Health Information Compliance Alert
Protect Yourself:
Mobile & Medical Devices Are Ripe For HIPAA Breaches
Know what specific policies and procedures the OCR is looking for you to have in place. ... Read more
Mobile & Medical Devices Are Ripe For HIPAA Breaches
Know what specific policies and procedures the OCR is looking for you to have in place. ... Read more
Breaches:
When Self-Reporting A Breach Leads To An Even More Serious Investigation
HIPAA compliance practices practically non-existent? That’ll cost you millions. ... Read more
When Self-Reporting A Breach Leads To An Even More Serious Investigation
HIPAA compliance practices practically non-existent? That’ll cost you millions. ... Read more
Checklist:
Follow 10 Critical Steps For An Effective Breach Response
Remember to record breach incidents in your accounting of disclosures log. With sever... Read more
Follow 10 Critical Steps For An Effective Breach Response
Remember to record breach incidents in your accounting of disclosures log. With sever... Read more
Enforcement News:
Why Hospital Isn't Liable For Employee's Facebook Posting Of Patient's PHI
Plus: Senators want HHS to clear up confusion over medical identity theft and HIPAA. ... Read more
Why Hospital Isn't Liable For Employee's Facebook Posting Of Patient's PHI
Plus: Senators want HHS to clear up confusion over medical identity theft and HIPAA. ... Read more
Reader Question:
Does The HIPAA Security Rule Require You To Use Encryption?
Question: Is the use of encryption mandatory under the HIPAA Security Rule? ... Read more
Does The HIPAA Security Rule Require You To Use Encryption?
Question: Is the use of encryption mandatory under the HIPAA Security Rule? ... Read more
Reader Question:
Can You Disclose Exam/Test Results To Employers?
Question: When an employer pays our medical office to perform drug tests, fitness-for-du... Read more
Can You Disclose Exam/Test Results To Employers?
Question: When an employer pays our medical office to perform drug tests, fitness-for-du... Read more
Case Study:
Take These 4 Actions Before (Not After) A Breach Incident Occurs
Beware: An additional state AG has healthcare data breaches in its crosshairs. Yet an... Read more
Take These 4 Actions Before (Not After) A Breach Incident Occurs
Beware: An additional state AG has healthcare data breaches in its crosshairs. Yet an... Read more
Compliance:
Brace Yourself For Amped-Up EHR & HIPAA Compliance Enforcement
Hospitals will endure additional scrutiny from the OIG. Just when you thought that HIP... Read more
Brace Yourself For Amped-Up EHR & HIPAA Compliance Enforcement
Hospitals will endure additional scrutiny from the OIG. Just when you thought that HIP... Read more
Toolkit:
BAs: Use This Checklist To Make Sure You're HIPAA-Compliant
So much information is available for covered entities (CEs) seeking to comply with HIPAA... Read more
BAs: Use This Checklist To Make Sure You're HIPAA-Compliant
So much information is available for covered entities (CEs) seeking to comply with HIPAA... Read more
Enforcement News:
Don't Let Your Paper Files Trigger A HIPAA Breach
Plus: Nevada is getting serious about health data-related identity theft. Breach repor... Read more
Don't Let Your Paper Files Trigger A HIPAA Breach
Plus: Nevada is getting serious about health data-related identity theft. Breach repor... Read more
Reader Question:
Do You Need To Comply With PCI Standards?
Question: Our practice accepts credit and debit card payments from patients. Does t... Read more
Do You Need To Comply With PCI Standards?
Question: Our practice accepts credit and debit card payments from patients. Does t... Read more
Reader Question:
How Can You Make Patients More Comfortable With EHRs?
Question: Some of our patients have expressed concerns over our increasing use of e... Read more
How Can You Make Patients More Comfortable With EHRs?
Question: Some of our patients have expressed concerns over our increasing use of e... Read more
Case Study:
Watch Out: Hackers Want Your Patient Databases
How cyberattackers are gaining easy access to your data. This hasn’t been a good... Read more
Watch Out: Hackers Want Your Patient Databases
How cyberattackers are gaining easy access to your data. This hasn’t been a good... Read more
Compliance:
Enjoy More Flexibility & Eased Burdens For EHR Incentive Programs
Certification criteria also gets a makeover for 2015 Edition. The Medicare and Medicai... Read more
Enjoy More Flexibility & Eased Burdens For EHR Incentive Programs
Certification criteria also gets a makeover for 2015 Edition. The Medicare and Medicai... Read more
Enforcement News:
Look Out: OCR Now Has 'Something To Prove'
Plus: Mobile health developers are getting a HIPAA education. As if you didn’t h... Read more
Look Out: OCR Now Has 'Something To Prove'
Plus: Mobile health developers are getting a HIPAA education. As if you didn’t h... Read more
Reader Questions:
Will You Violate HIPAA If You Report Illegal Immigrants?
Question: If our medical office reports someone who is an illegal immigrant, is thi... Read more
Will You Violate HIPAA If You Report Illegal Immigrants?
Question: If our medical office reports someone who is an illegal immigrant, is thi... Read more
Reader Questions:
Are You Doing These 3 Things When Inventorying Your BAs?
Question: Our clinic is reviewing all our business associates (BAs) and associated ... Read more
Are You Doing These 3 Things When Inventorying Your BAs?
Question: Our clinic is reviewing all our business associates (BAs) and associated ... Read more
Reader Questions:
What's The Difference Between Remote Disabling & Remote Wiping?
Question: Clinicians in our practice often use mobile devices, including tablets an... Read more
What's The Difference Between Remote Disabling & Remote Wiping?
Question: Clinicians in our practice often use mobile devices, including tablets an... Read more
Case Study:
Backup Devices: Learn 3 Crucial Lessons From The Latest Data Breaches
Why encryption is well worth the cost, especially with flash drives. Flash drives, or ... Read more
Backup Devices: Learn 3 Crucial Lessons From The Latest Data Breaches
Why encryption is well worth the cost, especially with flash drives. Flash drives, or ... Read more
Compliance:
Dispel 7 Common HIPAA Compliance Myths
What to do when clergy members want to visit hospital patients. With all the minutiae ... Read more
Dispel 7 Common HIPAA Compliance Myths
What to do when clergy members want to visit hospital patients. With all the minutiae ... Read more
Chart:
Employ Effective Risk Management Strategies For Remote Users
How to prevent ePHI exposure when a laptop or other portable device is lost or stolen. ... Read more
Employ Effective Risk Management Strategies For Remote Users
How to prevent ePHI exposure when a laptop or other portable device is lost or stolen. ... Read more
Enforcement News:
Step-By-Step Guidance Helps You To Make Mobile Devices More Secure
Plus: FDA warns of infusion system at risk for cybersecurity issues. You’ll soon... Read more
Step-By-Step Guidance Helps You To Make Mobile Devices More Secure
Plus: FDA warns of infusion system at risk for cybersecurity issues. You’ll soon... Read more
Reader Question:
Breach Affecting Single Person: Do You Still Officially Report It?
Question: If the person affected by a breach knows about it already, do we still ha... Read more
Breach Affecting Single Person: Do You Still Officially Report It?
Question: If the person affected by a breach knows about it already, do we still ha... Read more
Reader Question:
How Long Must You Retain Electronic Medical Records?
Question: Does the HIPAA Privacy Rule specify a certain amount of time that our med... Read more
How Long Must You Retain Electronic Medical Records?
Question: Does the HIPAA Privacy Rule specify a certain amount of time that our med... Read more
Reader Question:
What Format Must You Use For Breach Documentation?
Question: For documentation regarding a breach, do we need to have hard copies (pap... Read more
What Format Must You Use For Breach Documentation?
Question: For documentation regarding a breach, do we need to have hard copies (pap... Read more
Case Study:
Implementing New Technology? Perform A Risk Analysis Or Pay The Price
Don’t let portable devices go without proper encryption and proper security precau... Read more
Implementing New Technology? Perform A Risk Analysis Or Pay The Price
Don’t let portable devices go without proper encryption and proper security precau... Read more
Policies & Procedures:
Smarten Up Your Data Retention Policy -- Pronto
Beware: Old data left on your network server will only worsen breach fallout. Did you ... Read more
Smarten Up Your Data Retention Policy -- Pronto
Beware: Old data left on your network server will only worsen breach fallout. Did you ... Read more
Toolkit:
Self-Assessment: Do You Have Adequate EHR Contingency Planning?
Keep your contingency planning current to comply with Meaningful Use and HIPAA. Safety... Read more
Self-Assessment: Do You Have Adequate EHR Contingency Planning?
Keep your contingency planning current to comply with Meaningful Use and HIPAA. Safety... Read more
Enforcement News:
How PHI Disclosure By Employees Earned HIPAA Whistleblower Exception
Plus: Illinois courts want to see real injury when considering breach lawsuits. One of... Read more
How PHI Disclosure By Employees Earned HIPAA Whistleblower Exception
Plus: Illinois courts want to see real injury when considering breach lawsuits. One of... Read more
Reader Questions:
How Can You Find Out If Your Practice Management Software Is Encrypted?
Question: How can I find out whether our practice management software is encrypted?... Read more
How Can You Find Out If Your Practice Management Software Is Encrypted?
Question: How can I find out whether our practice management software is encrypted?... Read more
Reader Questions:
What Can You Do To Avoid 'Unintended Consequence' Of EHR Use?
Question: What should our practice do (that’s feasible) to prevent unintended... Read more
What Can You Do To Avoid 'Unintended Consequence' Of EHR Use?
Question: What should our practice do (that’s feasible) to prevent unintended... Read more
Audits:
What To Expect From The New OIG Security Audits
BAs are off the hook for ePHI security reviews — for now. If you’re partic... Read more
What To Expect From The New OIG Security Audits
BAs are off the hook for ePHI security reviews — for now. If you’re partic... Read more
Security Rule:
Debunk 10 Myths About HIPAA Security Compliance
Why cybersecurity doesn’t trump physical security. Misinformation and myths abou... Read more
Debunk 10 Myths About HIPAA Security Compliance
Why cybersecurity doesn’t trump physical security. Misinformation and myths abou... Read more
Toolkit:
Questionnaire: Assess Your Practice,s EHR & Health IT Risks
Questions focus on three major risk areas: confidentiality, integrity, and availability.... Read more
Questionnaire: Assess Your Practice,s EHR & Health IT Risks
Questions focus on three major risk areas: confidentiality, integrity, and availability.... Read more
Enforcement News:
Beware: Data Theft Still Topping Large-Scale Breach Incidents
Plus: Don’t let employees go on shopping sprees on your patients’ dime. Ju... Read more
Beware: Data Theft Still Topping Large-Scale Breach Incidents
Plus: Don’t let employees go on shopping sprees on your patients’ dime. Ju... Read more
Reader Questions:
Is Your Vendor A Business Associate Under HIPAA?
Question: Our practice is contracting with a new vendor. I sent the vendor a busine... Read more
Is Your Vendor A Business Associate Under HIPAA?
Question: Our practice is contracting with a new vendor. I sent the vendor a busine... Read more
Reader Questions:
Do You Need To Post Your NPP On Your Facebook Page?
Question: We’ve just launched a Facebook page for our medical office. Do we n... Read more
Do You Need To Post Your NPP On Your Facebook Page?
Question: We’ve just launched a Facebook page for our medical office. Do we n... Read more
Reader Questions:
Is This A Breach If PHI Doesn't Leave The Facility?
Question: An employee at our hospital accessed records for which he had no legitima... Read more
Is This A Breach If PHI Doesn't Leave The Facility?
Question: An employee at our hospital accessed records for which he had no legitima... Read more
Case Study:
Keep Your Eye On 'Look-Alike' Domain Names To Prevent Cyberattacks
How latest HIPAA breach could involve hackers in China. Health insurance companies see... Read more
Keep Your Eye On 'Look-Alike' Domain Names To Prevent Cyberattacks
How latest HIPAA breach could involve hackers in China. Health insurance companies see... Read more
Privacy Rule:
Dispel 4 Common PHI Disclosure-Related Myths
HIPAA Privacy Rule does not trump state law-required reporting. With all of the breach... Read more
Dispel 4 Common PHI Disclosure-Related Myths
HIPAA Privacy Rule does not trump state law-required reporting. With all of the breach... Read more
Toolkit:
Table: Understand Other Privacy/Security Laws & Requirements
ONC offers new guide to electronic health information for small providers. Mista... Read more
Table: Understand Other Privacy/Security Laws & Requirements
ONC offers new guide to electronic health information for small providers. Mista... Read more
Enforcement News:
Does Your Employee Confidentiality Policy Violate The NLRA?
Plus: Healthcare breaches due to criminal attacks are on the rise. Even if your employ... Read more
Does Your Employee Confidentiality Policy Violate The NLRA?
Plus: Healthcare breaches due to criminal attacks are on the rise. Even if your employ... Read more
Reader Questions:
Should You Reply In The Same Way When Contacted Via Social Media?
Question: What if someone contacts our practice through social media and asks... Read more
Should You Reply In The Same Way When Contacted Via Social Media?
Question: What if someone contacts our practice through social media and asks... Read more
Reader Questions:
When Does HIPAA Permit Incidental Disclosure?
Question: When does the HIPAA Privacy Rule allow an incidental healthcare disclosu... Read more
When Does HIPAA Permit Incidental Disclosure?
Question: When does the HIPAA Privacy Rule allow an incidental healthcare disclosu... Read more
Case Study:
Get Ready For A 'Flood' Of Settlement Agreements From HIPAA Violations
Beware: Paper medical records are a hot commodity on the black market. If you have any... Read more
Get Ready For A 'Flood' Of Settlement Agreements From HIPAA Violations
Beware: Paper medical records are a hot commodity on the black market. If you have any... Read more
EHRs:
Need To Know: Ask 7 Questions Of Your EHR Developer
Understand the ins and outs of how your backup and recovery system works. Your electro... Read more
Need To Know: Ask 7 Questions Of Your EHR Developer
Understand the ins and outs of how your backup and recovery system works. Your electro... Read more
Toolkit:
Mitigate Your Security Risks With Different Types Of EHR Hosts
Cloud-based EHRs make you more dependent on your Internet connection. Do you know the ... Read more
Mitigate Your Security Risks With Different Types Of EHR Hosts
Cloud-based EHRs make you more dependent on your Internet connection. Do you know the ... Read more
Enforcement News:
When Medicare Will Remove Your Patients' SSNs From ID Cards
Plus: Find out how CMS plans to ease your MU reporting duties. Your patients will soon... Read more
When Medicare Will Remove Your Patients' SSNs From ID Cards
Plus: Find out how CMS plans to ease your MU reporting duties. Your patients will soon... Read more
Reader Questions:
Is Patient Consent Necessary For Secure Communications?
Question: Is patient consent required under HIPAA to allow secure encrypted communi... Read more
Is Patient Consent Necessary For Secure Communications?
Question: Is patient consent required under HIPAA to allow secure encrypted communi... Read more
Reader Questions:
Can You Rely On '100% HIPAA Compliant' Products?
Question: Our office has purchased encryption software that claims to be “100... Read more
Can You Rely On '100% HIPAA Compliant' Products?
Question: Our office has purchased encryption software that claims to be “100... Read more
Reader Question:
When Must You Send Out Updated NPPs?
Question: Our office is updating our Notice of Privacy Practices (NPP) to include t... Read more
When Must You Send Out Updated NPPs?
Question: Our office is updating our Notice of Privacy Practices (NPP) to include t... Read more
Case Study:
Beware: HIPAA Compliance Won't Always Ensure Protection From Breaches
Take 5 steps to go beyond Security Rule standards to protect your data. The most recen... Read more
Beware: HIPAA Compliance Won't Always Ensure Protection From Breaches
Take 5 steps to go beyond Security Rule standards to protect your data. The most recen... Read more
HIPAA Lawsuits:
4 Ways Plaintiffs Get Around No-Private-Right-Of-Action Rule
How breach of contract claim may directly impact your NPP. Sure, the federal HIPAA reg... Read more
4 Ways Plaintiffs Get Around No-Private-Right-Of-Action Rule
How breach of contract claim may directly impact your NPP. Sure, the federal HIPAA reg... Read more
Security Rule:
Take 5 Steps To Manage Mobile Device Use In Your Organization
Weigh the risks versus the benefits before using mobile devices. As more and more heal... Read more
Take 5 Steps To Manage Mobile Device Use In Your Organization
Weigh the risks versus the benefits before using mobile devices. As more and more heal... Read more
Enforcement News:
Heads Up: Another Court Shoots Down Lawsuit Based On 'Actual Harm'
Plus: OCR’s ‘Wall of Shame’ gets a makeover and new web address. The... Read more
Heads Up: Another Court Shoots Down Lawsuit Based On 'Actual Harm'
Plus: OCR’s ‘Wall of Shame’ gets a makeover and new web address. The... Read more
Mobile Device Safeguards:
Quick Tips For Tighter Security
Beware of file-sharing apps and public Wi-Fi connections. Mobile devices are certainly... Read more
Quick Tips For Tighter Security
Beware of file-sharing apps and public Wi-Fi connections. Mobile devices are certainly... Read more
Reader Questions:
Does Bluetooth Endanger HIPAA Security On Mobile Devices?
Question: Our clinicians use smartphones and tablets. Some of these devices have Bluetoo... Read more
Does Bluetooth Endanger HIPAA Security On Mobile Devices?
Question: Our clinicians use smartphones and tablets. Some of these devices have Bluetoo... Read more
Reader Question:
What's The Difference Between 'Patches' & 'Updates?'
Question: Are “patches” and “updates” the same thing? If no... Read more
What's The Difference Between 'Patches' & 'Updates?'
Question: Are “patches” and “updates” the same thing? If no... Read more
Case Study:
How 'Phishing' Netted A Monster Of A HIPAA Breach
What Anthem did right, and how you can do it too. Cyber hackers have really outdone th... Read more
How 'Phishing' Netted A Monster Of A HIPAA Breach
What Anthem did right, and how you can do it too. Cyber hackers have really outdone th... Read more
Take A Peek Inside Health Insurers' Cyber Security Practices
Despite lackluster efforts in key security areas, insurers’ confidence is strong. ... Read more
Despite lackluster efforts in key security areas, insurers’ confidence is strong. ... Read more
Audits:
OCR Audits Delayed -- But Don't Let Your Guard Down
Brace yourself for more comprehensive audits instead of desk reviews. The HHS Office f... Read more
OCR Audits Delayed -- But Don't Let Your Guard Down
Brace yourself for more comprehensive audits instead of desk reviews. The HHS Office f... Read more
Toolkit:
Kick Off Your Cybersecurity Action Plan With This Checklist
Remember to plan for the unexpected using good backup practices. With so many large, h... Read more
Kick Off Your Cybersecurity Action Plan With This Checklist
Remember to plan for the unexpected using good backup practices. With so many large, h... Read more
Enforcement News:
Check Out OCR's New Online Breach Notification Form
Plus: Medical identity theft costs your patients not just money, but their health, too. ... Read more
Check Out OCR's New Online Breach Notification Form
Plus: Medical identity theft costs your patients not just money, but their health, too. ... Read more
HIPAA Compliance:
HIPAA In 2015: Prepare Yourself For 5 Big Trends
Prediction: State law claims will continue to facilitate breach lawsuits. What does... Read more
HIPAA In 2015: Prepare Yourself For 5 Big Trends
Prediction: State law claims will continue to facilitate breach lawsuits. What does... Read more
Meaningful Use:
Good News: CMS Feels Your MU Pain
But don’t expect to escape payment penalties if you’re noncompliant. The C... Read more
Good News: CMS Feels Your MU Pain
But don’t expect to escape payment penalties if you’re noncompliant. The C... Read more
Case Study:
How To Handle Employee 'Snooping' HIPAA Breaches
Follow these tips to protect yourself when terminating peeping employees. You know wha... Read more
How To Handle Employee 'Snooping' HIPAA Breaches
Follow these tips to protect yourself when terminating peeping employees. You know wha... Read more
Enforcement News:
Warning: Laptops Used In The Field Are At High Risk
Plus: You’ll pay big for improperly dumping patient files. Just because a laptop... Read more
Warning: Laptops Used In The Field Are At High Risk
Plus: You’ll pay big for improperly dumping patient files. Just because a laptop... Read more
Reader Question:
Is A Complete Security Risk Analysis Optional For Small Providers?
Question: As a very small healthcare provider, do we really need to conduct an in-depth ... Read more
Is A Complete Security Risk Analysis Optional For Small Providers?
Question: As a very small healthcare provider, do we really need to conduct an in-depth ... Read more
Reader Question:
Do We Really Need Both Anti-Virus And Anti-Malware Software?
Question: Does our practice need to have both antivirus and anti-malware software? What&... Read more
Do We Really Need Both Anti-Virus And Anti-Malware Software?
Question: Does our practice need to have both antivirus and anti-malware software? What&... Read more
Reader Question:
How Can You Know Whether mHealth App Is HIPAA Compliant?
Question: Our practice would like to start using a mobile health app to engage our patie... Read more
How Can You Know Whether mHealth App Is HIPAA Compliant?
Question: Our practice would like to start using a mobile health app to engage our patie... Read more
Case Study:
Watch Out: Data Breach Litigation Is Getting More Creative
Missouri court doesn’t care about proving actual damages suffered. Attorneys fil... Read more
Watch Out: Data Breach Litigation Is Getting More Creative
Missouri court doesn’t care about proving actual damages suffered. Attorneys fil... Read more
HIPAA Compliance:
Weigh The Pros & Cons Of Communicating With Patients Via Texting
Check out these ‘HIPAA compatible’ text messaging Apps. Text messaging is ... Read more
Weigh The Pros & Cons Of Communicating With Patients Via Texting
Check out these ‘HIPAA compatible’ text messaging Apps. Text messaging is ... Read more
Try A Secure Texting Solution:
15 Available Apps
Some texting Apps even provide a signed BAA for your convenience. If you decide to com... Read more
15 Available Apps
Some texting Apps even provide a signed BAA for your convenience. If you decide to com... Read more
Enforcement News:
No 'Present Injury,' No Grounds For Lawsuit, State Court Says
Plus: Encryption policy does nothing if you don’t actually follow it. If you&rsq... Read more
No 'Present Injury,' No Grounds For Lawsuit, State Court Says
Plus: Encryption policy does nothing if you don’t actually follow it. If you&rsq... Read more
Reader Question:
Is A 'Consent Form' A Good Idea For Email Communications?
Question: Should we develop some sort of consent form for patients to sign if they ... Read more
Is A 'Consent Form' A Good Idea For Email Communications?
Question: Should we develop some sort of consent form for patients to sign if they ... Read more
Reader Question:
What Are Some Tips To Elicit More Support For Risk Management?
Question: How can I get support from management for my risk management program? A... Read more
What Are Some Tips To Elicit More Support For Risk Management?
Question: How can I get support from management for my risk management program? A... Read more