HIPAA stands for the Health Insurance Portability and Accountability Act of 1996, but there’s a more to it than that.

Immerse yourself in an introduction to one of the most talked about and relevant laws today. Every American under the Affordable Care Act should be aware of HIPAA. Individuals or companies that create, receive, maintain, or transmit heal… Continue Reading

21st Century Cures Act Includes Prohibition on Information Blocking and Mandates for Additional HIPAA Guidance On November 30, 2016, the U.S. House of Representatives voted strongly in favor of the 21st Century Cures Act (the Act), an expansive health bill that addresses the discovery and development of new medical therapies as well the delivery of health care treatment by providers. In 2015, the House had previously approved an earlier version … Continue Reading
Bubble Guppies and PHI: Tips for Telecommuting Policies Federal enforcement agencies are increasingly focusing on HIPAA breaches which involve mishandling of PHI by telecommuters.  Two recent cases illustrate the liability exposure resulting from inadequate oversight of staff working remotely. Medical equipment supplier Lincare was fined $239,800 as a result of a breach which occurred when an employee left unprotected PHI in a car […]
OCR Guidance Underscores Importance of Authentication under HIPAA In its tenth OCR Cyber Awareness Newsletter of the year (Newsletter), the Office for Civil Rights (OCR) reminded HIPAA-covered entities and business associates of the importance of selecting an appropriate authentication method to protect electronic protected health information (ePHI). Authentication is the process used to “verify whether someone or something is who or what it … Continue Reading
FTC Issues Compliance Guidance for Organizations that Share and Collect PHI The Federal Trade Commission (FTC) recently issued Guidance to remind HIPAA compliant organizations that share and collect protected health information (PHI) for commercial activities that they must also comply with FTC Act disclosure requirements. The FTC Act prohibits unfair or deceptive acts or practices in or affecting commerce. The Guidance cautions that organizations should consider all disclosure … Continue Reading
GAO Report Criticizes HHS’ HIPAA Cybersecurity Guidance and Program Recently, the Government Accountability Office (GAO) reviewed the U.S. Department of Health and Human Services’ (HHS) security and privacy oversight and identified significant gaps in the cybersecurity guidance provided by HHS to entities regulated by HIPAA. The report’s primary criticism emphasized that though HHS prepared a crosswalk with the National Institute of Standards and Technology … Continue Reading
Recap of the OCR/NIST Conference on Safeguarding Health Information

Representatives from government and the private sector discussed the present state of healthcare cybersecurity, and experts discussed practical strategies for implementing the HIPAA Security Rule at the ninth annual “Safeguarding Health Information: Building Assurance through HIPAA Security” conference held from October 19–20, 2016 and co-hosted by the National Institute of Standards and Technology (NIST) and the Department of … Continue Reading

Covered Entities and Business Associates may be ringing in the New Year with the prospect of responding to on-site HIPAA audits by federal regulators. The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has announced that a certain number of comprehensive on-site HIPAA compliance reviews will be done over the first quarter of next year. Details … Continue Reading