HIPAA Password Requirements
The HIPAA password requirements are a combination of Administrative and Technical Safeguards designed to manage and monitor access to PHI. Covered entities and business associates can comply with the requirements by implementing Multi Factor Authentication (MFA) and password managers with logging capabilities. Understanding the HIPAA password requirements is not straightforward. HIPAA is intentionally technology-neutral; so whereas Security Standard §164.312(d) stipulates covered entities and business associates must “implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed”, there is no indication what procedures should be implemented or even that user verification should be password-based. Guidance published by the Department of Health and Human Services suggests there are three ways in which users can verify their identity: With something only known to the user, such as a password or PIN, With something the user possesses, such as a smart card or key, or With something unique to the user, such as a...
Is Texting in Violation of HIPAA?
There are many factors that determine whether a message sent via a text service is texting in violation of HIPAA. The factors include who the text is being sent by, the content of the message, the service the text is sent via, and the measures in place to prevent unauthorized access to the content of the message. It may also be the case that the recipient of the text has requested or authorized an otherwise impermissible disclosure. For many years, when a member of a healthcare provider’s workforce sent a text message to a patient containing Protected Health Information (PHI), it was assumed the workforce member was texting in violation of HIPAA because the most commonly used text service (at the time) was “Short Message Service” (SMS) texting which lacks the controls necessary to support compliance with the Administrative and Technical Safeguards of the HIPAA Security Rule. Although the assumption was incorrect (because a patient may have requested or authorized an otherwise impermissible disclosure), many sources still claim that texting is in violation of HIPAA – despite SMS...
What is Considered PHI Under HIPAA?
Under HIPAA PHI is considered to be an individual’s health, treatment, and payment information, and any related information maintained in the same designated record set that could identify the individual or be used with other information in the record set to identify the individual. This article aims to provide you with the full and correct definition of PHI. HIPAA rules and regulations are substantially about protecting PHI and we recommend you use our PHI Guide & Checklist to understand what is required for the protection of PHI. What Is Considered PHI Under HIPAA Rules? To best explain what is considered PHI under HIPAA compliance rules, it is necessary to review the definitions section of the Administrative Simplification Regulations (§160.103) starting with health information. Learn How To Safeguard Your Protected Health Information Order Our Free Protected Health Information Guide & Checklist(download link sent by email) Please enable JavaScript in your browser to complete this form.Business Email *Name *FirstLastNumber *Company Name *Send Me Free Guide Please enter...
Is a HIPAA Violation Grounds for Termination?
A HIPAA violation can be grounds for termination depending on the nature of the violation, the consequences of the violation, the employee’s prior compliance history, and the sanctions policy of the employer. In this article we tease out this question. You can also use request a copy of our free HIPAA Violations Checklist to understand what is required to ensure full HIPAA compliance. Since the introduction of the HIPAA Enforcement Rule, the HHS’ Office for Civil Rights has been able to pursue financial penalties for HIPAA violations. Organizations discovered to have violated HIPAA Rules or failed to have implemented policies and procedures in line with HIPAA Rules can face severe financial penalties. But what about individual employees who accidentally or deliberately violate HIPAA and patient privacy? Do Most Healthcare Organizations Consider a HIPAA Violation Grounds for Termination? Not all HIPAA violations are equal, although any violation of HIPAA Rules is a serious matter that warrants investigation and action by healthcare organizations. When a HIPAA violation is...
What is HIPAA Certification?
HIPAA certification for individuals is certified HIPAA training combined with testing to verify awareness of HIPAA compliance requirements, typically conducted on an annual basis. Successful trainees receive a HIPAA compliance certificate. HIPAA Certification Requirements for Healthcare Professionals and Administrators Certifying that an organization’s workforce is HIPAA compliant can have similar benefits to those discussed above inasmuch as a compliant workforce is less likely to violate HIPAA or make mistakes that could result in data breaches. Achieving HIPAA certification demonstrates a reasonable amount of care to abide by the HIPAA Rules in the event of an OCR investigation or audit. For individual members of the workforce, HIPAA certification can help foster patient trust, support applications for promotion, and increase prospects in the job market. However, it is what workforce members learn during a certification program that can have the biggest impact on their professional lives, as this can help prevent unintentional violations that can have significant...



