By Matt Fisher – Stop if you’ve heard this story before: a dental practice was unhappy with patient reviews left on Yelp, so responded. In responding, the practice disclosed patient information including names and diagnoses. That is the basic outline of the latest settlement announced by the OCR to resolve an alleged HIPAA violation.
Read More
By Art Gross – A security risk assessment must be conducted to maintain HIPAA compliance per the Security Rule. A security risk assessment is also referred to as an SRA. It is a requirement for government plans such as Medicare, Obamacare, and Medicaid.
The OCR at the U.S. Department of Health and Human Services issued a bulletin to highlight the obligations of HIPAA on covered entities and business associates under the HIPAA Privacy, Security, and Breach Notification Rules when using online tracking technologies.
By Art Gross – The HIPAA Administrative Simplification provisions are in place to provide consistency in electronic communications within healthcare for Protected Health Information. These mandate the usage of standard transactions, code sets, and identifiers for the United States healthcare system.
By Matt Fisher – When a data breach impacts an organization a number of parallel processes should optimally begin to come into play. One of the more important aspects is determining the contents of a breach notification that will go out.
By Rita Bowen – Healthcare provider organizations are responsible for the privacy and security of their patients’ information. HIPAA codified this requirement for covered entities, including specific guidelines for protecting sensitive patient information such as behavioral and substance abuse records.
By Matt Fisher – Covered entities as defined by HIPAA come in various types and shapes. It is not just a physician’s office or a hospital. Any entity that provides healthcare services and bills insurance (very gross oversimplification) can and likely does qualify as a covered entity.
By Ittai Dayan, MD – Following the enactment of HIPAA, patient privacy cemented itself among the foremost concerns of health care providers. This focus on patient privacy was only amplified after Europe passed its own, stronger set of regulations under The General Data Protection Regulation.
By Art Gross – Healthcare businesses need to be aware of the requirements that come with a cybersecurity insurance policy. In a world of online profiles, splashy websites, and great social media campaigns, businesses can misrepresent themselves in more ways than one.