What Happens if You Violate HIPAA?
What happens if you violate HIPAA depends on the nature and consequences of the violation, the motive for the violation, and whether you knew – or should have known – that the violation was indeed a violation. What happens if you violate HIPAA can also depend on if or how the violation is identified. To help explain the many different factors that can influence what happens when you violate HIPAA, we will use as an example a healthcare employee who shares their EHR login credentials in the belief that a junior colleague wants to access a patient´s file in order to phone the patient´s family with an update. If the junior colleague only uses the login credentials to obtain a phone number and phone the patient´s family with an update – and the patient has not objected to this information being shared with their family – no harm has occurred and there has been no impermissible use or disclosure of PHI. Nonetheless, although the motive for sharing the EHR login credential is well meaning (and the healthcare employee does not have to stop what they are doing to retrieve the...
The Use of Technology and HIPAA Compliance
The use of technology and HIPAA compliance has become an increasingly complex subject due to the rapid adoption of technology in the health care and health insurance industries over the past twenty five years. The evolving nature of HIPAA compliant healthcare technology and the ever-changing threat landscape are also factors that can impact HIPAA compliance. At the time HIPAA was passed in 1996, healthcare IT was very different from what it is today. The passage of HIPAA coincided with the launch of the first webmail service (Hotmail), the dot.com bubble was yet to burst, the first AWS web services were still six years into the future, and it would be more than ten years until the iPhone became available. For reference, Gmail did not come out of “beta” until 2009. Acknowledging the emergence of new technologies, the Department of Health and Human Services (HHS) designed the HIPAA Security Rule to be “technology neutral”. Discussing the rationale for this in what was effectively the first legal guidelines on the appropriate use of technology in healthcare, HHS explained that the...
HIPAA Training for Employees
HIPAA training for employees provides workforce members with the knowledge they require to better understand, absorb, and apply policies and procedures developed by Covered Entities and Business Associates to protect the privacy and security of Protected Health Information (PHI). With a better understanding of why policies and procedures exist, workforce members are less likely to take compliance shortcuts which lead to HIPAA violations and data breaches. Which Employees Require HIPAA Training? Both the HIPAA Privacy Rule (45 CFR § 164.530) and the HIPAA Security Rule (45 CFR § 164.308) stipulate HIPAA training must be provided to members of the workforce; but whereas the HIPAA Security Rule is clear that all members of the workforce should participate in a HIPAA security awareness and training program, the HIPAA Privacy Rule is more slightly more flexible: “A Covered Entity must train all members of its workforce on the policies and procedures with respect to Protected Health Information required by this subpart [the Privacy Rule] and subpart D of this part [the Breach...
What is a Clearinghouse in Healthcare?
A clearinghouse in healthcare is a middleman between a healthcare provider and a health plan that checks claims from healthcare providers to ensure they don’t contain errors before forwarding them to a health plan for payment. Having a middleman to check for accuracy reduces workloads for both healthcare providers and health plans and accelerates the payment of claims. A clearinghouse in healthcare has several definitions – and can have several interpretations of the definitions. For health plans and healthcare providers subject to the HIPAA Administrative Simplification Regulations, it can be important to understand how the Department of Health and Human Services defines a clearinghouse in healthcare to avoid unintentional HIPAA violations. What is a Healthcare Clearinghouse under HIPAA? In the definitions section of the HIPAA Administrative Simplification Regulations (§160.103), a healthcare clearinghouse under HIPAA is defined as a public or private entity, including a billing service, repricing company, community health management information system or community health...
OSHA Compliance Checklist
An OSHA compliance checklist is a useful tool for assessing compliance with the standards developed by the Occupational Safety and Health Administration to ensure a healthy and safe workplace for employees. Please note that this OSHA compliance checklist has been compiled based on federal OSHA standards. Employers operating in states with state-approved OSHA plans may find local requirements more stringent. This article includes a summary of the Occupational Safety and Health Act of 1970 and an OSHA compliance checklist that can be used by employers when conducting self-assessments of safety and health policies, administration and reporting procedures, and compliance with workers´ rights. Due to the wide-ranging scope of the Occupational Safety and Health Act, this article focuses on the standards of the Act applicable to general industry with an emphasis on the healthcare industry. For this reason, our OSHA compliance checklist omits some standards that may not relate directly to medical facilities and dental surgeries. What is the Occupational Safety and Health Act? The...



