Dedicated to providing the latest
HIPAA compliance news

Only One Third of Patients Use Patient Portals to View Health Data
Jul27

Only One Third of Patients Use Patient Portals to View Health Data

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule permits patients to access the health information held by their providers, yet relatively few patients are exercising that right, according to a recent U.S. Government Accountability Office (GAO) report, at least through patient portals. The Medicare Electronic Health Record Incentive Program encouraged healthcare providers to transition from paper to...

Read More
Survey Shows Only a Quarter of Hospitals Have Implemented a Secure Text Messaging Platforms
Jul25

Survey Shows Only a Quarter of Hospitals Have Implemented a Secure Text Messaging Platforms

The use of secure text messaging platforms in healthcare has grown over the past few years, although a recent survey published in the Journal of Hospital Medicine suggests adoption of HIPAA-compliant messaging systems remains relatively low, with only a quarter of hospitals using a secure platform for sending messages to clinicians. The survey was conducted on 620 hospital-based clinicians identified from the Society of Hospital...

Read More
Model HIPAA-Compliant PHI Access Request Form Released by AHIMA
Jul21

Model HIPAA-Compliant PHI Access Request Form Released by AHIMA

The American Healthcare Information Management Association (AHIMA) has announced it has released a model PHI access request form for healthcare providers to give to patients who want to exercise their right under HIPAA to obtain copies of their health data. The model PHI access request form is compliant with HIPAA regulations and can be easily customized to suit the needs of each healthcare organization. AHIMA claims that until now, a...

Read More
Funding for ONC Office of the Chief Privacy Officer to be Withdrawn in 2018
Jul18

Funding for ONC Office of the Chief Privacy Officer to be Withdrawn in 2018

The cuts to the budget of the Office of the National Coordinator for Health Information Technology (ONC) mean the agency must make some big changes, one of which will be the withdrawal of funding for the Office of the Chief Privacy Officer. ONC National Coordinator Don Rucker, M.D., has confirmed that the office will be closed out in fiscal year 2018. Deven McGraw, the Deputy Director for Health Information Privacy, has been serving...

Read More
ONC Offers Help for Covered Entities on Medical Record Access for Patients
Jul13

ONC Offers Help for Covered Entities on Medical Record Access for Patients

The Health Insurance Portability and Accountability Act’s (HIPAA) Privacy Rule requires covered entities to give medical record access for patients on request. Patients should be able to obtain a copy of their health records in paper or electronic form within 30 days of submitting the request. Last year, the Department of Health and Human Services’ Office for Civil Rights (OCR) issued guidance for covered entities on providing...

Read More
AMIA Urges HHS to Provide More Information on Common Rule Updates
Jul07

AMIA Urges HHS to Provide More Information on Common Rule Updates

The Federal Policy for the Protection of Human Subjects, otherwise known as the Common Rule, was first adopted in 1991; however, there have been numerous calls for the policy to be updated. The purpose of the Common Rule is to provide a framework for protecting human research subjects across the entire federal government. The Common Rule was introduced at a time when research was mainly conducted at medical institutions and...

Read More
Delayed Breach Notification Sees CoPilot Fined $130,000 by NY AG
Jun19

Delayed Breach Notification Sees CoPilot Fined $130,000 by NY AG

A data breach that occurred in October 2015 should have seen affected individuals notified within 2 months, yet it took CoPilot Provider Support Services Inc., until January 2017 to issue breach notifications. An administration website maintained by CoPilot was accessed by an unauthorized individual on October 26, 2015. That individual also downloaded the data of 221,178 individuals. The stolen data included names, dates of birth,...

Read More
OCR’s Wall of Shame Under Review by HHS
Jun16

OCR’s Wall of Shame Under Review by HHS

Since 2009, the Department of Health and Human Services’ Office for Civil Rights has been publishing summaries of healthcare data breaches on its website. The data breach list is commonly referred to as OCR’s ‘Wall of Shame’. The data breach list only provides a brief summary of data breaches, including the name of the covered entity, the state in which the covered entity is based, covered entity type, date of notification, type of...

Read More
OCR Reminds Covered Entities of Security Incident Definition and Notification Requirements
Jun01

OCR Reminds Covered Entities of Security Incident Definition and Notification Requirements

The ransomware attacks and healthcare IT security incidents last month have prompted the Department of Health and Human Services’ Office for Civil Rights to issue a reminder to covered entities about HIPAA Rules on security breaches. In its May 2017 Cyber Newsletter, OCR explains what constitutes a HIPAA security incident, preparing for such an incident and how to respond when perimeters are breached. HIPAA requires all covered...

Read More
OCR Settlement Highlights Importance of Obtaining Signed Business Associate Agreements
Apr21

OCR Settlement Highlights Importance of Obtaining Signed Business Associate Agreements

The Department of Health and Human Services’ Office for Civil Rights has sent another warning to HIPAA-covered entities about the need to obtain signed, HIPAA-compliant business associate agreements with all vendors prior to disclosing any protected health information. Yesterday, OCR announced it has agreed to settle potential violations of the Health Insurance Portability and Accountability Act with The Center for Children’s...

Read More
$400,000 HIPAA Penalty Agreed with Denver FQHC for Security Management Process Failures
Apr13

$400,000 HIPAA Penalty Agreed with Denver FQHC for Security Management Process Failures

The Department of Health and Human Services’ Office for Civil Rights (OCR) has taken action against a Denver, CO-based federally-qualified health center (FQHC) for security management process failures that contributed to the organization experiencing a data breach in 2011. Metro Community Provider Network (MCPN) has agreed to pay OCR $400,000 and adopt a robust corrective action plan to resolve all HIPAA compliance issues identified...

Read More
AMIA Suggests it’s Time for a HIPAA Update
Apr11

AMIA Suggests it’s Time for a HIPAA Update

The American Medical Informatics Association has suggested now is the time to update the Health Insurance Portability and Accountability Act (HIPAA) to make sure the legislation fits today’s connected world. The legislation was first introduced more than 20 years ago at a time when the Internet was just in its infancy. Over the past two decades, technology has advanced in ways that could not have been predicted when the legislation...

Read More
Roger Severino Named New Director of HHS’ Office for Civil Rights
Mar27

Roger Severino Named New Director of HHS’ Office for Civil Rights

The Department of Health and Human Services’ Office for Civil Rights has a new leader. The Trump Administration has chosen former civil rights trial attorney Roger Severino to lead the HIPAA enforcement efforts of the Office for Civil Rights. Severino joins OCR from the Heritage Foundation’s DeVos Center for Religion and Civil Society, Institute for Family, Community, and Opportunity, where he served as Director since May 2015....

Read More
AHIMA Publishes New Resource Confirming Patients’ PHI Access Rights under HIPAA
Mar02

AHIMA Publishes New Resource Confirming Patients’ PHI Access Rights under HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) permits patients to obtain a copy of their medical records in electronic or paper form. Last year, the Department of Health and Human Services released a series of videos and documentation to explain patients’ right to access their health data. Yesterday, the American Health Information Management Association (AHIMA) also published guidance – in the form of a slideshow –...

Read More
$3.2 Million HIPAA Civil Monetary Penalty for Children’s Medical Center of Dallas
Feb02

$3.2 Million HIPAA Civil Monetary Penalty for Children’s Medical Center of Dallas

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced that Children’s Medical Center of Dallas has paid a civil monetary penalty of $3.2 million to resolve multiple HIPAA violations spanning several years. It is relatively rare for OCR a HIPAA Civil Monetary Penalty to be paid by a HIPAA-covered entity to resolve HIPAA violations discovered during OCR data breach investigations. In the vast majority...

Read More
$2.2 Million Settlement for Impermissible Disclosure of ePHI
Jan19

$2.2 Million Settlement for Impermissible Disclosure of ePHI

The U.S. Department of Health and Human Services’ Office for Civil Rights has agreed a $2.2 million settlement with MAPFRE Life Assurance Company of Puerto Rico – A subsidiary of MAPFRE S.A., of Spain – to resolve potential noncompliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The settlement relates to the impermissible disclosure of the electronic protected health information of 2,209...

Read More
OCR Reminds CEs of HIPAA Audit Control Requirements
Jan17

OCR Reminds CEs of HIPAA Audit Control Requirements

In the past few weeks, a number of HIPAA-covered entities have announced that employees have been discovered to have inappropriately accessed the medical records/protected health information of patients. Two of the recent cases were discovered when covered entities performed routine audits of access logs. In both instances, the employees were discovered to have inappropriately accessed the electronic protected health information...

Read More
Healthcare Industry Prepares for the HIPAA 2017 Audits
Jan10

Healthcare Industry Prepares for the HIPAA 2017 Audits

Given the number of HIPAA 2017 audits that OCR has planned, the probability of any healthcare organization being selected for a compliance audit is relatively small; however, that does not mean healthcare organizations can afford to be lax when it comes to HIPAA compliance. With onsite audits looming, healthcare organizations need to be prepared. Even if covered entities and business associates have not been selected for a desk audit,...

Read More
$475,000 Settlement for Delayed HIPAA Breach Notification
Jan10

$475,000 Settlement for Delayed HIPAA Breach Notification

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced the first HIPAA settlement of 2017. This is also the first settlement to date solely based on an unnecessary delay to breach notification after the exposure of patients’ protected health information. Presence Health, one of the largest healthcare networks serving residents of Illinois, has agreed to pay OCR $475,000 to settle potential HIPAA...

Read More
New York Rule Change Allows Clinicians to Access Minors’ PHI via State HIE
Jan06

New York Rule Change Allows Clinicians to Access Minors’ PHI via State HIE

Healthcare providers that participate in the Western New York health information exchange – HEALTHeLINK – are now able to access the health information of minors aged between 10 and 17 after the passing of a new rule covering patient data access through qualified information exchanges. The new rule allows the information of minors to be accessed if prior consent has been obtained by from parents or legal guardians via...

Read More
Joint Commission Ban on Secure Messaging for Orders Remains in Place
Dec22

Joint Commission Ban on Secure Messaging for Orders Remains in Place

The Joint Commission on Accreditation of Healthcare’s (Joint Commission) ban on the use of secure text messaging platforms for patient care orders will remain in place, according to its December newsletter. In April 2016, the Joint Commission took the decision to allow the use of a secure texting platform for sending orders. The ban was not totally lifted, as the Joint Commission required certain components to be in place and certain...

Read More
ONC Publishes Final 2017 Interoperability Standards Advisory
Dec21

ONC Publishes Final 2017 Interoperability Standards Advisory

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) has published its Final 2017 Interoperability Standards Advisory (ISA). The ISA is a catalog of standards and implementation specifications that can be used by healthcare organizations to address specific interoperability needs. The purpose of the ISA is to serve as a single resource for the healthcare industry to...

Read More
ONC Issues Challenge to Develop a New Online Model Privacy Notice Generator
Dec15

ONC Issues Challenge to Develop a New Online Model Privacy Notice Generator

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) has challenged designers, developers, and health data privacy experts to create a new online Model Privacy Notice (MPN) generator. At present, the MPN is a voluntary resource that helps health technology developers who collect electronic health data provide information to consumers about how health data is collected,...

Read More
National Governors Association Releases Roadmap for States to Improve Heath Data Sharing
Dec14

National Governors Association Releases Roadmap for States to Improve Heath Data Sharing

To support effective decision making, improve the care provided to patients, and cut the costs of healthcare provision, healthcare data must be readily available to all healthcare providers. While other industry sectors have taken great strides toward improving the flow of information to increase efficiency, the healthcare industry still lags behind other industries. There are still many barriers in place which are preventing the...

Read More
ONC Issues Fact Sheet Explaining Exchange of Health Information for Public Health Activities
Dec09

ONC Issues Fact Sheet Explaining Exchange of Health Information for Public Health Activities

The U.S. Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) and Office of Civil Rights (OCR) have published a new fact sheet explaining some of the circumstances under which the sharing of electronic healthcare information without patients’ written consent is permitted by Health Insurance Portability and Accountability Act (HIPAA) Rules. The HIPAA Privacy Rule came into...

Read More
OCR Warns Covered Entities of Risk of DDoS Attacks
Dec08

OCR Warns Covered Entities of Risk of DDoS Attacks

There has been a surge in Distributed Denial of Service (DDoS) and Denial of Service (DOS) attacks over the past few weeks. The attacks involve flooding systems with information and requests to cause those systems to crash. The attacks have resulted in large sections of the Internet being taken offline, email systems have crashed, and other computer equipment taken out of action. DDoS attacks on healthcare organizations could prevent...

Read More
21st Century Cures Bill Sails Through Senate
Dec08

21st Century Cures Bill Sails Through Senate

Last week, the House of Representatives unanimously voted in favor of the 21st Century Cures Act. Yesterday, the bill sailed through the Senate with a vote of 94-5. All that remains is for President Obama to add his signature to the bill, which is expected to happen in the next few days. President Obama has already said he is happy to sign the new bill. The bill will provide funding for a number of initiatives that are intended to...

Read More
21st Century Cures Act Unanimously Passed by House
Dec01

21st Century Cures Act Unanimously Passed by House

The 21st Century Cures Act has been passed by the House of Representatives with a vote of 392-26. One Democrat and twenty Republicans voted against the bill. The legislation will now go to the Senate for the vote, which will take place early next week. The legislation was passed by the House last year, although the bill failed in the Senate in July 2015. Numerous revisions have been made since last summer and this time around the 21st...

Read More
Warner Chilcott District Managers Sentenced for HIPAA Violations and Healthcare Fraud
Oct31

Warner Chilcott District Managers Sentenced for HIPAA Violations and Healthcare Fraud

The United States Attorney’s Office for the District of Massachusetts has announced three former district managers of the pharmaceutical firm Warner Chilcott have been sentenced for violating the Health Insurance Portability and Accountability Act and committing healthcare fraud. The offenses date back to 2011, when Warner Chilcott launched the osteoporosis drug Atelvia®. The drug was not covered by many insurance companies due to a...

Read More
Vindell Washington: HIPAA Not a Barrier to the Sharing of ePHI
Sep23

Vindell Washington: HIPAA Not a Barrier to the Sharing of ePHI

This Week, Vindell Washington – the recently appointed National Coordinator for Health Information Technology at the ONC – confirmed that one of his main priorities is to continue the work of Karen DeSalvo and implement the ONC’s Interoperability Roadmap. Washington believes the ONC’s Interoperability Framework is foundational for a number of the administration’s priorities, in particular the Precision Medicine Initiative and...

Read More