They may have heard of HIPAA, and they may also be aware of some of their rights under HIPAA, but many patients will know: why is HIPAA important to patients? What exactly are their rights, and what does it protect them from? The Health Insurance Portability and Accountability Act was established in 1996 to address … Read more
HIPAA is a federal law that applies in the vast majority of healthcare settings, but what happens if you violate HIPAA? Can you lose your job or be fined? Can you go to jail? Unsurprisingly, there is a range of possible consequences for HIPAA violations, depending on whether you are an employee or a Covered … Read more
Anyone who is familiar with HIPAA will be aware of the Privacy Rule, one of the central Rules that make up the legislation. But what is the HIPAA Privacy Rule? What rights does it confer to patients, and what does it mean for HIPAA Covered Entities and their Business Associates? We will discuss the answers … Read more
Anyone who has heard of HIPAA will probably be aware of the various “HIPAA Rules” that make up the legislation. But what is the HIPAA Security Rule? The Security Standards for the Protection of Electronic Protected Health Information (shortened to the “Security Rule”), which – as its name suggests – lays out what is required … Read more
The Health Insurance Portability and Accountability Act was established in 1996 with a variety of objectives. Though one of its primary goals was to give expand access to health insurance and introduce tax reforms, it has now become synonymous with health data privacy. HIPAA, and the subsequent rules that were added to it over the … Read more
Are HIPAA violations at all avoidable? Is it inevitable that mistakes will be made, and that Covered Entities will end up paying fines for HIPAA violations? In short: how do you avoid HIPAA violations? We will discuss that here. Unfortunately, to some degree, HIPAA violations are hard to avoid. Human nature means that mistakes will … Read more
How long do you have to report a HIPAA violation? If someone uncovers a HIPAA violation, do they have to report it immediately? And who should they report it to? We investigate these questions, and others, in this article. It is imperative that all HIPAA violations are reported within the workplace. The reasoning for this … Read more
No matter who commits them, HIPAA violations are incredibly serious. There are a wide range of consequences for violations, both for the employee that committed the violation and the Covered Entity that they work for. Here, we will discuss what happens when a nurse violates HIPAA. By nature of their job, nurses have regular contact … Read more
The Health Insurance Portability and Accountability Act was passed by Congress in 1996. It is a Federal Law, meaning that it applies to all States. The fact that it is a Federal Law ensures that a minimum standard of privacy and security is applied to all patient data across the country, and there is not … Read more
If a workforce is trained properly in HIPAA compliance, they should be able to identify violations of HIPAA. Additionally, patients who have concerns about HIPAA compliance should be able to file a complaint with the Covered Entity that holds their data. But who should HIPAA complaints be directed to within a Covered Entity? Who is … Read more
HIPAA is known by many, but who is actually covered by HIPAA? Is everyone who has any health-related data required to be HIPAA compliant? How does an organization know if they are a HIPAA-Covered Entity? We will discuss the answers to these questions here. When it was originally enacted in 1996, Health Insurance Portability and … Read more
Who enforces HIPAA depends on which part of HIPAA you are referring to. This is because different agencies enforce different parts of the Health Insurance Portability and Accountability Act, and also because each organization subject to HIPAA should have a Privacy and/or Security Officer responsible for enforcing HIPAA within the organization. HIPAA is a complex … Read more
Ideally, there should be no need to promote HIPAA awareness, as employees would always be aware of HIPAA and acting in a HIPAA-compliant manner. However, in reality, memory fades and people need to be reminded of their obligations under HIPAA. With that in mind, when should you promote HIPAA awareness in a company? Any HIPAA … Read more
Put simply, HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. However, the title of the act does little to explain its purpose. HIPAA essentially established standards for protecting health information and reformed aspects of the health insurance industry to make it fairer for policyholders. The act is often incorrectly referred to … Read more
Explaining what is considered Protected Health Information under HIPAA can be complicated because, although individually identifiable health information is always protected when it is created, received, maintained, or transmitted by a Covered Entity or Business Associate, the information stored with health information can sometimes be considered Protected Health Information under HIPAA – and sometimes not. … Read more
Whether accidental or intentional, what happens if HIPAA is violated? Can employees be fired for violating HIPAA? What penalties are there for covered entities? These will all be explored in more detail below. The consequences for HIPAA violations will usually depend on the severity of the violation, whether it was accidental or intentional, and what … Read more
It may be one of the most popular cloud-based document management services on the market, but is SharePoint HIPAA compliant? Developed by Microsoft, SharePoint is based on their OpenXML document standard and integrates with all products in the Microsoft Office Suite. It can also be used as the foundation for a customer management system (CRM), … Read more
To help alleviate many of the economic problems that accompanied the Great Recession of 2008, the Obama administration introduced the American Recovery and Reinvestment Act (ARRA) in 2009. The Act was an economic stimulus package aimed at creating jobs, reducing poverty, and improving infrastructure. Another large part of ARRA aimed at encouraging advancements in health … Read more
HIPAA is long and complex, with many different stipulations and requirements. Here, we examine just one part of the HIPAA compliance requirements, answering the question: “What is HIPAA authorization?” “Authorization” is required under the HIPAA Privacy Rule if the covered entity (CE) wishes to use or disclose a patient’s protected health information (PHI) in a … Read more
First introduced in 1996 to allow workers to maintain health insurance cover as they moved from one job to another, the Health Insurance Portability and Accountability Act (HIPAA) states that training should be conducted for staff in relation to HIPAA policies and procedures. But what is HIPAA training for? Here we will explore what HIPAA … Read more
HIPAA is a complex piece of legislation covering many aspects of patient privacy, which may leave healthcare workers wondering: what information can be shared without violating HIPAA? To answer this question, we must first discuss what kinds of information are covered by HIPAA. The HIPAA Privacy Rule defines “Protected Health Information” as any patient-related information … Read more
For HIPAA entities it can be tricky to determine how regularly HIPAA training should be conducted as the Privacy Rule states that it need only be a one-off sessions related to policies and procedures for those who handle PHI while the Security Rule states that security and awareness training should be provided regularly for all … Read more
It has been 26 years since it was enacted, but is HIPAA still in effect? Yes, it is, but it is now quite different from its original form. Numerous additions over the decades have strengthened parts of the legislation, ultimately providing greater protections to patients and their data. HIPAA (short for the Health Insurance Portability … Read more
Most HIPAA Entities ensure exactly what they need to provide new members of staff in relation to HIPAA training when they join the organization. The majority of companies will conduct basic HIPAA training sessions to ensure that they are compliant with HIPAA. In some cases they may even skip this training session if the new … Read more
Any health information manager working for a HIPAA entity will be seeking to ensure that they are doing everything possible to prevent a HIPAA breach from occurring. HIPAA training forms a key part of this project but what sort of training is required? Is it sufficient to have staff complete a free HIPAA training course … Read more
When it come to HIPAA training and how often it should be scheduled both the HIPAA Privacy Rule and HIPAA Security Rule have training provisions included in relation to this. Despite this the amount of, and regularity of, HIPAA training required remains slightly is a little vague. The HIPAA Privacy Rule states that “A covered entity … Read more
Hospital must adhere with the HIPAA Privacy, Security, and Breach Notifications Rules and put in place security measure to stop HIPAA breaches. However, even with these measures in place to manage the danger of HIPAA violations, data breaches still happen. In the majority of industry sector, cybercriminals that to blame for most security breaches, but … Read more
The HHS’ Civil Rights Office has publicly acknowledged its 18th HIPAA financial penalty of the year, with the 12th fine under its HIPAA Right of Access enforcement initiative. In 2019, OCR revealed a new drive to ensure individuals are allowed timely access to their health records, at a reasonable cost, as mandated by the HIPAA … Read more
At the time that the HITECH ACT was passed, 2009, it was referred to as “the most important piece of healthcare legislation to be passed in the last 20 to 30 years.” Along with an program that sought to create a digital version of all US citizen’s health information inside of five years, it created … Read more
What are the civil penalties for knowingly breaching HIPAA laws? What is the highest possible financial penalty for a HIPAA violation and when are fines applied? In this post we address these questions and explain about the penalties for violating HIPAA legislation. The Health Insurance Portability and Accountability Act (HIPAA) is federal legislation the polices … Read more
The HIPAA regulations for SMS do not specifically rule out the implementation of a “Short Message Service” to share Protected Health Information (PHI), but they do stata that specific conditions have to be in place before using SMS to communicate PHI is HIPAA compliant. The majority of SMS messages are not HIPAA compliant. This is … Read more
The Healthcare Insurance Portability and Accountability Act states that a person (or persons) within a Covered Entity or Business Associate must be given the duties of a HIPAA Compliance Officer. This may be a current employee or a new position can be introduced to meet the requirement. It is even possible to outsource the duties … Read more
HIPAA states that covered entities must conduct training for staff to ensure HIPAA Rules and regulations are fully comprehended. As part of this HIPAA training, healthcare staff must learn the possible penalties for HIPAA breaches. If you break HIPAA Rules fours things may happen. Firstly, the violation could be managed internally by an employer. Secondly, … Read more
A HIPAA business associate agreement (BAA) is contract between a HIPAA-covered entity and a vendor that is providing a service to that covered entity. They are very common in the healthcare sector yet, despite this, there are often mistakes made by HIPAA-covered entities when they are completing a BAA. A signed HIPAA business associate agreement … Read more
Breaches of HIPAA often occur due to a lack of comprehension of HIPAA requirements, particularly in relation to healthcare workers breaching the data privacy legislation. No matter how serious the nature of the HIPAA breach is perceived, they can still result in a major amount of damage to the patient(s) and employers – even ended … Read more
If your organization is required to comply with the HIPAA Privacy Rule, a valid HIPAA release form must be obtained from an individual before their protected health information can be used or disclosed for a purpose not permitted by the Privacy Rule. The HIPAA Privacy Rule (45 CFR §164.500-534) became effective on April 14, 2001. … Read more
“HIPAA Certification” is not an officially-recognized qualification to indicate that a Covered Entity or Business Associate is HIPAA compliant. It is just a certificate indicating a person or group has undergone some level of training towards HIPAA compliance. The Department of Health and Human Services has released a statement on its website to the effect … Read more
On August 21, 1996 then US President Bill Clinton added his signature to the Health Insurance Portability and Accountability Act and HIPAA was passed into legislature. At first it envisaged that HIPAA would enhance the portability and continuity of health insurance coverage, especially for employees that were moving from job to job. In addition to … Read more
The best practices for cyber threat information sharing has been published by the Healthcare and Public Health Sector Coordinating Council (HSCC). This new information is aimed at allowing healthcare organizations develop, implement, and maintain a successful cyber threat information sharing program to minimize cyber risk. The new document adds to earlier published guidance – the Health Industry … Read more
The HHS has put together a Request for Information (RFI) to identify how HIPAA Rules are hindering patient information sharing and creating boundaries for healthcare providers to provide patient treatment. HHS is seeking comments from the public and healthcare sector stakeholders on any provisions of HIPAA Rules which are discouraging or restricting coordinated care and … Read more
The evolution of technology has made it easier and easier for professionals within the healthcare sector. However, in tandem with this growth so has grown the importance to ensure the private health information (PHI) the is being sent is 100% secure and is being handled in a manner that is compliant with HIPAA legislation. The … Read more
A limited data set under HIPAA is a group of identifiable healthcare data that the HIPAA Privacy Rule permits covered groups to share with certain entities for research aims, public health activities, and healthcare operations without earlier obtaining authorization from patients, if certain conditions are adhered to. Different to, to de-identified protected health information, which … Read more
The term “HIPAA Covered Entity” was not actually included in the initial Healthcare Insurance Portability and Accountability Act when it was originally formulated in August 1996. The term first came to light during the HHR´s proposed HIPAA Privacy Rule when the Rule was made available for public comments in November 1999 and subsequently published after … Read more
Asking the question “Does HIPAA Apply to Employers” leads to a number of different answers as a result of the complicated nature of the HIPAA Privacy Rule. The HIPAA Privacy Rule is one of the most complex legislative acts impacting the healthcare sector. As the objectives to standardize how individually identifiable personal information is protected … Read more
The HITECH Act – or Health Information Technology for Economic and Clinical Health Act – makes up part of an economic stimulus package that was established during the Obama administration: known as the American Recovery and Reinvestment Act of 2009 (ARRA). Before the HITECH Act was passed in 2008, only 10% of hospitals had implemented … Read more
The way to get compliant Gmail for HIPAA is to subscribe to an appropriate Google Workspace account, agree to the terms of the Business Associate Addendum, and apply the controls recommended by Google’s HIPAA Implementation Guide. Once you have got compliant Gmail for HIPAA, it is then important Gmail is used in compliance with HIPPA. … Read more
HIPAA carries a big impact for healthcare providers, health plans, healthcare clearinghouses, and business associates of those HIPAA-governed bodies entities but how does HIPAA impact schools and educational institutions? Previously we looked into how HIPAA applies to schools and how the Health Insurance Portability and Accountability Act intersects with the Family Educational Rights and Privacy … Read more
Within the healthcare sector there has been a massive shift in the last 10-15 years towards sharing Private health Information digitally to many different clients and business partners. With the proliferation of digital Cloud storage lets there is an opportunity for HIPAA-governed bodies to move huge quantities of data and file to cloud storage. This … Read more
If HIPAA rules are breached on purpose or by accident the financial implications can be massive. Even if a breach is discovered but you do not adhere to the HIPAA notification rule you could still be subjects to sanctions. There are other associated, and immeasurable, costs linked to HIPAA violations. Chief among these is the … Read more
Facebook may be considered a useful platform for connected people and corresponding. However, could it be used by healthcare organizations as the messaging service for sending protected health information (PHI) without breaching HIPAA legislation? A range of chat platforms are already employed by medical workers for communication, however is it proper to use these platforms … Read more
A HIPAA breach refers to the capture, viewing, use or sharing of Private Health Information in a manner not adhering with the HIPAA ACT , which impacts the security or privacy of the PHI. This is a very wide definition that might make you think that a glance at data could lead to a penalty … Read more
In most instances, emergency notification systems for business would not be implemented in order to share Protected Health Information (PHI); but if there was an event that required the sending of PHI, are emergency notification systems for business HIPAA-compliant? Emergency notification systems for business are software platforms most often deployed for warning personnel to any … Read more