Following the presidential declaration of an emergency in Louisiana and Mississippi due to Hurricane Ida, the Secretary of the Department of Health and Human Services has declared a public health emergency exists in those states and has announced HIPAA sanctions and...

Who can sue for a HIPAA violation? Unlike the California Consumer Privacy Act (CCPA), there is no private cause of action in HIPAA, so that means a patient cannot sue for a HIPAA breach even if their protected health information has been impermissibly disclosed or...

During the past twelve months, the number of recorded ransomware attacks against healthcare organizations – particularly small and medium sized practices - has increased significantly. Security experts believe the increase in recorded ransomware attacks is...

The vast majority of entities covered by the Health Insurance Portability and Accountability Act (HIPAA) provide regular training to employees on their responsibilities under HIPAA, and employees are diligent and take care not to violate the HIPAA Rules or put patient...

Many suppliers would like HIPAA certification to confirm they are fully compliant with HIPAA Rules and are knowledgeable with all parts of the Health Insurance Portability and Accountability Act (HIPAA), but can HIPAA certification be achieved in order to confirm...

Due to the volume of federal, state, and international privacy regulations, it is understandable some businesses may be uncertain about whether you can ask for proof of COVID-19 vaccination status. The short answer to the question is yes. There are no federal, state,...

Although the text of HIPAA contains only one reference to passwords, there are several other areas of the Act in which it is inferred HIPAA password requirements exist. For example, under the Technical Safeguards of the Security Rule (45 CFR § 164.312), covered...

The value of providing healthcare students with Health Insurance Portability and Accountability Act (HIPAA) training cannot be underestimated as it can prevent serious data breaches from occurring while also increasing the employability of the individuals who...

It is crucial that all members of staff at a HIPAA governed entity are completely aware of their obligations under the data privacy legislation - if not it could lead to financial penalties for the organization and other ramifications for the individual responsible...

Every HIPAA-covered entity must conduct HIPAA training on an ongoing basis to ensure that all employees know what they must do to avoid a HIPAA breach occurring. Equally important as conducting the training is choosing the best time to do so. There is an obligation on...

Telehealth is an area that is very important to pay particular attention to when addressing the Health Insurance Portability and Accountability Act (HIPAA) compliance so it is important to be aware of the many different types of telehealth that have been created to...

Healthcare groups and their business associates that want to transmit share protected health information must do so in line with the HIPAA Privacy Rule, which restricts the potential uses and disclosures of PHI, but de-identification of protected health information...

Listed here is a summary of some of the most significant HIPAA breach cases that have lead to settlement agreements with the Department of Health and Human Services’ Office for Civil Rights (OCR). We have also listed some cases that have been pursued by OCR after a...

HIPAA compliance is already provided by Amazon for its cloud platform AWS and the group is aiming to increase the use of the Alexa voice recognition technology within the healthcare sector. There is great potential for Alexa to make a lot of workflows much more...

Currently, there is no private cause of action in HIPAA, so a patient cannot take a legal action for a HIPAA violation. Even if HIPAA Rules have clearly been breached by a healthcare provider, and harm has been sustained due to this, it is not possible for patients to...

Because HIPAA was enacted a number of years prior to the evolution of social media platforms, there are no provisions specifically addressing social media networks and PHI in the HIPAA text. However, this does not mean HIPAA does not apply to social media networks. In...

Using a HIPAA compliance guide will put you in a position to ally your group and your business associates to gain a proper understanding of  the requirements associated with the Health Insurance Portability and Accountability Act (HIPAA). It is vital that all...

The Health Insurance Portability and Accountability Act (HIPAA) Rules still apply during public health emergencies such as the 2019 Novel Coronavirus (SARS-CoV-2) outbreak. When preventing and dealing with cases of COVID-19, the respiratory disease caused by...

As the number of medical professionals using personal mobile devices to communicate and collaborate on patient concerns increases it becomes more and more important to ensure that healthcare groups address the use of technology and HIPAA compliance. Many forms of...

Healthcare cybersecurity is an increasing problem for organizations. Recent years have seen hacking and IT security incidents steadily increase and many healthcare organizations have struggled to secure their network perimeter and keep cybercriminals away. 2015 was...

The HIPAA guidelines on telemedicine are relevant for all medical professional or healthcare groups that provide a remote service to patients in their homes or in community centers. Many people wrongly think that communicating ePHI at distance is allowable when the...

Our review of HIPAA history begins on August 21, 1996, when the Healthcare Insurance Portability and Accountability Act (HIPAA) was enacted into law, but why was the HIPAA Act formulated? The HIPAA Act was formulated to “improve the portability and accountability of...

Skype Text and messaging platforms like it are a very convenient way of quickly sending data however there is still some discussion around how HIPAA compliant Skype actually is. The Skype service incorporates security measures to stop unauthorized access of...

The results of recent research conducted by the consultancy firm CynergisTek has shown that healthcare groups are not adhering with NIST Cybersecurity Framework (CSF) controls and the HIPAA Privacy and Security Rules. For the study, CynergisTek reviewed the results of...

Our February 2018 healthcare data breach report lists the major data breaches reported by healthcare groups, health plans, and business associates in February 2018. Even though February is a shorter month, but there was a rise in the number of healthcare data breaches...

Amazon Web Services has all the security requirement to adhere with the HIPAA Security Rule and the company is willing to complete a business associate agreement with healthcare groups. So, is AWS HIPAA compliant? The answer is both Yes and No. AWS can be deemed as...

In order to properly address the question, “Is Google Drive HIPAA compliant?” there are a number of factors to consider. This is due to the fact that HIPAA compliance is less about specific technologies and more about how technologies are utilized. Any software...

A $200,000 settlement has been agreed with Best Medical Transcription in relation to HIPAA breaches that were discovered during an investigation of a 2016 breach of 1,650 clients’ protected health information. Best Medical Transcription, a business associate of Virtua...