James Keogh

Using PHI to confirm a patient ID is not a HIPAA violation if you have authorization to access to the PHI being used, if the confirmation of patient IDs is one of your functions within a covered entity, and if the purpose for using PHI to confirm a patient ID qualifies as a treatment, payment, … Read more

Wufoo is not HIPAA compliant because its parent company, SurveyMonkey, does not sign Business Associate Agreements (BAAs), which are required for HIPAA compliance when handling protected health information (PHI), making it unsuitable for collecting or storing PHI in a HIPAA-regulated context. To make Wufoo or any similar tool HIPAA compliant, several steps would need to … Read more

The 18 PHI identifiers under HIPAA are names, geographic data smaller than a state, dates (except year), phone numbers, fax numbers, email addresses, Social Security numbers, medical record numbers, health plan beneficiary numbers, account numbers, certificate/license numbers, vehicle identifiers, device identifiers, web URLs, IP addresses, biometric identifiers, full-face photos, and unique codes or characteristics. The … Read more

Yes, HIPAA violations can lead to termination if an employee or healthcare professional fails to comply with the privacy and security regulations, depending on the severity of the violation. HIPAA was established to protect the confidentiality and integrity of patients’ health information, and healthcare organizations are legally obligated to ensure compliance with these standards. While … Read more

Yes, group chats can be HIPAA compliant if they use secure, encrypted platforms with access controls, proper authentication, and adherence to HIPAA privacy and security rules. Healthcare organizations and professionals must ensure that any group chat platform they use incorporates appropriate safeguards to protect protected health information (PHI). This involves choosing platforms that provide encryption, … Read more

HIPAA compliance refers to adhering to the requirements of the HIPAA federal law that mandates the protection and confidential handling of protected health information (PHI). This is done by implementing administrative, physical, and technical safeguards, ensuring patient rights, regularly training employees, conducting risk assessments, and responding appropriately to any detected breaches of PHI. Compliance with … Read more

The purpose of the HIPAA Privacy Rules is to protect the confidentiality of patient healthcare and payment data to prevent abuse and fraud. Published by the Department of Health and Human Services as the “Standards for Privacy of Individually Identifiable Health Information”, the HIPAA Privacy Rules stipulate the permissible uses and disclosures of protected health … Read more

The term HIPAA refresher training can mean different things to different people. For some it may mean HIPAA-mandated Privacy Rule training after a material change to policies and procedures, the provision of training to mitigate a threat identified in a risk assessment, or part of a security and awareness training program as required by the … Read more

Accurate HIPAA violation statistics can be difficult to come by due to the way in which HHS´ Office for Civil Rights reports violations. It can also be the case that the cause of a violation is miscategorized by the entity reporting it – who may not be the entity responsible for the violation. As of … Read more

Calling an emergency contact is not a HIPAA violation if the disclosure of information is limited to what is necessary for the situation, such as notifying the contact of a patient’s condition or location in an emergency, and if the information shared aligns with the permissible disclosures allowed under the HIPAA Privacy Rule for protecting … Read more

HIPAA violations by nurses can happen for many different reasons and, although HIPAA violations by nurses are often accidental or a consequence of wanting to “get the job done”, if a nurse violates HIPAA, the violation should be reported to prevent minor violations with minimal consequences deteriorating into a culture of non-compliance. In addition, HIPAA … Read more

HIPAA was enacted by the United States Congress in 1996 and signed into law by President Bill Clinton on August 21, 1996. Anyone who has worked in the healthcare industry will have heard of HIPAA and knows of its importance in safeguarding protected health information (PHI). However, most will not know about the history of HIPAA, … Read more

The HIPAA law we are familiar with today evolved from proposals to reform the way in which the health insurance industry worked. Following on from Acts such as the Employee Retirement Income Security Act (ERISA) in 1974 and the Consolidated Omnibus Reconciliation Act of 1985 (COBRA), the proposals were intended to increase the transferability of … Read more

Not all emails are HIPAA compliant, as compliance depends on implementing necessary safeguards such as encryption, secure access controls, proper transmission protocols, and a Business Associate Agreement (BAA) with any third-party email provider that handles Protected Health Information (PHI), ensuring that the privacy and security requirements of HIPAA are met. Ensuring email communication complies with … Read more

The purpose of HIPAA is sometimes explained as ensuring the privacy and security of individually identifiable health information. However, regulations relating to the privacy and security of individually identifiable health information were not enacted until some years later. So, what was the primary purpose of HIPAA? The Health Insurance Portability and Accountability Act of 1996 … Read more

No, is not inherently HIPAA compliant because it lacks built-in encryption for data transmission, and compliance depends on implementing additional security measures, such as encrypting connections with Secure Sockets Layer (SSL) or Transport Layer Security (TLS) and ensuring that a Business Associate Agreement (BAA) is in place with any email service provider handling Protected Health … Read more

HIPAA-compliant bulk email communication refers to the process of sending mass emails that adhere to the privacy and security requirements of HIPAA, ensuring the protection of Protected Health Information (PHI) through secure encryption, recipient authentication, minimal disclosure, and compliance with applicable privacy rules to avoid unauthorized access or data breaches. The regulations require encryption for … Read more

In its earliest form, HIPAA had three main objectives: In order to achieve these aims, HIPAA required a major reform of the healthcare industry. HIPAA called for the Department of Health and Human Services to develop a set of standards for the healthcare industry to adopt, which are commonly referred to as the HIPAA Rules. … Read more

HIPAA was signed into law by President Bill Clinton on August 21, 1996, but there have been some major updates to the legislation over the past two decades. The HIPAA Privacy Rule was enacted on December 20, 2000, the HIPAA Security Rule was enacted on February 20, 2003, and the HIPAA Omnibus Rule was enacted … Read more

Best practices for HIPAA-compliant email include using encryption, enabling multi-factor authentication, employing a HIPAA-compliant email provider, minimizing the amount of PHI shared, securing email access with strong passwords, training staff on privacy and security, using secure message portals, obtaining patient consent for email communication, avoiding sensitive data in subject lines or email bodies, password-protecting attachments, … Read more

You can get fired for an accidental HIPAA violation depending on the nature of the HIPAA violation, the consequences of the violation, your employer’s workplace sanctions policy, and your previous record of accidental violations. .  Whether accidental or not, HIPAA violations are serious events. PHI often contains very sensitive material, and it it gets into … Read more

Phone calls can be a HIPAA violation if Protected Health Information (PHI) is disclosed for an impermissible purpose, to an unauthorized person, or for a purpose or to a person that the subject of the PHI has requested PHI is not disclosed (for example, to a health plan when treatment has been paid for privately … Read more

To make Gmail HIPAA compliant, you must sign a Business Associate Agreement (BAA) with Google Workspace, configure security settings to ensure encrypted email transmission, restrict access, and implement required administrative, technical, and physical safeguards. Ensuring that Gmail is HIPAA-compliant involves a combination of using Google Workspace with specific configurations and implementing strict safeguards. Below is … Read more

Workplace gossip is a HIPAA violation if it involves telling a story about an individual whose individually identifiable health information or any personal details stored in the same data set as their health information is protected by the HIPAA Privacy Rule. Is workplace gossip a HIPAA violation when it is only natural that colleagues will … Read more

Telling a story about a patient can be a HIPAA violation in a number of circumstances, but generally whether telling a story counts as a HIPAA violation will depend on the nature of the story, who told the story, who the story was about and – crucially – whether the story contained any individually identifiable … Read more

This is a list of the most common HIPAA training questions and the corresponding HIPAA training answers: What is HIPAA? HIPAA stands for the Health Insurance Portability and Accountability Act, a federal law enacted in 1996 to protect the privacy and security of patients’ health information. Who needs HIPAA training? HIPAA training is essential for … Read more

When incorporating HIPAA compliance onto your resume, establish a dedicated section, such as “Certifications” or “Professional Training,” to underscore your expertise. Clearly label it with a precise heading like “HIPAA Compliance Certification” to emphasize your qualification. Provide essential certification details, including course name, institution, and completion date. Briefly outline the core subjects covered—ranging from patient … Read more

Patient rights under HIPAA encompass the right to access and obtain copies of their health information, the right to request corrections to their records, the right to receive privacy notices, the right to control the sharing of their health information, the right to file complaints about privacy violations, the right to know who has accessed … Read more

Under HIPAA regulations, patient confidentiality can be broken only when required by law, such as reporting communicable diseases, child abuse, or threats of harm, or when the patient provides explicit consent for the disclosure. The confidentiality of patient information is important in fostering trust in the healthcare system. Under the Health Insurance Portability and Accountability … Read more

The HIPAA provides advantages such as enhancing patient privacy and data security, fostering interoperability and streamlined healthcare processes, promoting standardized electronic transactions, and facilitating research; however, it also comes with disadvantages including complex compliance requirements, potential administrative burdens, inhibiting certain research activities, and imposing additional costs on healthcare entities. HIPAA’s Privacy Rule establishes strict guidelines … Read more

Although OneDrive can be configured to support HIPAA compliance, there is more to making OneDrive HIPAA compliant than adjusting a few settings and entering into a Business Associate Agreement with Microsoft. Many healthcare organizations subscribe to an Office 365 or Microsoft 365 business plan to access apps and services such as Word, Excel, and PowerPoint. … Read more

HIPAA applies to community outreach initiatives only if they involve the use or disclosure of protected health information (PHI) by covered entities (such as healthcare providers or health plans) or their business associates, requiring compliance with privacy and security rules to safeguard PHI. HIPAA sets legal standards to protect the privacy and security of certain … Read more

Yes, therapy notes must be HIPAA compliant if they contain Protected Health Information (PHI), which includes any information that identifies a patient and relates to their health, treatment, or mental health care, ensuring confidentiality and proper security measures are in place. PHI refers to identifiable information about a person’s health, medical history, or treatment. Since … Read more

Yes, HIPAA applies to dental records because they contain Protected Health Information (PHI), such as patient names, treatment details, and billing information, making dental practices subject to HIPAA’s Privacy, Security, and Breach Notification Rules to ensure the confidentiality, integrity, and availability of such information. Dental practices are considered covered entities under HIPAA, meaning they must … Read more

Many people will be familiar with the concept of Protected Health Information, and know that it must be safeguarded under the Health Insurance Portability and Accountability Act of 1996. But what are examples of Protected Health Information? How is it distinguished from other categories of information?  The Health Insurance Portability and Accountability Act of 1996 … Read more

HIPAA violations are extremely serious in nature, but can you go to jail for a HIPAA violation? Is this a risk for all violations, or is it only certain ones that will result in jail terms?  The answer, perhaps unsurprisingly, is yes you can go to jail for violating HIPAA. However, it is extremely unlikely … Read more

One of the core parts of the Health Insurance Portability and Accountability Act of 1996 is to protect patient privacy. Yet not all data is protected by HIPAA. The Act defines a subset of information – protected health information, or PHI – that it applies to. One of the key features of PHI is that … Read more

Though most HIPAA violations are avoidable, that some violations will occur is inevitable. Even the most diligent worker will occasionally make a mistake and, for example, send an email to the incorrect recipient. Incidental violations may also occur despite an individual’s best efforts. Should these violations occur, investigations will need to take place to determine … Read more

The difference between PHI (Protected Health Information) and ePHI (electronic Protected Health Information) is that PHI refers to any health information that can identify an individual, regardless of format, while ePHI specifically refers to such information that is stored or transmitted electronically. What is PHI (Protected Health Information)? PHI refers to any individually identifiable health … Read more

How you respond to a possible HIPAA violation can depend on the nature of the possible violation, how you become aware of it, and where the event occurs. For example, an alleged disclosure of more than the minimum necessary PHI in a circumstance that is unlikely to result in harm will be responded to differently … Read more

In 2011, the Office for Civil Rights commenced a series of pilot compliance audits to assess how well healthcare providers were implementing HIPAA Privacy and Security Rules. The first found of audits was completed in 2012 and highlighted many companies were failing to comply with even the most basic of HIPAA’s rules. Audited organizations registered … Read more

Due to its technical and often ambiguous language, complying with the HIPAA Security Rule can present some difficulty for dental offices. One easy solution to complying with the HIPAA Security Rule that is being widely adopted in all areas of the healthcare industry the implementation of a system of secure messaging. Secure messaging is conducted … Read more

Why was HIPAA created? HIPAA’s Origins In August 1996, when the Healthcare Insurance Portability and Accountability Act (HIPAA) was signed into law, the first of its kind created. Those who created HIPAA claimed that it was made to “improve the portability and accountability of health insurance coverage” for employees between jobs. Combatting waste, fraud and … Read more

The Health Insurance Portability and Accountability Act was established in 1996 and covers many aspects of patient privacy. To help enforce the Act, the Enforcement Rule of 2006 was added that gave the Office for Civil Rights the ability to prosecute for HIPAA violations. The hope was that by issuing financial – and sometimes criminal … Read more

A large part of data privacy concerns how long data can be stored after use. This is also covered by the HIPAA, which stipulates in its rules how long data can be retained after it has been collected and used. Individual States may have their own rules and legislation regarding this issue, but for the … Read more

The Health Insurance Portability and Accountability Act (1996) covers all areas of patient privacy. Its main purpose is to ensure that all protected health information (PHI) and electronic PHI (ePHI) remains secure and confidential. However, it must not be so restrictive that when healthcare professionals need to share PHI to accomplish a treatment-related task they … Read more

Under the Breach Notification rule, all HIPAA violations must be reported within 60 days of its discovery. However, it can be confusing for CEs and BAs to determine who to report the breach to, and what details the breach notification should contain. Reporting a HIPAA Violation Anyone can report a HIPAA violation to the Department … Read more

HIPAA came into effect in 1996, with the initial goal of easing the transfer of health insurance policies and other health documents between employers. Since then, it has come to cover many aspects of health data, namely concerning Protected Health Information (PHI). Additions and alterations were made to HIPAA legislation came in 2003 via the … Read more

PHI stands for Protected Health Information, which refers to any information in a medical record or designated record set that can be used to identify an individual and that was created, used, or disclosed in the course of providing a healthcare service such as diagnosis or treatment. The question what does PHI stand for is … Read more

First enacted in 2002, the HIPAA Privacy Rule (also known as the “Standards for Privacy of Individually Identifiable Health Information”) regulates who can access patient health data. Such data, termed Protected Health Information (PHI), must only be disclosed to necessary individuals without interrupting its processing. HIPAA applies to any party that is deemed a “covered … Read more

Confusingly, though the encryption of Protected Health Information (PHI) is defined as an “addressable” requirement under HIPAA legislation it is compulsory. The use of the term “addressable” merely means that it is up to covered entities (CEs; those who can access and modify PHI) to decide how best to encrypt the data. The encryption is, … Read more

HIPAA risk assessments, though often tedious, are a critical part of ensuring HIPAA compliance. The Security Rule, created in 2003 to ensure that electronic health data is only accessed by authorized personnel, was the first part of HIPAA that required such risk assessments. Password Requirements The Security Awareness and Training section of the Security Rule … Read more

The answer to the question does using email to send patient names and ePHI violate HIPAA Rules is that it depends on the content of the email, who it is being sent to, and what for; and whether controls are in place to ensure transmission security – when required. Questions such as does using email … Read more

Optimove is not inherently HIPAA compliant as compliance depends on how the platform is configured and used, including the implementation of appropriate safeguards and signing a Business Associate Agreement (BAA) with Optimove to ensure adherence to HIPAA regulations for handling Protected Health Information (PHI). To achieve compliance with the HIPAA when using Optimove, it is … Read more

Calendly is a tool that is popularly used by many businesses for managing meeting and appointment schedules. Can Calendly be used by healthcare organizations? Does it’s use comply with HIPAA? Businesses generally spend considerable time and effort scheduling meetings and appointments and going after employees to confirm appointments. Calendly is created to do away with … Read more

Evernote is a cloud-based application that is handy for taking notes, planning projects, making to do lists, and working together in teams. Nevertheless, can healthcare professionals and doctors use Evernote with ePHI without HIPAA violation? Does Evernote support HIPAA compliance? Evernote is intended to be an accessible database for many digital data, including documents, images, … Read more

Google Keep is a web-based note taking program that makes it possible to create notes and share them through several devices. The platform is famous, but is it HIPAA compliant? Can healthcare organizations use Google Keep in association with ePHI? Google has created numerous products that may be employed in healthcare. Google has been known … Read more

Return Path is an email marketing and optimization system that allows organizations to have autopilot management of their email marketing campaigns and analytics. A lot of organizations use Return Path. Can healthcare organizations do the same? Does Return Path support HIPAA compliance? Sending Emails to Patients and Health Plan Members There are guidelines that healthcare … Read more

An employee who discovers an HIPAA violation committed by the company management or by a co-employee may want to report the incident to the Department of Health and Human Services’ Office for Civil Rights (OCR). An employee can report a HIPAA violation to OCR, but investigation will only proceed if the HIPAA violation report was … Read more

About 750,000 businesses today use Zoom as it is a popular video and web conferencing program. Are healthcare organizations allowed to use Zoom for sharing PHI? Does it support HIPAA compliance? Since Zoom is a video and web conferencing platform that is cloud-based, it makes it possible for people from various locations to join web … Read more

Google Sheets is a service for creating, viewing and sharing spreadsheets provided by Google. Is it all right for HIPAA-covered entities to use Google Sheets in conjunction with identifiable protected health information? Does it constitute violating the HIPAA rules? As per the HIPAA Rules, healthcare organizations need to protect the confidentiality, availability and integrity of … Read more

In relation to the use of new technology, the healthcare industry is quite slow compared to other industries. It is an undeniable fact that the healthcare industry seems to refuse change, even if those changes would be considerably profitable to patients. In this time of advanced technology when tablets, Smartphones and the Internet of Things … Read more

Can Google Docs be considered as HIPAA compliant? Is uploading of files with protected health information (PHI) to Google Docs allowed? This post will evaluate the HIPAA compliance of Google Docs and determine if HIPAA-covered entities or business associates can use it in conjunction with ePHI. Does Google Docs Encrypt Files? To be HIPAA compliant, … Read more

Healthcare organizations often ask about the HIPAA compliance of Google services. One Google product that particularly caused some misunderstandings is Google Hangouts. Can healthcare professionals use Google Hangouts to send and receive protected health information (PHI)? Is it HIPAA Compliant? Google Hangouts is Google’s video chat system that took the place of Huddle or Google+ … Read more

Cloud storage services are a convenient way for people to store and share data. Though people use diverse devices from varied places, they can gain access to the uploaded data files provided that they are hooked up to the internet. Does this technology support HIPAA compliance? Can healthcare organizations utilize iCloud to keep electronic protected … Read more

WebEx is an online video conferencing and collaboration platform that organizations use to facilitate communication among persons and partners from different places so that they are as if meeting all in one place. Can healthcare organizations use WebEx as well? Is it HIPAA compliant? If using resources such as WebEx, healthcare organizations can make connections … Read more

Zoho is a collection of cloud-based tools and applications developed by a Pleasanton, CA-based company since 1996. Zoho products and services include the following: Zoho Mail (email) Zoho CRM (a customer relationship management platform) Zoho Show (presentation program) Zoho Docs (document editor) Zoho Sheet (spreadsheet editor) Zoho Creator ( app builder) Zoho Chat (live chat … Read more

Can healthcare companies use HelloFax for sending documents with protected health information (PHI)? Does this fax service support HIPAA compliance? Regular fax machines are not the same as digital fax services. Healthcare companies have been utilizing this piece of equipment to transfer physical documents including those that contain PHI from one fax machine to another. … Read more

Slack is a useful communication and collaboration tool. But the HIPAA compliance of Slack before using in the healthcare industry must be clarified. . Can Slack be used by healthcare organizations for disclosing protected health information (PHI) without breaking the HIPAA? From the time Slack was introduced, it is not regarded as HIPAA compliant, although … Read more

The HIPAA Risk analysis is an essential part of HIPAA compliance, however plenty of healthcare companies and business associates fail at it. Hence they are prone to paying for pricey data breaches and big financial fines for HIPAA noncompliance. HIPAA Risk Analysis – What is it? As per 45 C.F.R. § 164.308(a)(1)(ii)(A), the HIPAA Security … Read more

In order to comply with the HIPAA password requirements, it is best to understand what they are so you can determine whether they apply to your organization. This is because if an organization uses HIPAA compliant authentication methods other than usernames and passwords to control access to ePHI the HIPAA Password requirements may not apply. … Read more

The Department of Health and Human Services’ Office for Civil Rights released its cybersecurity newsletter for August 2018 and told HIPAA-covered entities to be certain to employ physical, administrative and technical safety measures to keep the privacy, integrity, and accessibility of electronic protected health information (ePHI) protected. A similar care ought to be applied to … Read more

A patient-signed HIPAA release form should be secured before sharing the protected health information (PHI) with other people or providers, except in the event of scheduled disclosures for therapy, payment or healthcare operations allowed by the HIPAA Privacy Rule. Brief summary of the HIPAA Privacy Rule The HIPAA Privacy Rule (45 CFR §164.500-534) was enacted … Read more

Geofencing technology creates an electronic fence surrounding a specific location or area online. Going into that invisible boundary triggers the sending of push notifications to the person’s mobile phone. Retailers began using this geofencing technology some time back. Google is likewise using it to alert users based upon location. A digital marketing firm is helping … Read more

Entities working in the healthcare industry need access to protected health information (PHI), which is why they need to know what the HIPAA law considers as PHI. PHI confidentiality, integrity and availability are safeguarded by the HIPAA Security Rule, while PHI uses and disclosure are limited by the HIPAA Privacy Rule. If an entity violates … Read more

Intercom is a messaging software-as-a-service solution that is popular among businesses that chat with their clients. There is a potential use for this software in the healthcare industry when healthcare providers and patients chat with each other. Does Intercom comply with HIPAA rules when used in connection with electronic protected health information (ePHI)? Before HIPAA … Read more

SendGrid is a service that businesses use for sending email messages. It is a very quick and easy way to communicate marketing messages to clients. Even so, can healthcare organizations use SendGrid without breaking HIPAA rules? Does SendGrid comply with HIPAA requirements? The conduit exception rule does not cover businesses that offer cloud-based email marketing … Read more

The healthcare industry experiences many insider breaches every year which calls on covered entities and business associates to take steps to reduce the occurrence of these incidents. There are four ways of categorizing the different approaches to mitigate insider threats: Educate: It refers to teaching the workforce about the allowable uses and disclosures of PHI, … Read more

Healthcare employees need to be aware of the HIPAA rules and regulations and the possible penalties if they break these rules. This is why covered entities need to conduct HIPAA awareness training for their employees. In case a healthcare employee breaks the HIPAA rules, four outcomes are possible.  The employer may opt to deal with … Read more

Uber Health, which beta launched this March, is a platform that is used for arranging cost effective transportation for patients. About 100 healthcare organizations need to try the platform before it is officially launched. However, there are questions raised on the HIPAA compliance of Uber Health. Uber Health features an online dashboard that healthcare providers … Read more

WordPress is a popular content management system that anyone can use to create websites quickly. Many businesses use WordPress but is it HIPAA compliant so that healthcare organizations can use the platform in connection with protected health information? The HIPAA compliance requirements for websites are actually a little vague. But with respect to the storage … Read more

If you’re thinking of setting up a business in the healthcare industry that will likely have access to protected health information, it’s necessary to know how to be HIPAA compliant. What does it mean to be HIPAA compliant and how do healthcare organizations achieve this status? It’s not easy to become HIPAA compliant because it … Read more

Google Calendar is one of the products and services offered in Google’s G Suite, which was launched in 2006. It is a tool that is used for time management and scheduling of appointments. Will the use of this tool by healthcare organizations, which may require adding protected health information (PHI), be considered a HIPAA rules … Read more

Google Slides is a web-based presentation editor that can be used to create slide shows, project presentations and training material. It can be used for free by any person who doesn’t have a software program with the same functionality like Microsoft PowerPoint. Is it possible for healthcare organizations to use Google Slides in connection with … Read more

Many healthcare organizations today use cloud platforms like Azure and AWS. In fact, the value of the healthcare cloud computing market was determined to be $4.65 billion in 2016 and would likely rise to over $14.76 billion by 2022. According to KeyBlanc, Amazon AWS is the leading cloud platform with a 62% market share, followed … Read more

When covered entities “knowingly” violate HIPAA Rules, what is the financial penalty and when are fines issued? It is important to know the answers to these questions as these relate to the safety and integrity of people’s healthcare information. The Health Insurance Portability and Accountability Act or HIPAA is a federal law that healthcare organization … Read more

Zendesk is a platform offering customer service software and support ticketing system. Over 200,000 companies use Zendesk for handling customer support, managing customer queries and building relationships with clients. Can healthcare organizations in the U.S. also use Zendesk products and services for patient communication and electronic protected health information (ePHI) management? Is Zendesk compliant with … Read more

Office 365 is Microsoft’s set of subscription products that includes the following programs: Word, Excel, OneNote, PowerPoint, Outlook, Access and Publisher.  Can healthcare organizations use Office 365 without violating the HIPAA and HiTECH Act Rules? If HIPAA covered entities purchase Office 365 through the Volume Licensing Programs or the Dynamics CRM Online Portal, Microsoft is … Read more

Vendors who offer their services to healthcare organizations understand the importance of being recognized as HIPAA compliant. Hence, many service providers often ask if it is possible to get a HIPAA certification? Ideally, a HIPAA certification would serve as proof that a third-party vendor understands and follows all aspects of HIPAA rules. If for example … Read more

eFileCabinet is a document management system (DMS) that many businesses have been using for on-site and cloud storage. Is this platform suitable for healthcare organizations to use, too? Is it HIPAA compliant? Document management systems (DMS) help businesses and organizations maintain, manage, and safely store electronic documents in a single location. Systems like this simplify … Read more

Using the cloud as repository of ePHI has certain advantages that prompt many healthcare organizations to transition to the cloud. Here are a number of key benefits of cloud computing: Healthcare organizations can increase data center capacity by linking to a public cloud. This is possible without needing to invest in more hardware. The cloud … Read more

Many healthcare organizations are transitioning to utilizing the cloud for managing patients’ ePHI. But before any HIPAA covered entity does the same thing, it is necessary to understand important matters such as HIPAA compliance and the requirements for cloud computing. In this article, common misconceptions about HIPAA compliance and cloud computing will be discussed to … Read more

Ademero is a document management software (DMS) that businesses use to monitor and manage their documents. The software likewise helps them go paperless and transition to digital. Will using Ademero, however, not violate any HIPAA Rules? The HIPAA Security Rule incorporates required and addressable usage details. These required usage details or implementation specifications, when executed, … Read more

When HIPAA-covered entities along with their business associates stop doing business, the duty to follow HIPAA rules doesn’t stop yet. This simple fact was made very clear by the HHS’ Office for Civil Rights (OCR) when it charged FileFax Inc with penalty amounting to $100,000 for violating HIPAA rule. FileFax is a firm in Northbrook, … Read more

Box is another popular cloud storage and content management service. Anyone can create a Box account and use personally for file-sharing, uploading content and inviting others to view or edit the content. Businesses that want to use Box must sign up for a business, enterprise or elite account. Can healthcare organizations also use Box for … Read more

Before answering the question whether FaceTime is HIPAA compliant, it has to be acknowledged at the outset that no communications platform will be completely HIPAA compliant basically because the law deals with users and not technology. That being said, two things need to be considered to be able to tell if the app adheres to … Read more

According to the Protected Health Information Data Breach Report of Verizon, 58% of healthcare data breaches are caused by insiders. The problem is the difficulty of detecting insider breaches. 75% of insider threats go unnoticed. For instance, a healthcare employee at a Massachussetts hospital was accessing healthcare records without authorization for 14 years. When he … Read more

How many healthcare data breaches occurred in 2017 and how many of those violated HIPAA rules resulted in financial penalties? It’s difficult to get accurate data about HIPAA violations for several reasons. First, many data breaches are not reported. The Department of Health and Human Services’ Office for Civil Rights only publish on its breach … Read more

Can HIPAA-covered entities use G Suite without violating HIPAA Rules? G Suite was developed by Google with privacy and security protection features necessary to safeguard data. It satisfies the required standards of the HIPAA Security Rule. If necessary, Google willingly signs a business associate agreement with a HIPAA-covered entity. Does this mean G Suite is … Read more

Many covered entities get confused on the topic of HIPAA medical records retention and other record retention requirements. But the retention requirements of HIPAA are pretty straightforward and will be clarified in this article. The first thing to know is that there is no HIPAA medical records retention period. The Privacy Rule does not specify … Read more

The Centers for Medicare and Medicaid Services (CMS) sent emails to healthcare providers last November 2017 to explain the prohibited use of text messages in healthcare because of security and patient privacy concerns. SMS messages are not secure and could expose patients’ sensitive data and affect the integrity of medical records. Although there are SMS … Read more

Can healthcare organizations and its employees use Google Voice? Is it HIPAA compliant? Google Voice is a telephony service that provides voicemail and voicemail transcription to text. It can be used for sending text messages for free as well. With its useful features, many healthcare professionals would like to use it not just for work … Read more

Healthcare organizations are not prohibited by HIPAA to use cloud services. Cloud services allow organizations to lower their IT costs. But there are rules to follow before any cloud service can be used to ensure the security and confidentiality of protected health information. One of the cloud service providers out there is Microsoft Azure. So … Read more

Many HIPAA covered entities do not fully understand the HIPAA Conduit Exception Rule. As a result, there are services that are misclassified as conduit when in reality they are business associates. This is a violation of HIPAA rules and attracts financial penalties. The issuance of HIPAA Omnibus Final Rule on January 25, 2014 introduced an … Read more

HIPAA-covered entities are responsible for making sure that the transmission of protected health information by email is secured. The entity may choose any HIPAA compliant email provider as long as appropriate controls guarantee PHI confidentiality, integrity and availability. A HIPAA compliant email provider must offer end-to-end encryption of messages. It doesn’t matter if the software … Read more

The HIPAA Security Rule requires the effective management of information access. Employees who are granted access to protected health information must have proper authorization. But what happens when employees leave their work? The organization needs to make sure that PHI access privileges are terminated immediately. If procedures to terminate access to PHI are not implemented, … Read more

Bill Clinton signed the Health Insurance Portability and Accountability Act or HIPAA on August 21, 1996. The HIPAA ensured the continuity of health insurance coverage for everyone, especially the employees that were between jobs. It also accomplished the following: set standards as to the amount of pre-tax medical savings that could be saved prohibited tax-deduction … Read more

Under certain circumstances, texting Protected Health Information (PHI) can be deemed as a violation of HIPAA. The classification as a violation is dependent upon the message’s content and the recipient. Furthermore, the effort that the sender put into maintaining the integrity of PHI is also considered. If the PHI is well-protected, then texting may be … Read more

The Health Insurance Portability and Accountability Act (HIPAA) is an important piece of legislation, first introduced in 1996. But, why is HIPAA so important? How has HIPAA helped to improve the healthcare industry and the care given to patients? HIPAA was designed to address one issue in particular: Insurance coverage for individuals that are “between … Read more

Many dental offices and dental practitioners are self-contained entities. However, HIPAA rules for dentists apply to any dental office that may send claims, eligibility requests, pre-determinations, claim status inquiries or treatment authorization requests electronically. If a dental office transmits any of the above transactions directly to a payer, or uses the services of a business … Read more

Dropbox is a popular file hosting service used by many organizations to share files. Dropbox claims that it has implemented measures that now make its software both HIPAA and HITECH Act compliant. However, technically no software or file sharing platform can be HIPAA compliant as its compliance depends on how the software or platform is … Read more

In 1996, the Health Insurance Portability and Accountability Act of 1996 was introduced. In the two decades since, it has proven to be one of the most important pieces of legislation to affect the healthcare industry. Despite its importance, there still exist many healthcare providers and insurers who are unaware of HIPAA obligations. It has … Read more

There has been a huge rise in the number of healthcare workers and other HIPAA-covered entities relying on mobile technology in their day-to-day lives. This rise has seen an increasing use of smartphones, tablets and other portable devices in hospitals, clinics and other places of work. These technological advances have allowed for increased efficiency and … Read more

Since its implementation two decades ago, there has been much ambiguity in whether the use of SMS is HIPAA compliant. HIPAA does not explicitly prohibit communicating Protected Health Information (PHI) by text, a system of administrative, physical and technical safeguards must be implemented to ensure the confidentiality and integrity of PHI when it is “in … Read more

Google Drive is becoming an increasingly attractive option for many companies to store information online. It is cheaper than installing costly hardware systems and IT infrastructures, and it is easy to use and train staff in using. However, despite the advantages, the question remains over whether healthcare professionals can use this technology and remain HIPAA … Read more

HIPAA Simplified History Legislators originally proposed HIPAA in 1996 as a means of addressing the concerns regarding the privacy and security of patient healthcare information and risks brought by novel technologies. Since then, the Act has expanded into an act of legislation. Broadly, HIPAA governs health insurance fraud and tax provisions for medical savings accounts, … Read more

Skype has been increasingly used by business as a quick and cost-effective form of communication. However, the question remains whether Skype can be used by healthcare professionals in a manner which allows them to send text messages containing electronic protected health information (ePHI) without risking violating HIPAA Rule. There exists some ambiguity surrounding Skype and … Read more

The “cloud”-a network of servers used for data storage-has seen widespread use in recent years. It offers a convenient and flexible way for organisations-including healthcare providers and other covered entities-to store files, in comparison to traditional data storage methods. However, before healthcare organisations can make use of these benefits, the question of is it possible … Read more

In 1996, the Health Insurance Portability and Accountability Act was introduced into US law. In time since, it has proven to be one of the most important pieces of legislation to affect the healthcare industry, with widespread influence. Despite its importance, many healthcare providers and insurers are still unaware of HIPAA rules, and as a … Read more