By Matt Fisher – An easy to overlook aspect of the HIPAA Privacy Rule is the requirement that all uses and disclosures be of the “minimum necessary” amount of protected health information. That means the least amount of information needed for the intended purpose should be used.
By Matt Fisher – Compliance with HIPAA and the attendant privacy and security requirements is a frequent topic of discussion. Discussions around compliance are driven by the daily reporting of breaches and the probably more than daily issues faced by patients, clinicians and….
HIPAA Complaints, OCR Investigations, and Security Risk Analysis for Healthcare Delivery Organizations – A Common Thread
By Rich Curtiss – Many HIPAA covered entities (CEs) and business associates (BAs) may not be meeting the regulatory mandate as defined in §164.308(a)(1)(ii)(A) of the HIPAA Security Rule. This implementation specification requires that healthcare delivery organizations…
By Matt Fisher – With the holidays quickly receding, there was some time for reflection. When given that time (and honestly spurred to some degree by the HIPAA request for information), different issues about HIPAA wandered through my mind.
By Matt Fisher – The Office for Civil Rights is now seeking comments on whether certain aspects of the HIPAA privacy and security rules should be modified. The Request for Information is purely a solicitation of comments and ideas from the public on whether or how HIPAA could be modified.
By Matt Fisher – After a slow start to the year in terms of HIPAA settlement, the OCR is trying to finish the year with a bang. Since September 20, 2018, OCR has announced four different HIPAA settlements. The nature of the conduct underlying each settlement has varied widely.
By Matt Fisher – An interesting argument was posed in a recent post on databreaches[.]net about a lack of enforcement actions from the Office for Civil Rights against small or medium-sized healthcare entities that do not appropriately report breaches to either OCR and/or the individuals impacted.
ONC and OCR Bolster the Security Risk Assessment (SRA) Tool with New Features and Improved Functionality
Patients expect not only quality health care to keep them healthy, but also trust that their most sensitive health information will be protected from threats and vulnerabilities that could lead to the compromise of one’s health information.
By Shane Whitlatch – It can be helpful to think of good compliance practices as preventive maintenance. It’s easier to have prepared all along than have to scramble to prove compliance when an audit comes up.
By Art Gross – On September 20, the Department of Health and Human Services’ Office for Civil Rights announced a fine of $999,000 for three Boston hospitals, all of which violated HIPAA while allowing ABC’s TV series “Boston Med” to film the show in their facilities.
By Art Gross – The U.S. Department of Health and Human Services Office for Civil Rights is planning to issue an advance notice of proposed rulemaking this November that could be a major game changer for HIPAA breach settlements.
By Matt Fisher – At some point in time most group practices, hospitals or other provider organizations will receive a letter from the OCR. The letter will state that OCR received a complaint from a patient, employee or some other party with knowledge or information as to alleged acts at the healthcare organization.
OUR STREAMING RADIO STATION
HealthcareNOW Radio – Past Episodes On Demand
Miss any episodes of your favorite HealthcareNOW Radio shows? Find them all on our SoundCloud Channel. Play or Download Here