Health Information Compliance Alert

Protect Yourself:
Mobile & Medical Devices Are Ripe For HIPAA Breaches
Know what specific policies and procedures the OCR is looking for you to have in place. ... Read more
Breaches:
When Self-Reporting A Breach Leads To An Even More Serious Investigation
HIPAA compliance practices practically non-existent? That’ll cost you millions. ... Read more
Checklist:
Follow 10 Critical Steps For An Effective Breach Response
Remember to record breach incidents in your accounting of disclosures log. With sever... Read more
Enforcement News:
Why Hospital Isn't Liable For Employee's Facebook Posting Of Patient's PHI
Plus: Senators want HHS to clear up confusion over medical identity theft and HIPAA. ... Read more
Reader Question:
Does The HIPAA Security Rule Require You To Use Encryption?
Question:  Is the use of encryption mandatory under the HIPAA Security Rule? ... Read more
Reader Question:
Can You Disclose Exam/Test Results To Employers?
Question: When an employer pays our medical office to perform drug tests, fitness-for-du... Read more
Case Study:
Take These 4 Actions Before (Not After) A Breach Incident Occurs
Beware: An additional state AG has healthcare data breaches in its crosshairs. Yet an... Read more
Compliance:
Brace Yourself For Amped-Up EHR & HIPAA Compliance Enforcement
Hospitals will endure additional scrutiny from the OIG. Just when you thought that HIP... Read more
Toolkit:
BAs: Use This Checklist To Make Sure You're HIPAA-Compliant
So much information is available for covered entities (CEs) seeking to comply with HIPAA... Read more
Enforcement News:
Don't Let Your Paper Files Trigger A HIPAA Breach
Plus: Nevada is getting serious about health data-related identity theft. Breach repor... Read more
Reader Question:
Do You Need To Comply With PCI Standards?
Question: Our practice accepts credit and debit card payments from patients. Does t... Read more
Reader Question:
How Can You Make Patients More Comfortable With EHRs?
Question: Some of our patients have expressed concerns over our increasing use of e... Read more
Case Study:
Watch Out: Hackers Want Your Patient Databases
How cyberattackers are gaining easy access to your data. This hasn’t been a good... Read more
Compliance:
Enjoy More Flexibility & Eased Burdens For EHR Incentive Programs
Certification criteria also gets a makeover for 2015 Edition. The Medicare and Medicai... Read more
Enforcement News:
Look Out: OCR Now Has 'Something To Prove'
Plus: Mobile health developers are getting a HIPAA education. As if you didn’t h... Read more
Reader Questions:
Will You Violate HIPAA If You Report Illegal Immigrants?
Question: If our medical office reports someone who is an illegal immigrant, is thi... Read more
Reader Questions:
Are You Doing These 3 Things When Inventorying Your BAs?
Question: Our clinic is reviewing all our business associates (BAs) and associated ... Read more
Reader Questions:
What's The Difference Between Remote Disabling & Remote Wiping?
Question: Clinicians in our practice often use mobile devices, including tablets an... Read more
Case Study:
Backup Devices: Learn 3 Crucial Lessons From The Latest Data Breaches
Why encryption is well worth the cost, especially with flash drives. Flash drives, or ... Read more
Compliance:
Dispel 7 Common HIPAA Compliance Myths
What to do when clergy members want to visit hospital patients. With all the minutiae ... Read more
Chart:
Employ Effective Risk Management Strategies For Remote Users
How to prevent ePHI exposure when a laptop or other portable device is lost or stolen. ... Read more
Enforcement News:
Step-By-Step Guidance Helps You To Make Mobile Devices More Secure
Plus: FDA warns of infusion system at risk for cybersecurity issues. You’ll soon... Read more
Reader Question:
Breach Affecting Single Person: Do You Still Officially Report It?
Question: If the person affected by a breach knows about it already, do we still ha... Read more
Reader Question:
How Long Must You Retain Electronic Medical Records?
Question: Does the HIPAA Privacy Rule specify a certain amount of time that our med... Read more
Reader Question:
What Format Must You Use For Breach Documentation?
Question: For documentation regarding a breach, do we need to have hard copies (pap... Read more
Case Study:
Implementing New Technology? Perform A Risk Analysis Or Pay The Price
Don’t let portable devices go without proper encryption and proper security precau... Read more
Policies & Procedures:
Smarten Up Your Data Retention Policy -- Pronto
Beware: Old data left on your network server will only worsen breach fallout. Did you ... Read more
Toolkit:
Self-Assessment: Do You Have Adequate EHR Contingency Planning?
Keep your contingency planning current to comply with Meaningful Use and HIPAA. Safety... Read more
Enforcement News:
How PHI Disclosure By Employees Earned HIPAA Whistleblower Exception
Plus: Illinois courts want to see real injury when considering breach lawsuits. One of... Read more
Reader Questions:
How Can You Find Out If Your Practice Management Software Is Encrypted?
Question: How can I find out whether our practice management software is encrypted?... Read more
Reader Questions:
What Can You Do To Avoid 'Unintended Consequence' Of EHR Use?
Question: What should our practice do (that’s feasible) to prevent unintended... Read more
Audits:
What To Expect From The New OIG Security Audits
BAs are off the hook for ePHI security reviews — for now. If you’re partic... Read more
Security Rule:
Debunk 10 Myths About HIPAA Security Compliance
Why cybersecurity doesn’t trump physical security. Misinformation and myths abou... Read more
Toolkit:
Questionnaire: Assess Your Practice,s EHR & Health IT Risks
Questions focus on three major risk areas: confidentiality, integrity, and availability.... Read more
Enforcement News:
Beware: Data Theft Still Topping Large-Scale Breach Incidents
Plus: Don’t let employees go on shopping sprees on your patients’ dime. Ju... Read more
Reader Questions:
Is Your Vendor A Business Associate Under HIPAA?
Question: Our practice is contracting with a new vendor. I sent the vendor a busine... Read more
Reader Questions:
Do You Need To Post Your NPP On Your Facebook Page?
Question: We’ve just launched a Facebook page for our medical office. Do we n... Read more
Reader Questions:
Is This A Breach If PHI Doesn't Leave The Facility?
Question: An employee at our hospital accessed records for which he had no legitima... Read more
Case Study:
Keep Your Eye On 'Look-Alike' Domain Names To Prevent Cyberattacks
How latest HIPAA breach could involve hackers in China. Health insurance companies see... Read more
Privacy Rule:
Dispel 4 Common PHI Disclosure-Related Myths
HIPAA Privacy Rule does not trump state law-required reporting. With all of the breach... Read more
Toolkit:
Table: Understand Other Privacy/Security Laws & Requirements
ONC offers new guide to electronic health information for small providers.  Mista... Read more
Enforcement News:
Does Your Employee Confidentiality Policy Violate The NLRA?
Plus: Healthcare breaches due to criminal attacks are on the rise. Even if your employ... Read more
Reader Questions:
Should You Reply In The Same Way When Contacted Via Social Media?
Question:  What if someone contacts our practice through social media and asks... Read more
Reader Questions:
When Does HIPAA Permit Incidental Disclosure?
Question:  When does the HIPAA Privacy Rule allow an incidental healthcare disclosu... Read more
Case Study:
Get Ready For A 'Flood' Of Settlement Agreements From HIPAA Violations
Beware: Paper medical records are a hot commodity on the black market. If you have any... Read more
EHRs:
Need To Know: Ask 7 Questions Of Your EHR Developer
Understand the ins and outs of how your backup and recovery system works. Your electro... Read more
Toolkit:
Mitigate Your Security Risks With Different Types Of EHR Hosts
Cloud-based EHRs make you more dependent on your Internet connection. Do you know the ... Read more
Enforcement News:
When Medicare Will Remove Your Patients' SSNs From ID Cards
Plus: Find out how CMS plans to ease your MU reporting duties. Your patients will soon... Read more
Reader Questions:
Is Patient Consent Necessary For Secure Communications?
Question: Is patient consent required under HIPAA to allow secure encrypted communi... Read more
Reader Questions:
Can You Rely On '100% HIPAA Compliant' Products?
Question: Our office has purchased encryption software that claims to be “100... Read more
Reader Question:
When Must You Send Out Updated NPPs?
Question: Our office is updating our Notice of Privacy Practices (NPP) to include t... Read more
Case Study:
Beware: HIPAA Compliance Won't Always Ensure Protection From Breaches
Take 5 steps to go beyond Security Rule standards to protect your data. The most recen... Read more
HIPAA Lawsuits:
4 Ways Plaintiffs Get Around No-Private-Right-Of-Action Rule
How breach of contract claim may directly impact your NPP. Sure, the federal HIPAA reg... Read more
Security Rule:
Take 5 Steps To Manage Mobile Device Use In Your Organization
Weigh the risks versus the benefits before using mobile devices. As more and more heal... Read more
Enforcement News:
Heads Up: Another Court Shoots Down Lawsuit Based On 'Actual Harm'
Plus: OCR’s ‘Wall of Shame’ gets a makeover and new web address. The... Read more
Mobile Device Safeguards:
Quick Tips For Tighter Security
Beware of file-sharing apps and public Wi-Fi connections. Mobile devices are certainly... Read more
Reader Questions:
Does Bluetooth Endanger HIPAA Security On Mobile Devices?
Question: Our clinicians use smartphones and tablets. Some of these devices have Bluetoo... Read more
Reader Question:
What's The Difference Between 'Patches' & 'Updates?'
Question: Are “patches” and “updates” the same thing? If no... Read more
Case Study:
How 'Phishing' Netted A Monster Of A HIPAA Breach
What Anthem did right, and how you can do it too. Cyber hackers have really outdone th... Read more
Take A Peek Inside Health Insurers' Cyber Security Practices
Despite lackluster efforts in key security areas, insurers’ confidence is strong. ... Read more
Audits:
OCR Audits Delayed -- But Don't Let Your Guard Down
Brace yourself for more comprehensive audits instead of desk reviews. The HHS Office f... Read more
Toolkit:
Kick Off Your Cybersecurity Action Plan With This Checklist
Remember to plan for the unexpected using good backup practices. With so many large, h... Read more
Enforcement News:
Check Out OCR's New Online Breach Notification Form
Plus: Medical identity theft costs your patients not just money, but their health, too. ... Read more
HIPAA Compliance:
HIPAA In 2015: Prepare Yourself For 5 Big Trends
Prediction: State law claims will continue to facilitate breach lawsuits. What does... Read more
Meaningful Use:
Good News: CMS Feels Your MU Pain
But don’t expect to escape payment penalties if you’re noncompliant. The C... Read more
Case Study:
How To Handle Employee 'Snooping' HIPAA Breaches
Follow these tips to protect yourself when terminating peeping employees. You know wha... Read more
Enforcement News:
Warning: Laptops Used In The Field Are At High Risk
Plus: You’ll pay big for improperly dumping patient files. Just because a laptop... Read more
Reader Question:
Is A Complete Security Risk Analysis Optional For Small Providers?
Question: As a very small healthcare provider, do we really need to conduct an in-depth ... Read more
Reader Question:
Do We Really Need Both Anti-Virus And Anti-Malware Software?
Question: Does our practice need to have both antivirus and anti-malware software? What&... Read more
Reader Question:
How Can You Know Whether mHealth App Is HIPAA Compliant?
Question: Our practice would like to start using a mobile health app to engage our patie... Read more
Case Study:
Watch Out: Data Breach Litigation Is Getting More Creative
Missouri court doesn’t care about proving actual damages suffered. Attorneys fil... Read more
HIPAA Compliance:
Weigh The Pros & Cons Of Communicating With Patients Via Texting
Check out these ‘HIPAA compatible’ text messaging Apps. Text messaging is ... Read more
Try A Secure Texting Solution:
15 Available Apps
Some texting Apps even provide a signed BAA for your convenience. If you decide to com... Read more
Enforcement News:
No 'Present Injury,' No Grounds For Lawsuit, State Court Says
Plus: Encryption policy does nothing if you don’t actually follow it. If you&rsq... Read more
Reader Question:
Is A 'Consent Form' A Good Idea For Email Communications?
Question: Should we develop some sort of consent form for patients to sign if they ... Read more
Reader Question:
What Are Some Tips To Elicit More Support For Risk Management?
Question: How can I get support from management for my risk management program? A... Read more
Available Years:  2015  2014  2013  2012  2011  2010  2009  2008  2007  2006  2005  2004  2003  2002