HIPAA security awareness training is a requirement of the HIPAA Security Rule, which calls for HIPAA covered entities and their business associates to “implement a security awareness and training program for all members of its workforce (including management).”...

HIPAA training for student nurses holds substantial importance in preparing these future healthcare professionals to effectively navigate the complex landscape of patient information privacy and security, offering them a comprehensive understanding of the legal and...

Following the presidential declaration of an emergency in Louisiana and Mississippi due to Hurricane Ida, the Secretary of the Department of Health and Human Services has declared a public health emergency exists in those states and has announced HIPAA sanctions and...

Who can sue for a HIPAA violation? Unlike the California Consumer Privacy Act (CCPA), there is no private cause of action in HIPAA, so that means a patient cannot sue for a HIPAA breach even if their protected health information has been impermissibly disclosed or...

During the past twelve months, the number of recorded ransomware attacks against healthcare organizations – particularly small and medium sized practices - has increased significantly. Security experts believe the increase in recorded ransomware attacks is...

The vast majority of entities covered by the Health Insurance Portability and Accountability Act (HIPAA) provide regular training to employees on their responsibilities under HIPAA, and employees are diligent and take care not to violate the HIPAA Rules or put patient...

Many suppliers would like HIPAA certification to confirm they are fully compliant with HIPAA Rules and are knowledgeable with all parts of the Health Insurance Portability and Accountability Act (HIPAA), but can HIPAA certification be achieved in order to confirm...

Due to the volume of federal, state, and international privacy regulations, it is understandable some businesses may be uncertain about whether you can ask for proof of COVID-19 vaccination status. The short answer to the question is yes. There are no federal, state,...

Although the text of HIPAA contains only one reference to passwords, there are several other areas of the Act in which it is inferred HIPAA password requirements exist. For example, under the Technical Safeguards of the Security Rule (45 CFR § 164.312), covered...

The value of providing healthcare students with Health Insurance Portability and Accountability Act (HIPAA) training cannot be underestimated as it can prevent serious data breaches from occurring while also increasing the employability of the individuals who...

It is crucial that all members of staff at a HIPAA governed entity are completely aware of their obligations under the data privacy legislation - if not it could lead to financial penalties for the organization and other ramifications for the individual responsible...

Every HIPAA-covered entity must conduct HIPAA training on an ongoing basis to ensure that all employees know what they must do to avoid a HIPAA breach occurring. Equally important as conducting the training is choosing the best time to do so. There is an obligation on...

Telehealth is an area that is very important to pay particular attention to when addressing the Health Insurance Portability and Accountability Act (HIPAA) compliance so it is important to be aware of the many different types of telehealth that have been created to...

Healthcare groups and their business associates that want to transmit share protected health information must do so in line with the HIPAA Privacy Rule, which restricts the potential uses and disclosures of PHI, but de-identification of protected health information...

Listed here is a summary of some of the most significant HIPAA breach cases that have lead to settlement agreements with the Department of Health and Human Services’ Office for Civil Rights (OCR). We have also listed some cases that have been pursued by OCR after a...

HIPAA compliance is already provided by Amazon for its cloud platform AWS and the group is aiming to increase the use of the Alexa voice recognition technology within the healthcare sector. There is great potential for Alexa to make a lot of workflows much more...

Currently, there is no private cause of action in HIPAA, so a patient cannot take a legal action for a HIPAA violation. Even if HIPAA Rules have clearly been breached by a healthcare provider, and harm has been sustained due to this, it is not possible for patients to...

Because HIPAA was enacted a number of years prior to the evolution of social media platforms, there are no provisions specifically addressing social media networks and PHI in the HIPAA text. However, this does not mean HIPAA does not apply to social media networks. In...

Using a HIPAA compliance guide will put you in a position to ally your group and your business associates to gain a proper understanding of  the requirements associated with the Health Insurance Portability and Accountability Act (HIPAA). It is vital that all...

The Health Insurance Portability and Accountability Act (HIPAA) Rules still apply during public health emergencies such as the 2019 Novel Coronavirus (SARS-CoV-2) outbreak. When preventing and dealing with cases of COVID-19, the respiratory disease caused by...

The HIPAA password requirements list the procedures must be established in order to successfully and safely create, amend and protect passwords unless a different, equally-effective security measure is put in place. We suggest the best way to adhere with the HIPAA...

As the number of medical professionals using personal mobile devices to communicate and collaborate on patient concerns increases it becomes more and more important to ensure that healthcare groups address the use of technology and HIPAA compliance. Many forms of...

Healthcare cybersecurity is an increasing problem for organizations. Recent years have seen hacking and IT security incidents steadily increase and many healthcare organizations have struggled to secure their network perimeter and keep cybercriminals away. 2015 was...

The HIPAA guidelines on telemedicine are relevant for all medical professional or healthcare groups that provide a remote service to patients in their homes or in community centers. Many people wrongly think that communicating ePHI at distance is allowable when the...

Our review of HIPAA history begins on August 21, 1996, when the Healthcare Insurance Portability and Accountability Act (HIPAA) was enacted into law, but why was the HIPAA Act formulated? The HIPAA Act was formulated to “improve the portability and accountability of...

Skype Text and messaging platforms like it are a very convenient way of quickly sending data however there is still some discussion around how HIPAA compliant Skype actually is. The Skype service incorporates security measures to stop unauthorized access of...

The results of recent research conducted by the consultancy firm CynergisTek has shown that healthcare groups are not adhering with NIST Cybersecurity Framework (CSF) controls and the HIPAA Privacy and Security Rules. For the study, CynergisTek reviewed the results of...

Our February 2018 healthcare data breach report lists the major data breaches reported by healthcare groups, health plans, and business associates in February 2018. Even though February is a shorter month, but there was a rise in the number of healthcare data breaches...