during HIPAA training for new members of the workforce will likely vary from organization to organization. However, what you learn during security and […]

HIPAA training for healthcare workers is a requirement of both the Privacy Rule and the Security Rule. In addition, Covered Entities may need to provide further HIPAA training for healthcare workers if a threat to […]

There has been a significant growth in recent years in companies offering web-based HIPAA training courses. While these courses can provide valuable information about HIPAA and the reasons why policies and procedures exist to safeguard […]

Are you confused about HIPAA training? Are you unsure if HIPAA training is required annually or how often you should be providing security awareness training to your workforce? If so, we hope this post will […]

There is no one-size-fits-all answer to the question of how often is HIPAA training required because, beyond the training requirements of the Privacy and Security Rules, the frequency of HIPAA training should be determined by […]

Without doubt, the best HIPAA training is training that goes beyond the requirements of the Privacy and Security Rules so that Covered Entities and Business Associates have fully HIPAA-aware workforces that can identify potential HIPAA […]

A review of online HIPAA training courses shows a wide range of courses exist. Undoubtedly there are some which are more comprehensive than others, and while price is no guarantee of quality, those that acknowledge […]

If you study the text of the Health Insurance Portability and Accountability Act, the only mention of HIPAA compliance training for Business Associates appears within the Administrative Safeguards of the Security Rule. However, there are […]

Medical offices tend to have more access to PHI than most other healthcare departments and consequently HIPAA training for medical office staff may need to be more comprehensive – and more frequent – than the […]

It is easy to understand why Covered Entities and Business Associates might assume HIPAA training for IT professionals only needs to consist of the security and awareness training required by the HIPAA Security Rule. However, […]

There are two standards in the Health Insurance Portability and Accountability Act that directly relate to HIPAA training for employees – the training standard of the Privacy Rule´s Administrative Requirements (45 CFR § 164.530) and […]

There is no question that HIPAA training for nurses is mandated by the Administrative Requirements of the HIPAA Privacy Rule. However, the content of HIPAA training for nurses should go further than the minimum requirements […]

Because of some confusion about the HIPAA training requirements, many Covered Entities and Business Associates provide basic HIPAA training to all members of their workforces. While this is a good idea because it ensures everyone […]

HIPAA privacy training is sometimes confused with HIPAA Privacy Rule training which requires Covered Entities to train members of its workforce on policies and procedures “with respect to PHI […] as necessary and appropriate for […]

The issue of HIPAA training for managers is complex because, although the Security Rule states management must be included in security awareness training (45 CFR § 164.308), there is no guidance provided on what other […]

There are training requirements in both the HIPAA Privacy and Security Rules; however, many people are unsure about who should have HIPAA training. In this post, we explain the HIPAA training requirements, and which staff […]

The record retention requirements for different types of documentation can be vastly different. Here we explain how long you should keep employee HIPAA training records and other types of HIPAA documentation to ensure you remain […]

When you consider the risk analysis requirements of HIPAA, the potential for corrective action orders, and the inferences of the Security Rule training requirements, the provision of additional HIPAA refresher training training is practically unavoidable. […]

Most Covered Entities are aware that HIPAA training for new staff is a requirement of the Privacy Rule. However, there can be gaps in a Covered Entity´s understanding of which new staff require training, how […]

HIPAA compliance training companies often provide trainees with a certificate at the conclusion of a HIPAA training course to demonstrate trainees have completed the course. This is sometimes referred to as HIPAA Certification, but what […]

HIPAA certification training for employees of HIPAA-covered entities or vendors that provide products or services to the healthcare industry has several advantages. In this post, we explain the benefits of HIPAA certification, but first it […]

Any vendor that wants to provide goods or services to HIPAA-covered entities – healthcare providers, health plans, or healthcare clearinghouses – that requires access to protected health information (PHI) must comply with certain HIPAA provisions. […]

HIPAA privacy and security training must be provided to all new employees, when job functions change, or when there has been a material change in policies or procedures, and while training can take many forms, […]

How long does HIPAA training take? Basic HIPAA training can be provided in a session of up to an hour, although training can take considerably longer depending on the role of an individual in the […]

HIPAA security awareness training is a requirement of the HIPAA Security Rule, which calls for HIPAA covered entities and their business associates to “implement a security awareness and training program for all members of its workforce (including […]

Universities that aim to train the leaders of tomorrow´s healthcare industry must do everything in their power to prepare their students for the many challenges that they will face during their educational and professional lives. […]

The Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules must be adhered to by all covered entities and their business associates, hence it is particularly important for nurses to clearly […]

The healthcare sector in the United States faces escalating data security challenges due to the increased activity of cybercriminals – particularly since the beginning of the COVID-19 pandemic. Consequently, it may be necessary to commit […]

Following the presidential declaration of an emergency in Louisiana and Mississippi due to Hurricane Ida, the Secretary of the Department of Health and Human Services has declared a public health emergency exists in those states […]

Who can sue for a HIPAA violation? Unlike the California Consumer Privacy Act (CCPA), there is no private cause of action in HIPAA, so that means a patient cannot sue for a HIPAA breach even […]

During the past twelve months, the number of recorded ransomware attacks against healthcare organizations – particularly small and medium sized practices – has increased significantly. Security experts believe the increase in recorded ransomware attacks is […]

The vast majority of entities covered by the Health Insurance Portability and Accountability Act (HIPAA) provide regular training to employees on their responsibilities under HIPAA, and employees are diligent and take care not to violate […]

Due to the volume of federal, state, and international privacy regulations, it is understandable some businesses may be uncertain about whether you can ask for proof of COVID-19 vaccination status. The short answer to the […]

Introduced on September 1, 2012, Texas House Bill 300 (HB 300) expands the existing privacy requirements of the Texas Medical Records Privacy Act to any individual or organization that has access to the Protected Health […]

Although the text of HIPAA contains only one reference to passwords, there are several other areas of the Act in which it is inferred HIPAA password requirements exist. For example, under the Technical Safeguards of […]

The value of providing healthcare students with Health Insurance Portability and Accountability Act (HIPAA) training cannot be underestimated as it can prevent serious data breaches from occurring while also increasing the employability of the individuals […]

In any healthcare or healthcare insurance organization it is crucial anyone who comes into contact with patient data is fully aware of what is defined as Protected Health Information (PHI) under HIPAA to ensure they […]

Most HR managers will be aware that if the organization operates a self-funded health insurance plan which is also self-administered, employees with access to protected health information (PHI) are required to undergo HIPAA training. HIPAA […]

Any entity found to have violated the Health Insurance Portability and Accountability Act (HIPAA) Rules can face massive financial penalties and administrative sanctions. For this reason it is crucial for employees to have an in-depth […]

Trying to come up with a definitive answer to the question ‘Who Enforces HIPAA?’ can bring up two very different answers. On one hand there are the official bodies and agencies that are charged with […]

It is crucial that all members of staff at a HIPAA governed entity are completely aware of their obligations under the data privacy legislation – if not it could lead to financial penalties for the […]

Every HIPAA-covered entity must conduct HIPAA training on an ongoing basis to ensure that all employees know what they must do to avoid a HIPAA breach occurring. Equally important as conducting the training is choosing […]

Telehealth is an area that is very important to pay particular attention to when addressing the Health Insurance Portability and Accountability Act (HIPAA) compliance so it is important to be aware of the many different […]

Healthcare groups and their business associates that want to transmit share protected health information must do so in line with the HIPAA Privacy Rule, which restricts the potential uses and disclosures of PHI, but de-identification […]

Listed here is a summary of some of the most significant HIPAA breach cases that have lead to settlement agreements with the Department of Health and Human Services’ Office for Civil Rights (OCR). We have […]

HIPAA compliance is already provided by Amazon for its cloud platform AWS and the group is aiming to increase the use of the Alexa voice recognition technology within the healthcare sector. There is great potential […]

Norton Audubon Hospital  has revealed that a HIPAA violation that a patient alleged took place led to the termination of the registered nurse’s employment contract. The nurse in question, Dianna Hereford, initiated a legal action […]

Currently, there is no private cause of action in HIPAA, so a patient cannot take a legal action for a HIPAA violation. Even if HIPAA Rules have clearly been breached by a healthcare provider, and […]

Because HIPAA was enacted a number of years prior to the evolution of social media platforms, there are no provisions specifically addressing social media networks and PHI in the HIPAA text. However, this does not […]

Using a HIPAA compliance guide will put you in a position to ally your group and your business associates to gain a proper understanding of  the requirements associated with the Health Insurance Portability and Accountability […]

The Health Insurance Portability and Accountability Act (HIPAA) Rules still apply during public health emergencies such as the 2019 Novel Coronavirus (SARS-CoV-2) outbreak. When preventing and dealing with cases of COVID-19, the respiratory disease caused […]

The HIPAA password requirements list the procedures must be established in order to successfully and safely create, amend and protect passwords unless a different, equally-effective security measure is put in place. We suggest the best […]

As the number of medical professionals using personal mobile devices to communicate and collaborate on patient concerns increases it becomes more and more important to ensure that healthcare groups address the use of technology and […]

Healthcare cybersecurity is an increasing problem for organizations. Recent years have seen hacking and IT security incidents steadily increase and many healthcare organizations have struggled to secure their network perimeter and keep cybercriminals away. 2015 […]

The HIPAA guidelines on telemedicine are relevant for all medical professional or healthcare groups that provide a remote service to patients in their homes or in community centers. Many people wrongly think that communicating ePHI […]

Our review of HIPAA history begins on August 21, 1996, when the Healthcare Insurance Portability and Accountability Act (HIPAA) was enacted into law, but why was the HIPAA Act formulated? The HIPAA Act was formulated […]

HIPAA was enacted in 1996. In its initial form, the legislation assisting in making sure that workers would go on receiving health insurance coverage when they were moving between jobs. The legislation also required healthcare […]

Skype Text and messaging platforms like it are a very convenient way of quickly sending data however there is still some discussion around how HIPAA compliant Skype actually is. The Skype service incorporates security measures […]

The HITECH Act – or Health Information Technology for Economic and Clinical Health Act – forms a portion of an economic stimulus program introduced prior to President Trump taking office: The American Recovery and Reinvestment […]

The results of recent research conducted by the consultancy firm CynergisTek has shown that healthcare groups are not adhering with NIST Cybersecurity Framework (CSF) controls and the HIPAA Privacy and Security Rules. For the study, […]

Our February 2018 healthcare data breach report lists the major data breaches reported by healthcare groups, health plans, and business associates in February 2018. Even though February is a shorter month, but there was a […]

HIPAA password requirements state that procedures must be implemented for creating, changing and securing passwords unless a different, equally-effective security measure is chosen. The password requirements under HIPAA are available the Administrative Safeguards of the […]

Amazon Web Services has all the security requirement to adhere with the HIPAA Security Rule and the company is willing to complete a business associate agreement with healthcare groups. So, is AWS HIPAA compliant? The […]

In order to properly address the question, “Is Google Drive HIPAA compliant?” there are a number of factors to consider. This is due to the fact that HIPAA compliance is less about specific technologies and more […]

A $200,000 settlement has been agreed with Best Medical Transcription in relation to HIPAA breaches that were discovered during an investigation of a 2016 breach of 1,650 clients’ protected health information. Best Medical Transcription, a […]

HIPAA-covered organizations must take every possible precaution to ensure protected health information (PHI) sent and received by email is safeguarded both at rest and in transit in order to prevent unauthorized access to patient data. […]

It is vital for all staff members in the healthcare sector to have a firm grasp of what a HIPAA violation is and how to report one. Understanding what a HIPAA violation entails should be […]

The Health Insurance Portability and Accountability Act (HIPAA) brought in many new regulations for healthcare groups, but who polices HIPAA? Which federal departments are charged with making sure HIPAA Rules are adhered to by covered […]

Many healthcare groups have considered the Zoho Office Suite as an alternative software package to organize workflows, but can Zoho be deemed HIPAA compliant? Zoho: What is it? Based in Pleasanton, CA Zoho is developer of […]

Most HIPAA covered bodies, business associates, and healthcare workers take lots of precautions care to ensure HIPAA Rules are adhered to, but what happens when there is accidental HIPAA violation? How should healthcare workers, covered […]

A completed HIPAA release form must be received from a patient prior to their protected health information being shared with other individuals or groups, except in the case of standard disclosures for treatment, payment or […]

A not-for-profit health system that operates Central Washington Hospital, Wenatchee Valley Hospital and a dozen satellite clinics in Central and North Central Washington, has experienced a data breach incident involving a staff member’s email account […]

Does Azure comply with HIPAA? Can Microsoft’s cloud services be implemented by HIPAA covered bodies without breaching HIPAA Rules? Many healthcare groups are considering shifting some of their services to the cloud, and a large […]

The Federal Communication Commission has released a Declaratory Ruling and Order to clarify TCPA rules in relation to HIPAA and patient telephone calls. Some healthcare suppliers have had difficulty understanding TCPA rules in relation to […]