HIPAA Compliance

HIPAA Compliance


Breach Notification- What Do Practices Need to Know?

December 4th, 2018

According to the HIPAA Breach Notification Rule, all covered entities and their business associates are required to report any breach of protected health information. It is essential to understand and implement all breach notification requirements or risk incurring financial penalties as high as $1,500,000 from state attorneys general and the HHS’ Office for Civil Rights.

What is a Breach?


HIPAA and MACRA/MIPS 2018- What You Need To Know

October 15th, 2018

As we move towards the end of the year, many practices and physicians are starting to consider the data they will need to submit under the MACRA/MIPS program. The MACRA/MIPS rules change slightly every year, and this year is no exception. Even though the rules have been adjusted, a basic requirement remains in place:


What is a Security Risk Assessment and Why Does My Practice Need One?

September 20th, 2018

According to the Health Insurance Portability and Accounting Act of 1996 (HIPAA) Security Rule covered entities (CEs) and business associates (Bas) that have access to electronic personal health information (EPHI) are required to implement safeguards necessary to protect it.

Continue reading...


OCR Guidance on Software Vulnerabilities and Patching

September 6th, 2018

Under the HIPAA security rule, HIPAA covered entities (CEs) and business associates (BAs) are required to protect their electronic personal health information (ePHI), which typically involves identifying and mitigating software vulnerabilities that could put (ePHI) at risk. It also includes conducting a risk analysis, and implementing actions that will reduce these risks.


Patch Management- What is Patch Management and Why Should You Care?

August 14th, 2018

Healthcare organizations nationwide remain focused on their IT security, as more and more cyberattacks wreak havoc across the industry. Within the last two years, nearly 50% of companies have experienced a data breach, and the severity of these attacks appear to be getting worse.


Business E-mail Compromise: How to Protect Your Organization

July 24th, 2018

In 2016, the FBI released a public service announcement warning that “business email compromise (BEC) scams have increased by 1,300% since 2015 and have cost businesses more than $3 billion. Making it a significant threat that businesses should be aware of to reduce the likelihood of becoming a victim.


Orangeworm is Wreaking Havoc on the Healthcare Sector

June 12th, 2018

According to a recent report by Symantec security firm, a cyber group called Orangeworm has targeted the healthcare industry and is wreaking its havoc across the sector worldwide. The group has been unleashing a malware known as Trojan.Kwampirs to gain remote access and compromise the computer systems of firms in the United States, Europe, and Asia. The purpose of the attacks is believed to be corporate espionage; their victims include healthcare providers, pharmaceutical firms, IT solution providers, and healthcare equipment manufacturers among others. (1)


HIPAA Compliance Tips for Mobile Data Security

May 16th, 2018

Nearly 4 out of 5 healthcare providers use a mobile device for professional purposes. These numbers continue to rise as healthcare organizations place an increased focus on efficiency and productivity. (1) Although mobile devices are incredibly efficient and convenient, they also harbor measurable risks for data breach and the exposure of protected health information (PHI).


Navigating Mobile Devices and HIPAA

May 3rd, 2018

The mobile technology revolution has impacted nearly every industry across the globe, with healthcare being no exception. Hospitals, clinics, and providers have all quickly embraced the use of smartphones and other mobile devices along with the convenience of accessing important medical information quickly.


SamSam Ransomware attacks Allscripts- What You Should Know

February 14th, 2018

Another strain of ransomware has wreaked its havoc on the healthcare industry. This time its victims include over 45,000 medical practices and 180,000 physicians that are clients of Allscripts Healthcare Solutions, Inc. Allscripts is a publicly traded American company that provides physician practices, hospitals, and other healthcare providers with practice management and electronic health record technology.


The Prevalence of Sharing Passwords

November 29th, 2017

Data breaches and ransomware attacks are among some of the top challenges that healthcare organizations face today. These issues can lead to extensive damage affecting entire organizations. Whether it is the breach of a patient’s privacy or the disruption of operations across an entire system, just one negative event has the potential to destroy a hospital’s reputation.


10 Best Practices for HIPAA Compliance

August 31st, 2017

A failure to understand HIPAA requirements can be a very costly mistake, as CardioNet learned just a couple months ago. In April, the wireless health services provider agreed to a settlement of $2.5 million for a potential noncompliance with the HIPAA Privacy and Security Rules. (1) The violation occurred when a company laptop containing the ePHI of 1,391 individuals was stolen from an employee’s vehicle parked outside their home.


World’s Largest Cyber-Attack

June 20th, 2017

Recently the world’s largest cyber-attack unleashed its havoc across 150 countries crippling more than 300,000 victims and hundreds of organizations worldwide. Hospitals, universities, government offices, and large business were among those affected, including sixteen NHS hospitals in the UK. Many of them had to cancel surgeries, appointments, and send patients elsewhere due to the fallout.


The Real Cost of a Data Breach

May 24th, 2017

Healthcare data breaches are costing the U.S. healthcare industry nearly $6.2 billion each year. (2) In fact, healthcare has the highest cost per breached record of any other industry. Why?


$5.5 Million Breach Settlement: Second Largest Fine to Date

April 17th, 2017

Last month, Memorial Healthcare System (MHS) agreed to implement a comprehensive corrective action plan and pay a 5.5-million-dollar settlement for the breach of protected health information (PHI) that affected over 100,000 individuals. This is the second largest fine against a covered entity to date, sending a strong message that audit controls will be a key focus for the future. (1)


HIPAA Audits of Covered Entities and Business Associates

April 3rd, 2017

In August, Advocate Health Care Network agreed to pay a $5.55 million settlement with the U.S. Department of Health and Human Services Office for Civil Rights (OCR), for multiple HIPAA violations. In addition, HHS also recently announced a $650,000 resolution settlement against the Catholic Health Care Services of the Archdiocese of Philadelphia.


HIPAA Audits of Covered Entities and Business Associates

November 15th, 2016

In August, Advocate Health Care Network agreed to pay a $5.55 million settlement with the U.S. Department of Health and Human Services Office for Civil Rights (OCR), for multiple HIPAA violations. In addition, HHS also recently announced a $650,000 resolution settlement against the Catholic Health Care Services of the Archdiocese of Philadelphia.


The Basics on Business Associates and Contract Agreements

October 24th, 2016

What is a Business Associate?

Business associates are considered any third-party contractor that performs work or activities on behalf of a healthcare organization or covered entity that involve the use or disclosure of protected health information (1).


Curiosity Has Its Cost

October 11th, 2016

In June, the victims of the horrific Orlando shooting at Pulse Nightclub were also victims of a privacy breach when their personal health information was accessed without authorization by a few curious employees at Orlando Health Hospital. The hospital confirmed that employees have previously received HIPAA training on patient privacy. However, they are now retraining staff and increasing auditing and monitoring of patient records in response to the breach. Experts say the hospital could be responsible for penalties up to $100,000 depending on the severity. A high price for personal curiosity.


HIPAA Section 1557 Language Access Requirements

September 27th, 2016

Section 1557 is the non-discrimination provision of the Affordable Care Act (ACA) that protects individuals from discrimination in health care based on race, color, national origin, age, disability, and sex; including discrimination based on pregnancy, gender identity and sex stereotyping.


1 2