Dedicated to providing the latest
HIPAA compliance news

HIPAA Resources

What are the Penalties for HIPAA Violations?

Penalties for HIPAA violations can be issued by the Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general. In addition to financial penalties, covered entities are required to adopt a corrective action plan to bring policies and procedures up to the standards demanded by HIPAA […]

Is Texting in Violation of HIPAA?

To say that texting is in violation of HIPAA is not strictly true. Depending on the content of the text message, who the text message is being sent to, or mechanisms put in place to ensure the integrity of Protected Health Information (PHI), texting can be in compliance with HIPAA in certain circumstances. Any misunderstanding surrounding texting being in violation of HIPAA comes from the complex language […]

FCC Confirms Rules Regarding HIPAA and Patient Telephone Calls

The Federal Communication Commission has issued a Declaratory Ruling and Order to clarify the rules regarding HIPAA and patient telephone calls. Some healthcare providers have had trouble understanding the rules regarding HIPAA and patient telephone calls, and how the rules comply with the Telephone Consumer Protection Act (TCPA). […]

HIPAA History

Our HIPAA history lesson starts on August 21, 1996, when the Healthcare Insurance Portability and Accountability Act (HIPAA) was signed into law, but why was the HIPAA act created? HIPAA was created to “improve the portability and accountability of health insurance coverage” for employees between jobs. Other objectives of the Act were to combat waste, fraud and abuse in health insurance and healthcare delivery. […]

Largest Healthcare Data Breaches of 2017

This article details the largest healthcare data breaches of 2017 and compares this year’s breach tally to the past two years, which were both record-breaking years for healthcare data breaches. 2015 was a particularly bad year for the healthcare industry, with some of the largest healthcare data breaches ever discovered. There was the massive data breach at Anthem Inc., the likes of which […]

What Happens if a Nurse Violates HIPAA?

What happens if a nurse violates HIPAA Rules? How are HIPAA violations dealt with and what are the penalties for individuals that accidentally or deliberately violate HIPAA and access, disclose, or share protected health information (PHI) without authorization? The Health Insurance Portability and Accountability Act (HIPAA) […]

HIPAA Encryption Requirements

The HIPAA encryption requirements have, for some, been a source of confusion. The reason for this is the technical safeguards relating to the encryption of Protected Health Information (PHI) are defined as “addressable” requirements. Furthermore, the HIPAA encryption requirements for transmission security state that covered entities should “implement a mechanism to encrypt PHI […]

The HIPAA Password Requirements and the Best Way to Comply With Them

The HIPAA password requirements stipulate procedures must be put in place for creating, changing and safeguarding passwords unless an alternative, equally-effective security measure is implemented. We suggest the best way to comply with the HIPAA password requirements is with two factor authentication. […]

Is Skype HIPAA Compliant?

Text messaging platforms such as Skype are a convenient way of quickly communicating information, but is Skype HIPAA compliant? Can Skype be used to send text messages containing electronic protected health information (ePHI) without risking violating HIPAA Rules? There is currently some debate surrounding Skype and HIPAA compliance. Skype includes security features to prevent unauthorized access of information transmitted via the platform […]

How Should You Respond to an Accidental HIPAA Violation?

The majority of HIPAA covered entities, business associates, and healthcare employees take great care to ensure HIPAA Rules are followed, but what happens when there is accidental HIPAA violation? How should healthcare employees, covered entities, and business associates respond? […]

What are the Duties of a HIPAA Compliance Officer?

The Healthcare Insurance Portability and Accountability Act requires that a person (or persons) within a Covered Entity or Business Associate is assigned the duties of a HIPAA Compliance Officer. This may be an existing employee or a new position can be created to meet the requirement. It is even possible to outsource the duties of a HIPAA compliance officer on a temporary or permanent basis. […]

HIPAA Explained

Our HIPAA Explained article provides information about the Healthcare Insurance Portability and Accountability Act (HIPAA), the most recent changes to the Act in 2013, and how provisions within the Act currently affect patients, the healthcare industry as a whole, and the individuals who work within it. Originally proposed in 1996 in order that workers could carry forward insurance and healthcare rights […]

The Most Common HIPAA Violations You Should Be Aware Of

The most common HIPAA violations that have resulted in financial penalties are the failure to perform an organization-wide risk analysis to identify risks to the confidentiality, integrity, and availability of protected health information (PHI); the failure to enter into a HIPAA-compliant business associate agreement; impermissible disclosures of PHI; delayed breach notifications; and the failure to safeguard PHI. […]

HIPAA Compliance for Email

HIPAA compliance for email has been a hotly debated topic since changes were enacted in the Health Insurance Portability and Accountability Act (HIPAA) in 2013. Of particular relevance is the language of the HIPAA Security Rule; which, although not expressly prohibiting the use of email to communicate PHI, introduces a number of requirements before email communications can be considered to be HIPAA compliant(*). […]

Is Google Drive HIPAA Compliant?

Google Drive is a useful tool for sharing documents, but can those documents contain PHI? Is Google Drive HIPAA compliant? The answer to the question, “Is Google Drive HIPAA compliant?” is yes and no. HIPAA compliance is less about technology and more about how technology is used. Even a software solution or cloud service that is billed as being HIPAA-compliant can easily be used in a manner […]

HIPAA Violation Cases

Detailed below is a summary of all HIPAA violation cases that have resulted in settlements with the Department of Health and Human Services’ Office for Civil Rights (OCR), including cases that have been pursued by OCR after potential HIPAA violations were discovered during data breach investigations, and investigations of complaints submitted by patients and healthcare employees. […]

Is Slack HIPAA Compliant?

Slack is a powerful communication tool for improving collaboration, but is Slack HIPAA compliant? Can Slack be used by healthcare organizations for sharing protected health information without risking a HIPAA violation? There has been considerable confusion about the use of Slack in healthcare and whether Slack is HIPAA compliant. […]

Can A Patient Sue for A HIPAA Violation?

Can a patient sue for a HIPAA violation? There is no private cause of action in HIPAA, so it is not possible for a patient to sue for a HIPAA violation. Even if HIPAA Rules have clearly been violated by a healthcare provider, and harm has been suffered as a direct result, it is not possible for patients to seek damages, at least not for the violation of HIPAA Rules. […]

Can E-Signatures Be Used Under HIPAA Rules?

The use of digital signatures in the healthcare industry has helped to improve the efficiency of many processes, yet the question still remains can e-signatures be used under HIPAA rules. Effectively the answer is “yes”, provided that mechanisms are put in place to ensure the legality and security of the contract, document, agreement or authorization, and there is no risk to the integrity of PHI. […]

Is WhatsApp HIPAA Compliant?

When WhatsApp announced it was introducing end-to-end encryption, it opened up the prospect of healthcare organizations using the platform as an almost free secure messaging app, but is WhatsApp HIPAA compliant? Many healthcare employees have been asking if WhatsApp is HIPAA compliant, and some healthcare professionals are already using the text messaging app to send protected health information (PHI). […]

Why is HIPAA Important?

The Health Insurance Portability and Accountability Act (HIPAA) is a landmark piece of legislation, but why is HIPAA important? What changes did HIPAA introduce and what are the benefits to the healthcare industry and patients? HIPAA was introduced in 1996, primarily to address one particular issue: Insurance coverage for individuals that are between jobs. […]

HIPAA Guidelines on Telemedicine

The HIPAA guidelines on telemedicine affect any medical professional or healthcare organization that provides a remote service to patients in their homes or in community centers. Many people mistakenly believe that communicating ePHI at distance is acceptable when the communication is directly between physician and patient – and this would be what the HIPAA Privacy Rule would imply. […]

How to Report a HIPAA Violation

It is important for all healthcare employees to know how to report a HIPAA violation, the correct person to direct the complaint to, and whether the incident should be directed to the Department of Health and Human Services’ Office for Civil Rights (OCR). […]

Mobile Data Security and HIPAA Compliance

Healthcare providers and other HIPAA-covered entities have embraced the mobile technology revolution, and are allowing the use of Smartphones, tablets and other portable devices in hospitals, clinics and other places of work; however, if mobile data security measures are insufficient, covered entities are at risk of violating HIPAA regulations. If that occurs, heavy fines can follow. […]

HIPAA Rules for Dentists

Although many dental offices are self-contained entities, the HIPAA rules for dentists apply to any dental office that may send claims, eligibility requests, pre-determinations, claim status inquiries or treatment authorization requests electronically. […]

Summary of the HIPAA Breach Notification Rule

The Health Insurance Portability and Accountability Act of 1996 is one of the most important pieces of legislation to affect the healthcare industry, yet many healthcare providers and insurers are unaware of HIPAA obligations, in particular those relating to the HIPAA Breach Notification Rule. […]

Is OneDrive HIPAA Compliant?

Many covered entities want to take advantage of cloud storage services, but can Microsoft OneDrive be used? Is OneDrive HIPAA compliant? Many healthcare organizations are already using Microsoft Office 365 Business Essentials, including exchange online for email. Office 365 Business Essentials includes OneDrive Online, which is a convenient platform for storing and sharing files. […]

HIPAA Violation Articles

Listed below are a selection of HIPAA articles providing further information and guidance on HIPAA compliance for healthcare providers, health plans, healthcare clearinghouses, and business associates of covered entities. […]

The Benefits of Using Blockchain for Medical Records

Blockchain is perhaps best known for keeping cryptocurrency transactions secure, but what about using blockchain for medical records? Could blockchain help to improve healthcare data security? The use of blockchain for medical records is still in its infancy, but there are clear security benefits that could help to reduce healthcare data breaches […]

Is Dropbox HIPAA Compliant?

Dropbox is a popular file hosting service used by many organizations to share files, but what about protected health information? Is Dropbox HIPAA compliant? Dropbox claims it now supports HIPAA and HITECH Act compliance but that does not mean Dropbox is HIPAA compliant. […]

Termination for Nurse HIPAA Violation Upheld by Court

A nurse HIPAA violation alleged by a patient of Norton Audubon Hospital culminated in the termination of the registered nurse’s employment contract. The nurse, Dianna Hereford, filed an action in the Jefferson Circuit Court alleging her employer wrongfully terminated her contract on the grounds that a HIPAA violation had occurred […]

Is Text Messaging HIPAA Compliant?

The answer to the question “is text messaging HIPAA compliant” is generally “no”. Although HIPAA does not specifically prohibit communicating Protected Health Information (PHI) by text, a system of administrative, physical and technical safeguards has to be in place to ensure the confidentiality and integrity of PHI when it is “in transit” – i.e. being communicated between medical professionals or covered entities. […]

Recent HIPAA Changes

The recent HIPAA changes extend the scope and extent of the Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical Health Act (HITECH). Many of the new HIPAA rules for 2013 account for changes in working practices and advances in technology since the original legislation was enacted in 1996. […]

HIPAA Privacy Laws

The HIPAA privacy laws were first enacted in 2002 with the objective of protecting the confidentiality of patients´ healthcare information without handicapping the flow of information that was required to provide treatment. The HIPAA privacy laws control who can have access to Protected Health Information (PHI), the conditions under which it can be used, and who it can be disclosed to. […]

HIPAA Risk Assessment

The requirement for Covered Entities to conduct a HIPAA risk assessment is not a new provision of the Health Insurance Portability and Accountability Act. The requirement was first introduced in 2003 in the original HIPAA Privacy Rule, and subsequently extended to cover the administrative, physical and technical safeguards of the HIPAA Security Rule. […]

HIPAA Compliance for Call Centers

HIPAA compliance for call centers is an essential consideration for every company providing an answering service or call-forwarding service for the healthcare industry. Since the Final Omnibus Rule updated the Health Insurance Portability and Accountability Act (HIPAA) in 2013, all service providers processing, storing or transmitting ePHI directly or on behalf of a healthcare organization […]

HIPAA Regulations for SMS

The HIPAA regulations for SMS do not specifically prohibit the use of a “Short Message Service” to communicate Protected Health Information (PHI), but they do stipulate that certain conditions have to be in place before using SMS to communicate PHI is HIPAA compliant. Most SMS messages are not HIPAA compliant. […]

HIPAA Training Requirements

Because HIPAA applies to many different types of Covered Entity (CE) and Business Associate (BA), the HIPAA training requirements are best described as vague. Training is undoubtedly mandatory. It is an Administrative Requirement of the HIPAA Privacy Rule (45 CFR §164.530) and an Administrative Safeguard of the HIPAA Security Rule (45 CFR §164.308). […]

Amazon Alexa is Not HIPAA Compliant – But That Could Soon Change

Amazon Alexa is not HIPAA compliant, which limits its use in healthcare, although that could be about to change. Amazon already supports HIPAA compliance for its cloud platform AWS and is keen to see its voice recognition technology used more extensively in healthcare. However, before the true potential of Alexa can be realized, Amazon must first make Alexa HIPAA compliant. […]

Is Google Voice HIPAA Compliant?

Google Voice is a popular telephony service, but is Google Voice HIPAA compliant or can it be used in a HIPAA compliant way? Is it possible for healthcare organizations – or healthcare employees – to use the service without violating HIPAA Rules? Google Voice is a popular and convenient telephony service that includes voicemail, voicemail transcription to text […]

HIPAA Audit Checklist

In March 2013, the enactment of changes to the Health Insurance Portability and Accountability Act (HIPAA) made it advisable for healthcare organizations and other covered entities to compile a HIPAA audit checklist. The objective of a HIPAA audit checklist would be to identify any possible risks to the integrity of electronically-stored protected health information (ePHI). […]

HIPAA Encryption for iPhones and Android Phones

There is an understandable level of misunderstanding about HIPAA encryption for iPhones and Android phones. The misunderstanding arises because the HIPAA Security Rule categorizes the encryption of Protected Health Information (PHI) as an “addressable” requirement when PHI is communicated outside of a covered entity´s communications network. […]

HIPAA Compliance for Self-Insured Group Health Plans

HIPAA compliance for self-insured group health plans – or self-administered health group plans – is one of the most complicated areas of HIPAA legislation. The Administrative Simplification Rule of the Health Insurance Portability and Accountability Act (HIPAA) imposed obligations on health care clearinghouses, certain healthcare providers and health plans […]

Timeline of Important Events in the History of HIPAA

The Health Insurance Portability and Accountability Act of 1996 is widely accepted to be one of the most important pieces of healthcare legislation ever to be introduced in the United States. Next year will be the 20th Anniversary of the introduction of the act, and during that time there have been some major updates to that legislation. […]

How to Make Your Email HIPAA Compliant

Many healthcare organizations would like to be able to send protected health information via email, but how do you make your email HIPAA compliant? What must be done before electronic PHI (ePHI) can be sent via email to patients and other healthcare organizations? Whether you need to make your email HIPAA compliant will depend on how you plan to use email with ePHI. […]

Healthcare Professionals Violate HIPAA with Personal Phones

There is a worrying practice taking place in healthcare centers across the country: The use of personal mobile phones for communicating with care teams and sending patient data. The practice is a clear HIPAA violation, yet text messages, attachments and even photographs and test results are being shared over insecure networks without data encryption, albeit with individuals permitted to view the data. […]

Is FaceTime HIPAA Compliant?

Is FaceTime HIPAA compliant? Can FaceTime be used by HIPAA covered entities to communicate protected health information (PHI) without violating HIPAA Rules? In this article we will examine the protections in place to keep transmitted information secure, whether Apple will sign a business associate agreement for FaceTime, and if a BAA is necessary. […]

Is Microsoft Outlook HIPAA Compliant?

The latest in our series of posts on HIPAA compliant software and email services for healthcare organizations explores whether Microsoft Outlook is HIPAA compliant. Software or an email platform can never be fully HIPAA compliant, as compliance is not so much about the technology but how it is used. That said, software and email services can support HIPAA compliance. […]

HIPAA and HITECH

The relationship between HIPAA and HITECH began in 2009 with the American Recovery and Reinvestment Act. Title XIII of the American Recovery and Reinvestment Act – the Health Information Technology for Economic and Clinical Health Act (HITECH) – set aside funds for the creation of a nationwide network of electronic health records and signaled the start of the Meaningful Use program. […]

De-identification of Protected Health Information: How to Anonymize PHI

Healthcare organizations and their business associates that want to share protected health information must do so in accordance with the HIPAA Privacy Rule, which limits the possible uses and disclosures of PHI, but de-identification of protected health information means HIPAA Privacy Rule restrictions no longer apply. […]

Is Google Hangouts HIPAA Compliant?

Healthcare organizations frequently ask about Google services and HIPAA compliance, and one product in particular has caused some confusion is Google Hangouts. Google Hangouts is the latest incarnation of the Hangouts video chat system, and has taken the place of Huddle (Google+ Messenger). […]

What are the HIPAA Breach Notification Requirements?

All HIPAA covered entities must familiarize themselves with the HIPAA breach notification requirements and develop a breach response plan that can be implemented as soon as a breach of unsecured protected health information is discovered. […]

Why Dental Offices Should be Worried About HIPAA Compliance

In 2015, Dr. Joseph Beck became the first dentist to be fined for a HIPAA violation, which sent a warning to dental offices about HIPAA compliance. Until that point, dental offices had avoided fines for noncompliance with HIPAA Rules. The penalty was not issued by the Department of Health and Human Services’ Office for Civil Rights (OCR), but by the Office of the Indiana attorney general. […]

Clarifying the HIPAA Retention Requirements

The subtle distinction between HIPAA medical records retention and HIPAA record retention can cause confusion when discussing HIPAA retention requirements. This article aims to clarify what records need to be retained under HIPAA, and what other retention requirements Covered Entities should consider. […]

HIPAA Compliant Email Providers

HIPAA-covered entities must ensure protected health information (PHI) transmitted by email is secured to prevent unauthorized individuals from intercepting messages, and many choose to use HIPAA compliant email providers to ensure appropriate controls are applied to ensure the confidentiality, integrity, and availability of PHI. […]

How Employees Can Help Prevent HIPAA Violations

Healthcare organizations and their business associates must comply with the HIPAA Privacy, Security, and Breach Notifications Rules and implement safeguards to prevent HIPAA violations. However, even with controls in place to reduce the risk of HIPAA violations, data breaches still occur. […]

Is Azure HIPAA Compliant?

Many healthcare organizations are considering moving some of their services to the cloud, and a large percentage already have. The cloud offers considerable benefits and can help healthcare organizations lower their IT costs, but what about HIPAA? […]

Is Facebook Messenger HIPAA Compliant?

Many doctors and nurses communicate using chat platforms, but is it acceptable to use the platforms for sending PHI? One of the most popular chat platforms is Facebook Messenger. To help clear up confusion we will assess whether Facebook Messenger is HIPAA compliant and if the platform can be used to send PHI. […]

What is the Purpose of HIPAA?

The Health Insurance Portability and Accountability Act – or HIPAA as it is better known – is an important legislative Act affecting the U.S. healthcare industry, but what is the purpose of HIPAA? Healthcare professionals often complain about the restrictions of HIPAA – Are the benefits of the legislation worth the extra workload? […]

Is HelloFax HIPAA Compliant?

Is HelloFax HIPAA compliant? Can HelloFax be used by healthcare organizations to send files containing protected health information, or would doing so be considered a violation of HIPAA Rules? In this post we explore the protections in place and attempt to determine whether HelloFax can be considered a HIPAA compliant fax service. […]

Who Enforces HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) introduced many new rules for healthcare organizations, but who enforces HIPAA? Which federal departments are responsible for ensuring HIPAA Rules are followed by covered entities and their business associates? […]

When Should You Promote HIPAA Awareness?

All employees must receive training on HIPAA Rules, but when should you promote HIPAA awareness? How often should HIPAA retraining take place? HIPAA-covered entities, business associates and subcontractors are all required to comply with HIPAA Rules, and all workers must receive training on HIPAA. […]

The Cost of HIPAA Non-Compliance

The Security Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) demands that all covered entities implement the appropriate administrative, physical and technical safeguards to keep PHI secure. Failure to implement those basic minimum standards can lead to more than just a fine from the Department of Health and Human Services’ Office for Civil Rights (OCR). […]

Is G Suite HIPAA Compliant?

Is G Suite HIPAA compliant? Can G Suite be used by HIPAA-covered entities without violating HIPAA Rules? Google has developed G Suite to include privacy and security protections to keep data secure, and those protections are of a sufficiently high standard to meet the requirements of the HIPAA Security Rule. Google will also sign a business associate agreement (BAA) with HIPAA covered entities. […]

HIPAA Compliant Email Archiving

Although HIPAA compliant email archiving is not a requirement of the Security Standards for the Protection of Electronic Protected Health Information (the HIPAA “Security Rule”), there are valid reasons why healthcare organizations should consider archiving emails in compliance with HIPAA. […]

Is iCloud HIPAA Compliant?

Is iCloud HIPAA compliant? Can healthcare organizations use iCloud for storing files containing electronic protected health information (ePHI) or sharing ePHI with third-parties? This article assesses whether iCloud is a HIPAA compliant cloud service. Cloud storage services are a convenient way of sharing and storing data. […]

HIPAA Compliance and Pagers

HIPAA compliance and pagers have become a topic for discussion since the enactment of changes to the Privacy and Security Rules in the Health Insurance Portability and Accountability Act (HIPAA). Although not specifically mentioning pager communications, the changes to the Security Rule stipulate that a system of physical, administrative and technology safeguards must be introduced for any electronic communication to be HIPAA-compliant. […]

HIPAA Compliance and Medical Records

Stage 2 Meaningful Use raises the bar on the conditions that have to be fulfilled in terms of HIPAA compliance and medical records security. In order to qualify for Medicare and/or Electronic Health Record (EHR) incentive payments, eligible healthcare organizations must now meet a new range of demands. […]

The HIPAA Conduit Exception Rule and Transmission of PHI

The HIPAA Conduit Exception Rule is a source of confusion for many HIPAA covered entities, but it is essential that this aspect of HIPAA is understood. Failure to correctly classify a service provider as a conduit or a business associate could see HIPAA Rules violated and a significant financial penalty issued for noncompliance. […]

PCI and HIPAA Compliance Comparison

For organizations in healthcare-related industries, who both have access to PHI and accept credit card payments, a PCI and HIPAA compliance comparison can help find overlaps and similarities in their compliance obligations. These overlaps and similarities can assist organizations with their risk assessments in order to avoid duplication and better mitigate the risk of a data breach. […]

HIPAA Security Officer

All Covered Entities are required by 45 CFR 164.308 – the Administrative Safeguards of the HIPAA Security Rule – to identify a HIPAA Security Officer who is responsible for the development and implementation of policies and procedures to ensure the integrity of electronic Protected Health Information (ePHI). […]

Is WebEx HIPAA Compliant?

Is WebEx HIPAA compliant? Is the online meeting and web conferencing platform suitable for use by healthcare organizations or should the service be avoided? In this post we assess the security controls and features of the platform and determine whether use of WebEx could be considered a HIPAA violation. […]

What is a Limited Data Set Under HIPAA?

A limited data set under HIPAA is a set of identifiable healthcare information that the HIPAA Privacy Rule permits covered entities to share with certain entities for research purposes, public health activities, and healthcare operations without obtaining prior authorization from patients, if certain conditions are met. […]

HIPAA Compliant SFTP Server

If FTP is required to transfer protected health information, healthcare providers, health plans, healthcare clearinghouses and business associates of HIPAA-covered entities must ensure their service provider uses a HIPAA compliant sFTP server. […]

HIPAA Compliance for SaaS

HIPAA compliance for SaaS is one of the many HIPAA-related topics full of if, buts and maybes. In this case, the reason for there being so many possible answers to questions about cloud services is because the original Health Insurance Portability and Accountability of 1996 Act was enacted long before cloud services were commercially available. […]

Guidance on HIPAA and Cloud Computing Issued by HHS

The Department of Health and Human Services has released updated guidance on HIPAA and cloud computing to help covered entities take advantage of the cloud without risking a HIPAA violation. The main focus of the guidance is the use of cloud service providers (CSPs). […]

Is Zoom a HIPAA Compliant Video and Web Conferencing Platform?

Zoom is a popular video and web conferencing platform that has been adopted by more than 750,000 businesses, but is the service suitable for use by healthcare organizations for sharing PHI. Is Zoom HIPAA compliant? Zoom is a cloud-based video and web conferencing platform that allows workers across multiple locations to take part in meetings, share files, and collaborate. […]

Is AWS HIPAA Compliant?

Is AWS HIPAA compliant? Amazon Web Services has all the protections to satisfy the HIPAA Security Rule and Amazon will sign a business associate agreement with healthcare organizations. So, is AWS HIPAA compliant? Yes. And No. […]

Ransomware on Mobile Devices

Most IT professionals will already be conscious of the threat of ransomware on networked computers, but now a new threat is emerging – ransomware on mobile devices. The increase of ransomware on mobile devices is particularly disturbing for organizations that allow employees to use their personal mobile devices in the workplace (BYOD) […]

Is GoToMeeting HIPAA Compliant?

GoToMeeting is an online meeting and video conferencing solution offered by LogMeIn. The service is one of many conferencing and desktop sharing solutions that can improve communication and collaboration, with many benefits for healthcare organizations. […]

HIPAA Audit Protocols

The latest HIPAA audit protocols were published by the U.S. Department of Health and Human Services´ Office for Civil Rights (OCR) in March 2013 when the Final Omnibus Rule enacted provisions within the Health Insurance Portability and Accountability Act (HIPAA) to safeguard the integrity of protected health information (PHI). […]

HIPAA Texting Policy

A HIPAA texting policy is a document that should be compiled once a risk assessment has been conducted to identify any vulnerabilities in the way PHI is currently communicated between employees, medical professionals and Business Associates. […]

What is “HIPAA Certification”?

“HIPAA Certification” is not an officially-sanctioned qualification to show a Covered Entity or Business Associate is HIPAA compliant. It is simply a certificate indicating an individual or organization has undergone some level of training towards HIPAA compliance. […]

HIPAA Compliance Plan

The administrative requirements within the HIPAA Security Rule are quite clear about who has responsibility for creating a HIPAA compliance plan. Section §164.530 of the Security Rule states “A covered entity must designate a privacy official who is responsible for the development and implementation of the policies and procedures of the entity”. […]

What are the Differences Between a HIPAA Business Associate and HIPAA Covered Entity

The terms covered entity and business associate are used extensively in HIPAA legislation, but what are the differences between a HIPAA business associate and HIPAA covered entity? […]

What Are Covered Entities Under HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) applies to HIPAA-covered entities and their business associates, but what are covered entities under HIPAA, and what sort of companies are classed as business associates? […]

Small Businesses and GDPR Compliance

Small businesses have experienced some confusion since the announcement of the General Data Protection Regulation (GDPR). A large number of small business owners appear to have assumed that the GDPR is not applicable to them. Unfortunately, they may well be in for quite a shock on the 25th of May 2018 when the new Regulation comes into force. […]

HIPAA Compliance for Medical Software Applications

HIPAA compliance for medical software applications can be a complicated issue to understand. Some eHealth and mHealth apps are subject to HIPAA and medical software regulations issued by the FDA. Others are not. This article has been prepared with relevance to HIPAA and medical software. For information about FDA regulations, please visit the FDA´s “Device Advice” web page. […]

HIPAA Compliance for HR Departments

Businesses not directly involved in the healthcare or healthcare insurance industries should none-the-less pay close attention to HIPAA compliance for HR departments. It has been estimated a third of all workers and their dependents who receive occupation healthcare benefits do so through a self-insured group health plan. […]

HIPAA Compliance Guide

Compliancy Group’s software and compliance coach guidance allow you achieve, demonstrate, and maintain your HIPAA compliance no matter your organization’s size or level of expertise. […]

What is a HIPAA-Covered Entity?

The term “HIPAA Covered Entity” was not actually in the original Healthcare Insurance Portability and Accountability Act when it was originally enacted in August 1996. The term first appeared in the HHR´s proposed HIPAA Privacy Rule when the Rule was released for public comments in November 1999 and subsequently published after amendments had been made in December 2000. […]

HIPAA Compliance and Cloud Computing Platforms

Before cloud services can be used by healthcare organizations for storing or processing protected health information (PHI) or for creating web-based applications that collect, store, maintain, or transmit PHI, covered entities must ensure the services are secure. […]

HIPAA Release Form

A signed HIPAA release form must be obtained from a patient before their protected health information can be shared with other individuals or organizations, except in the case of routine disclosures for treatment, payment or healthcare operations permitted by the HIPAA Privacy Rule. […]

Who Does HIPAA Apply To?

Health Insurance Portability and Accountability Act (HIPAA) Rules cover the allowable uses and disclosures of protected health information secure and data security, but who does HIPAA apply to? Which types of organizations must implement HIPAA compliance programs? […]

Who Do You Report HIPAA Violations To?

The Health Insurance Portability and Accountability Act (HIPAA) requires HIPAA-covered entities and their business associates to implement safeguards to ensure the privacy of patients is protected and protected health information (PHI) is secured, but what happens when those rules are violated? Who do you report HIPAA violations to? […]

The Top HIPAA Threats Are Likely Not What You Think

Many articles listing the Top HIPAA threats pretty much follow a similar theme. Protect devices against theft, protect data against cybercriminals, and protect yourself against unauthorized third party disclosures by signing a Business Associate Agreement. Unfortunately these articles are way off the mark. […]

HIPAA Data Security Requirements

In order to comply with the HIPAA data security requirements, healthcare organizations should have a solid understanding of the HIPAA Security Rule. The HIPAA Security Rule contains the administrative, physical and technical safeguards that stipulate the mechanisms and procedures that have to be in place to ensure the integrity of Protected Health Information (PHI). […]

HIPAA Privacy Rule

The HIPAA Privacy Rule was first enacted in 2002 with the goal of protecting the confidentiality of patients and their healthcare information, while enabling the flow of patient healthcare information when it is needed. Also known as the “Standards for Privacy of Individually Identifiable Health Information”, the HIPAA Privacy Rule regulates who can have access to Protected Health Information (PHI) […]

Web Filtering for Hospitals

Web filtering for hospitals is a means of controlling access to Internet sites that potentially harbor viruses and infections. By implementing a hospital web filter, healthcare organizations mitigate the risk of a hacker gaining access to PHI via the installation of malware, or of a cybercriminal locking up a system with the installation of ransomware. […]

Insurance Industry compliance with GDPR

The General Data Protection Regulation (GDPR) is due to come into force on the 25th of May 2018. This short article is focused on the GDPR in the particular context of the Insurance Industry. Specialised consideration of the new Regulation is essential given that non-compliance with GDPR rules may lead to the imposition of heavy fines among a number of other sanctions. […]

HIPAA Compliant RDP Server

A HIPAA compliant RDP server allows healthcare professionals to work remotely and still have access to the same information they could view and update if they were working at a practice or hospital. Remote desktop access allows healthcare professionals to work efficiently from home and while travelling. […]

HIPAA Omnibus Rule Places Further Restrictions on Marketing

The introduction of the Omnibus Final Rule, also known as the HIPAA Mega Rule due to the extent of that it alters the current legislation, tightens up many loose ends that existed from the HIPAA Privacy Rule with regards to marketing. […]

Electronic Medical Records and HIPAA

The combination of Stage 2 Meaningful Use for Electronic Medical Records and HIPAA compliance provides an opportunity for healthcare organizations to change the way in which ePHI is stored and communicated and benefit from the Meaningful Use incentive program. […]

How to Prepare for a HIPAA Compliance Audit

In 2011 the Department of Health and Human Services’ Office for Civil Rights developed an audit program to assess the state of healthcare compliance. The pilot audits, which started in 2011 and were completed in 2012, uncovered numerous violations of HIPAA Privacy, Security and Breach Notification Rules. […]

Is SharePoint HIPAA Compliant?

Is SharePoint HIPAA compliant? Does the platform incorporate all the required administrative and technical controls to meet HIPAA requirements? This post explores whether SharePoint supports HIPAA compliance and its suitability for use in the healthcare industry. […]

HIPAA Compliance for Hospices

HIPAA compliance is rarely straightforward in the healthcare industry, and HIPAA compliance for hospices is one area in which it less straightforward than most. The rules regarding the disclosure of Protected Health Information limit conversations with family members if patients have not previously given their consent for the conversations to take place. […]

Does HIPAA Apply to Employers?

The question “Does HIPAA Apply to Employers” is one that has provoked many different responses due to the complicated nature of the HIPAA Privacy Rule. The HIPAA Privacy Rule is one of the most complicated pieces of legislation affecting the healthcare industry. […]

Is Hotmail HIPAA Compliant?

Many healthcare organizations are unsure whether Hotmail is HIPAA compliant and whether sending protected health information via a Hotmail account can be considered a HIPAA compliant method of communication. In this post we answer the question is Hotmail HIPAA compliant, and whether the webmail service can be used to send PHI. […]

HIPAA Compliant Messaging App

A HIPAA compliant messaging app is an integral part of a secure messaging solution that can help healthcare organizations and other covered entities comply with the technical requirements of the HIPAA Security Rule. […]

Protect Healthcare Data from Phishing

One of the key areas of online security that every HIPAA-covered entity should make its priority is to protect healthcare data from phishing. Phishing attacks are becoming a greater threat to the healthcare industry than any other attack vector. Recently almost 25,000 patient records were accessed by hackers as the result of a phishing attack on Saint Agnes Heath Care Inc. in Maryland. […]

What is Considered PHI Under HIPAA?

In a healthcare environment, you are likely to hear health information referred to as protected health information or PHI, but what is considered PHI under HIPAA? Under HIPAA Rules, PHI is considered to be any identifiable health information that is used, maintained, stored, or transmitted by a HIPAA-covered entity […]

Is Yammer HIPAA Compliant?

Is Yammer HIPAA compliant? Does the platform incorporate all the necessary administrative and technical controls to meet HIPAA requirements? This post explores whether Yammer supports HIPAA compliance and assesses whether the platform can be used by healthcare organizations without violating HIPAA Rules. […]

Is Citrix ShareFile HIPAA Compliant?

ShareFile was bought by Citrix Systems in 2011 and the platform is marketed as a suitable data sync, file sharing, and collaboration tool for the healthcare industry, but is Citrix ShareFile HIPAA compliant? Citrix ShareFile is a secure file sharing, data storage and collaboration tool that allows large files to be easily shared within a company, with remote workers, and with external partners. […]

Secure Text Messaging in Hospitals

Secure text messaging in hospitals is a cost-effective solution for healthcare organizations to comply with the Health Insurance Portability and Accountability Act (HIPAA). The solution works by maintaining encrypted PHI on a secure server, and allowing medical professionals to access and communicate sensitive patient data via secure messaging apps. […]

HIPAA Compliance for Dentists

The issue of HIPAA compliance for dentists is not one that should be taken lightly. Research conducted by the American Dental Association shows dental practices are increasing in number and increasing in size, and – according to the National Association of Dental Plans – the number of US citizens with access to commercially or publicly funded dental care increased from 170 million (2006) to 248 million (2016). […]

Do you need HIPAA Compliance Tips?

Compliancy Group’s software and compliance coach guidance allow you achieve, demonstrate, and maintain your HIPAA compliance no matter your organization’s size or level of expertise. […]

HIPAA Compliance Software

The terms “HIPAA compliant software” and “HIPAA compliance software” are frequently used interchangeably by software vendors – often causing confusion among Covered Entities and Business Associates searching for either specific or comprehensive solutions for complying with HIPAA. […]

Is IBM Cloud HIPAA Compliant?

Is IBM Cloud HIPAA compliant? Is the cloud platform suitable for healthcare organizations in the United States to host infrastructure, develop health applications and store files? In this post we assess whether the IBM Cloud supports HIPAA compliance and the platform’s suitability for use by healthcare organizations. […]

Is Google Sheets HIPAA Compliant?

Is Google Sheets HIPAA compliant? Can HIPAA-covered entities use Google Sheets to create, view, or share spreadsheets containing identifiable protected health information or would using Google Sheets violate HIPAA Rules? In this post we assess whether Google Sheets supports HIPAA compliance. […]

HITECH Compliance

Businesses within the healthcare industry (“Covered Entities”) should already be familiar with their HITECH compliance obligations, as they are closely related to HIPAA compliance and often referred to as HIPAA HITECH compliance obligations. However, following the passage of HITECH, third-party service providers (“Business Associates”) now have a legal requirement also to comply with HIPAA. […]

What Covered Entities Should Know About Cloud Computing and HIPAA Compliance

In this post we explain some important considerations for healthcare organizations looking to take advantage of the cloud, HIPAA compliance considerations when using cloud services for storing, processing, and sharing ePHI, and we will dispel some of the myths about cloud computing and HIPAA compliance. […]

What is the HITECH Act?

The HITECH Act – or Health Information Technology for Economic and Clinical Health Act – was part of an economic stimulus package introduced during the Obama administration. The HITECH Act was primarily created to promote and expand the adoption of health information technology, and the Department of Health & Human Services (HHS) was given a budget in excess of $25 billion to achieve its goals. […]

HIPAA and Healthcare Data Compliance

Access to healthcare can be considered a basic human right, although many counties have different views on the services that are provided by the state, and to whom. Privacy is also important and can also be considered a basic human right, with the rights of individuals showing just as much variation. In the UK, British citizens have access to the National Health Service. […]

HIPAA Privacy Guidelines

The HIPAA privacy guidelines were first introduced in 2002 with the aim of protecting the patient confidentiality without obstructing the flow of information required to provide treatment. The guidelines defined what data should be considered as Protected Health Information (PHI), who should be allowed access to it, when it could be disclosed, and for what purposes. […]