Why is HIPAA important to patients?

They may have heard of HIPAA, and they may also be aware of some of their rights under HIPAA, but many patients will know: why is HIPAA important to patients? What exactly are their rights, and what does it protect them from?  The Health Insurance Portability and Accountability Act was established in 1996 to address … Read more

 What happens if you violate HIPAA?

HIPAA is a federal law that applies in the vast majority of healthcare settings, but what happens if you violate HIPAA? Can you lose your job or be fined? Can you go to jail? Unsurprisingly, there is a range of possible consequences for HIPAA violations, depending on whether you are an employee or a Covered … Read more

What is the HIPAA Privacy Rule?

Anyone who is familiar with HIPAA will be aware of the Privacy Rule, one of the central Rules that make up the legislation. But what is the HIPAA Privacy Rule? What rights does it confer to patients, and what does it mean for HIPAA Covered Entities and their Business Associates? We will discuss the answers … Read more

What is the HIPAA Security Rule?

Anyone who has heard of HIPAA will probably be aware of the various “HIPAA Rules” that make up the legislation. But what is the HIPAA Security Rule? The Security Standards for the Protection of Electronic Protected Health Information (shortened to the “Security Rule”), which – as its name suggests – lays out what is required … Read more

What is a Covered Entity under HIPAA?

The Health Insurance Portability and Accountability Act was established in 1996 with a variety of objectives. Though one of its primary goals was to give expand access to health insurance and introduce tax reforms, it has now become synonymous with health data privacy. HIPAA, and the subsequent rules that were added to it over the … Read more

 How do you avoid HIPAA violations?

Are HIPAA violations at all avoidable? Is it inevitable that mistakes will be made, and that Covered Entities will end up paying fines for HIPAA violations? In short: how do you avoid HIPAA violations? We will discuss that here.  Unfortunately, to some degree, HIPAA violations are hard to avoid. Human nature means that mistakes will … Read more

What happens if a nurse violates HIPAA?

No matter who commits them, HIPAA violations are incredibly serious. There are a wide range of consequences for violations, both for the employee that committed the violation and the Covered Entity that they work for. Here, we will discuss what happens when a nurse violates HIPAA.  By nature of their job, nurses have regular contact … Read more

Is HIPAA a Federal Law?

The Health Insurance Portability and Accountability Act was passed by Congress in 1996. It is a Federal Law, meaning that it applies to all States. The fact that it is a Federal Law ensures that a minimum standard of privacy and security is applied to all patient data across the country, and there is not … Read more

Who Should HIPAA Complaints be Directed to within the Covered Entity?

If a workforce is trained properly in HIPAA compliance, they should be able to identify violations of HIPAA. Additionally, patients who have concerns about HIPAA compliance should be able to file a complaint with the Covered Entity that holds their data. But who should HIPAA complaints be directed to within a Covered Entity? Who is … Read more

Who is covered by HIPAA?

HIPAA is known by many, but who is actually covered by HIPAA? Is everyone who has any health-related data required to be HIPAA compliant? How does an organization know if they are a HIPAA-Covered Entity? We will discuss the answers to these questions here.  When it was originally enacted in 1996, Health Insurance Portability and … Read more

Who enforces HIPAA?

Who enforces HIPAA depends on which part of HIPAA you are referring to. This is because different agencies enforce different parts of the Health Insurance Portability and Accountability Act, and also because each organization subject to HIPAA should have a Privacy and/or Security Officer responsible for enforcing HIPAA within the organization. HIPAA is a complex … Read more

When should you promote HIPAA Awareness?

Ideally, there should be no need to promote HIPAA awareness, as employees would always be aware of HIPAA and acting in a HIPAA-compliant manner. However, in reality, memory fades and people need to be reminded of their obligations under HIPAA. With that in mind, when should you promote HIPAA awareness in a company?  Any HIPAA … Read more

What does HIPAA stand for?

Put simply, HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. However, the title of the act does little to explain its purpose. HIPAA essentially established standards for protecting health information and reformed aspects of the health insurance industry to make it fairer for policyholders. The act is often incorrectly referred to … Read more

What is Considered Protected Health Information under HIPAA?

Explaining what is considered Protected Health Information under HIPAA can be complicated because, although individually identifiable health information is always protected when it is created, received, maintained, or transmitted by a Covered Entity or Business Associate, the information stored with health information can sometimes be considered Protected Health Information under HIPAA – and sometimes not. … Read more

What happens if HIPAA is violated?

Whether accidental or intentional, what happens if HIPAA is violated? Can employees be fired for violating HIPAA? What penalties are there for covered entities? These will all be explored in more detail below.  The consequences for HIPAA violations will usually depend on the severity of the violation, whether it was accidental or intentional, and what … Read more

Is SharePoint HIPAA compliant?

It may be one of the most popular cloud-based document management services on the market, but is SharePoint HIPAA compliant?  Developed by Microsoft, SharePoint is based on their OpenXML document standard and integrates with all products in the Microsoft Office Suite. It can also be used as the foundation for a customer management system (CRM), … Read more

What is HITECH in healthcare?

To help alleviate many of the economic problems that accompanied the Great Recession of 2008, the Obama administration introduced the American Recovery and Reinvestment Act (ARRA) in 2009. The Act was an economic stimulus package aimed at creating jobs, reducing poverty, and improving infrastructure.  Another large part of ARRA aimed at encouraging advancements in health … Read more

What is HIPAA Authorization?

HIPAA is long and complex, with many different stipulations and requirements. Here, we examine just one part of the HIPAA compliance requirements, answering the question: “What is HIPAA authorization?” “Authorization” is required under the HIPAA Privacy Rule if the covered entity (CE) wishes to use or disclose a patient’s protected health information (PHI) in a … Read more

What does HIPAA Training do?

First introduced in 1996 to allow workers to maintain health insurance cover as they moved from one job to another, the Health Insurance Portability and Accountability Act (HIPAA) states that training should be conducted for staff in relation to HIPAA policies and procedures. But what is HIPAA training for? Here we will explore what HIPAA … Read more

What information can be shared without violating HIPAA?

HIPAA is a complex piece of legislation covering many aspects of patient privacy, which may leave healthcare workers wondering: what information can be shared without violating HIPAA?  To answer this question, we must first discuss what kinds of information are covered by HIPAA. The HIPAA Privacy Rule defines “Protected Health Information” as any patient-related information … Read more

Is HIPAA still in effect?

It has been 26 years since it was enacted, but is HIPAA still in effect? Yes, it is, but it is now quite different from its original form. Numerous additions over the decades have strengthened parts of the legislation, ultimately providing greater protections to patients and their data.  HIPAA (short for the Health Insurance Portability … Read more

Do New Staff Members Need HIPAA Training if they have Completed a Course Previously?

Most HIPAA Entities ensure exactly what they need to provide new members of staff in relation to HIPAA training when they join the organization. The majority of companies will conduct basic HIPAA training sessions to ensure that they are compliant with HIPAA. In some cases they may even skip this training session if the new … Read more

Do I need HIPAA Certification?

Any health information manager working for a HIPAA entity will be seeking to ensure that they are doing everything possible to prevent a HIPAA breach from occurring. HIPAA training forms a key part of this project but what sort of training is required? Is it sufficient to have staff complete a free HIPAA training course … Read more

How can Hospital Workers Help Prevent HIPAA Violations?

Hospital must adhere with the HIPAA Privacy, Security, and Breach Notifications Rules and put in place security measure to stop HIPAA breaches. However, even with these measures in place to manage the danger of HIPAA violations, data breaches still happen. In the majority of industry sector, cybercriminals that to blame for most security breaches, but … Read more

University of Cincinnati Medical Center Fined $65,000 for HIPAA Right of Access Failure

The HHS’ Civil Rights Office has publicly acknowledged its 18th HIPAA financial penalty of the year, with the 12th fine under its HIPAA Right of Access enforcement initiative. In 2019, OCR revealed a new drive to ensure individuals are allowed timely access to their health records, at a reasonable cost, as mandated by the HIPAA … Read more

What are HIPAA Civil Penalties?

What are the civil penalties for knowingly breaching HIPAA laws? What is the highest possible financial penalty for a HIPAA violation and when are fines applied? In this post we address these questions and explain about the penalties for violating HIPAA legislation. The Health Insurance Portability and Accountability Act (HIPAA) is federal legislation the polices … Read more

What are HIPAA Regulations for SMS?

The HIPAA regulations for SMS do not specifically rule out the implementation of a “Short Message Service” to share Protected Health Information (PHI), but they do stata that specific conditions have to be in place before using SMS to communicate PHI is HIPAA compliant. The majority of SMS messages are not HIPAA compliant. This is … Read more

What Are HIPAA Compliance Officer Duties?

The Healthcare Insurance Portability and Accountability Act states that a person (or persons) within a Covered Entity or Business Associate must be given the duties of a HIPAA Compliance Officer. This may be a current employee or a new position can be introduced to meet the requirement. It is even possible to outsource the duties … Read more

What are the Penalties for Breaking HIPAA Rules?

HIPAA states that covered entities must conduct training for staff to ensure HIPAA Rules and regulations are fully comprehended. As part of this HIPAA training, healthcare staff must learn the possible penalties for HIPAA breaches. If you break HIPAA Rules fours things may happen. Firstly, the violation could be managed internally by an employer. Secondly, … Read more

What are Common HIPAA Business Associate Agreement Failures?

A HIPAA business associate agreement (BAA) is contract between a HIPAA-covered entity and a vendor that is providing a service to that covered entity. They are very common in the healthcare sector yet, despite this, there are often mistakes made by HIPAA-covered entities when they are completing a BAA. A signed HIPAA business associate agreement … Read more

What are the Most Commonly Witnessed HIPAA Breaches by Healthcare Workers?

Breaches of HIPAA often occur due to a lack of comprehension of HIPAA requirements, particularly in relation to healthcare workers breaching the data privacy legislation. No matter how serious the nature of the HIPAA breach is perceived, they can still result in a major amount of damage to the patient(s) and employers – even ended … Read more

What is a HIPAA Release Form?

If your organization is required to comply with the HIPAA Privacy Rule, a valid HIPAA release form must be obtained from an individual before their protected health information can be used or disclosed for a purpose not permitted by the Privacy Rule. The HIPAA Privacy Rule (45 CFR §164.500-534) became effective on April 14, 2001. … Read more

What is HIPAA Certification?

“HIPAA Certification” is not an officially-recognized qualification to indicate that a Covered Entity or Business Associate is HIPAA compliant. It is just a certificate indicating a person or group has undergone some level of training towards HIPAA compliance. The Department of Health and Human Services has released a statement on its website to the effect … Read more

When Was HIPAA Passed?

On August 21, 1996 then US President Bill Clinton added his signature to the Health Insurance Portability and Accountability Act and HIPAA was passed into legislature. At first it envisaged that HIPAA would enhance the portability and continuity of health insurance coverage, especially for employees that were moving from job to job. In addition to … Read more

What are Cyber Threat Information Sharing Best Practices?

The best practices for cyber threat information sharing has been published by the Healthcare and Public Health Sector Coordinating Council (HSCC). This new information is aimed at allowing healthcare organizations develop, implement, and maintain a successful cyber threat information sharing program to minimize cyber risk. The new document adds to earlier published guidance – the Health Industry … Read more

Is Information Sharing Hindering by HIPAA Rules?

The HHS has put together a Request for Information (RFI) to identify how HIPAA Rules are hindering patient information sharing and creating boundaries for healthcare providers to provide patient treatment. HHS is seeking comments from the public and healthcare sector stakeholders on any provisions of HIPAA Rules which are discouraging or restricting coordinated care and … Read more

In HIPAA, What is a Limited Data Set Under HIPAA?

A limited data set under HIPAA is a group of identifiable healthcare data that the HIPAA Privacy Rule permits covered groups to share with certain entities for research aims, public health activities, and healthcare operations without earlier obtaining authorization from patients, if certain conditions are adhered to. Different to, to de-identified protected health information, which … Read more

What is defined as a HIPAA-Covered Entity?

The term “HIPAA Covered Entity” was not actually included in the initial Healthcare Insurance Portability and Accountability Act when it was originally formulated in August 1996. The term first came to light during the HHR´s proposed HIPAA Privacy Rule when the Rule was made available for public comments in November 1999 and subsequently published after … Read more

How Does HIPAA Affect Employers?

Asking the question “Does HIPAA Apply to Employers” leads to a number of different answers as a result of the complicated nature of the HIPAA Privacy Rule. The HIPAA Privacy Rule is one of the most complex legislative acts impacting the healthcare sector. As the objectives to standardize how individually identifiable personal information is protected … Read more

Why is the HITECH Act Important?

The HITECH Act – or Health Information Technology for Economic and Clinical Health Act – makes up part of an economic stimulus package that was established during the Obama administration: known as the American Recovery and Reinvestment Act of 2009 (ARRA). Before the HITECH Act was passed in 2008, only 10% of hospitals had implemented … Read more

How does HIPAA Impact Educational Institutions & Schools?

HIPAA carries a big impact for healthcare providers, health plans, healthcare clearinghouses, and business associates of those HIPAA-governed bodies entities but how does HIPAA impact schools and educational institutions? Previously we looked into how HIPAA applies to schools and how the Health Insurance Portability and Accountability Act intersects with the Family Educational Rights and Privacy … Read more

HIPAA Compliant Cloud Storage

Within the healthcare sector there has been a massive shift in the last 10-15 years towards sharing Private health Information digitally to many different clients and business partners. With the proliferation of digital Cloud storage lets there is an opportunity for HIPAA-governed bodies to move huge quantities of data and file to cloud storage. This … Read more

Important HIPAA Compliance Guidelines

If HIPAA rules are breached on purpose or by accident the financial implications can be massive. Even if a breach is discovered but you do not adhere to the HIPAA notification rule you could still be subjects to sanctions. There are other associated, and immeasurable, costs linked to HIPAA violations. Chief among these is the … Read more

Is Facebook Messenger HIPAA compliant?

Facebook may be considered a useful platform for connected people and corresponding. However, could it be used by healthcare organizations as the messaging service for sending protected health information (PHI) without breaching HIPAA legislation? A range of chat platforms are already employed by medical workers for communication, however is it proper to use these platforms … Read more

What is Considered a HIPAA Breach?

A HIPAA breach refers to the capture, viewing, use or sharing of Private Health Information in a manner not adhering with the HIPAA ACT , which impacts the security or privacy of the PHI. This is a very wide definition that might make you think that a glance at data could lead to a penalty … Read more

Are Emergency Notifications Systems for Business HIPAA-Compliant?

In most instances, emergency notification systems for business would not be implemented in order to share Protected Health Information (PHI); but if there was an event that required the sending of PHI, are emergency notification systems for business HIPAA-compliant? Emergency notification systems for business are software platforms most often deployed for warning personnel to any … Read more