Small Practice Owners Guide to HIPAA Compliance Programs
Article Contents If you own a small practice, here is what to focus on when it comes to HIPAA: The…
Get The FREE
Small Medical Practice
HIPAA Checklist
Reduce Risk & Stay Compliant
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The building blocks of HIPAA compliance—from getting started, to managing documentation and understanding key regulatory concepts.
Article Contents If you own a small practice, here is what to focus on when it comes to HIPAA: The…
Article Contents Protect all forms of dental PHI. Include all systems and treatment areas in the risk analysis. Use Business…
HIPAA compliance for a small practice means meeting the requirements of the HIPAA Privacy Rule, the HIPAA Security Rule, and…
A small practice owner who cannot define a Security Risk Analysis, has never read the HIPAA Security Rule, and does…
At smaller organizations with under 100 employees, responsibility for HIPAA compliance normally falls to an administrator or practice manager who…
One of the simplest ways how to become HIPAA compliant is to adapt HHS’ “The Seven Fundamentals of an Effective…
Article Summary Clinical oversight places the Clinical Manager inside the daily clinical workflow rather than the policy library. Access controls…
Article Contents If you are the Practice Administrator handling HIPAA compliance, here is what to focus on: Designate compliance ownership.…
Article Summary What HIPAA requires from medical office managers spans the Privacy Rule, Security Rule, and Breach Notification Rule. Tip…
Article Summary Defining the compliance officer role distinguishes program oversight from performing every compliance task personally. Building and maintaining the…
Article Summary HIPAA compliance matters beyond regulation because documentation, not intent, determines the outcome of an OCR investigation. The basics…
Article Summary The HIPAA Security Officer’s position on the compliance team places the role alongside the HIPAA Privacy Officer and…
Article Contents Protect all forms of dental PHI. Include all systems and treatment areas in the risk analysis. Use Business…
Selecting EMR practice management software requires evaluating scheduling, specialty support, charting flexibility, billing, patient engagement tools, support, integrations, future product…
Article Summary Designating and documenting the Privacy Officer role requires a written designation naming the individual and the scope of…
Article Summary Building and maintaining the HIPAA compliance program requires a designated Privacy Officer and Security Officer with documentation supporting…
This practical guide to HIPAA compliant email services explains how to ensure 100% compliance by avoiding the common misunderstandings and…
Article Summary Physical safeguards and facility oversight require securing spaces where protected health information is stored or accessed. Contingency planning…
Medical practice management software is a clinic operations system that helps a medical practice schedule patients, manage medical billing and…
Article Summary The IT Manager functions as a member of the practice’s compliance team in the IT Manager’s position within…
HIPAA training for employees provides workforce members with the knowledge they require to better understand, absorb, and apply policies and…
The purpose of HIPAA was originally to ensure more employees could continue to receive health insurance coverage when they were…
A HIPAA Business Associate Agreement is most often a contract between a HIPAA covered entity and a business or individual…
Healthcare administrators must receive documented HIPAA training covering the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule…
The HIPAA Journal is launching a new HIPAA employee training program designed to be the gold standard in HIPAA education…
HIPAA training for medical offices must consist of practical, risk-focused education for workforce members that is applicable to the real-world…
Covered entities and business associates are responsible for HIPAA compliance, the compliance of their workforces, and the compliance of any…
HIPAA compliance means complying with all applicable standards, requirements, and implementation specifications of the HIPAA Administrative Simplification Regulations in order…
Whether you are starting a new practice or looking to grow your existing business, choosing the right electronic medical record…
Staff in small medical practices need additional, specially-designed HIPAA training because their everyday reality creates privacy and security risks that…
All healthcare providers are required to comply with the HIPAA Rules, but there are unique challenges for small medical practices.…
For a small practice, EMR software cost commonly totals $3,000 to $25,000 in the first year and $2,000 to $15,000…
In-depth articles on the implementation of HIPAA rules and standards.
Removing guesswork from HIPAA compliance means replacing assumptions about what a practice has covered with a documented process that maps…
A medical spa becomes a HIPAA covered entity when it is a health care provider that transmits health information electronically…
The HIPAA training requirements are that “a covered entity must train all members of its workforce on policies and procedures…
The HIPAA Security Rule training requirements mandate HIPAA-Covered Entities and HIPAA Business Associates to provide workforce security awareness training that…
The U.S. Department of Health and Human Services (HHS) Centers for Medicare and Medicaid Services (CMS) released a final rule…
Healthcare staff need HIPAA training for social media because a single post, photo, or comment can expose Protected Health Information…
If you operate as a HIPAA Covered Entity, your privacy and security posture extends beyond your walls. HIPAA business associates…
The text of the Health Insurance Portability and Accountability Act is full of HIPAA exceptions – adding to the complexity…
The HIPAA Security Rule contains the security standards for the protection of electronic Protected Health Information (ePHI) that apply when…
Healthcare providers participating in federal healthcare programs are advised to regularly check the HHS OIG Exclusions List to avoid penalties…
All HIPAA covered entities and business associates are required to have procedures in place for identifying and responding to suspected…
The relationship between HIPAA and HITECH began in 2009 with the American Recovery and Reinvestment Act – an Act introduced…
The HIPAA minimum necessary rule standard applies to uses and disclosures of PHI that are permitted under the HIPAA Privacy…
Examples of covered entities under HIPAA include qualifying health plans, health care clearinghouses, and healthcare providers that transmit Protected Health…
HIPAA continuity of care is when ongoing care is provided within a healthcare organization or Organized Health Care Arrangement, or…
The HIPAA breach notification requirements are that HHS’ Office for Civil Rights and individuals whose unsecured Protected Health Information (PHI)…
Texas HB300 is a bill passed by the Texas legislature in 2011 that updates Chapter 181 of the Texas Health…
The HIPAA Safe Harbor Law (HR 7898) is an amendment to the HITECH Act passed by Congress in 2021 which…
A HIPAA authorization is a form that must be completed by a patient or a health plan member when a…
The Confidentiality of Medical Information Act (CMIA) is just one of several state laws and regulations that apply to medical…
In addition to HIPAA and the Texas Medical Records Privacy Act/HB300, several other laws apply to the privacy and security…
Under HIPAA PHI is considered to be an individual’s health, treatment, and payment information, and any related information maintained in…
Whether telling a story about a patient is a HIPAA violation depends on who is telling the story, why the…
The HIPAA Privacy Rule provides a federal floor of privacy standards that protects individuals’ health information and other identifying information…
Medical records can be subpoenaed because every type of record can be subpoenaed, and a more relevant question would be…
An organization’s HIPAA social media guidelines should not only eliminate misunderstandings about online disclosures of Protected Health Information but also…
HIPAA updates and changes happen more frequently than many people are aware of because of the nature of the update…
Section §164.528 of the Privacy Rule is better known as the HIPAA disclosure accounting standard and states that an individual…
All HIPAA covered entities and business associates are required to have procedures in place for identifying and responding to suspected…
The Physician Payments Sunshine Act requires pharmaceutical companies, device manufacturers, and group purchasing organizations that participate in federal health programs…
The OIG Stark Law in healthcare is the section of the Social Security Act that prohibits physicians from referring Medicare…
State privacy law supersedes HIPAA when a state law provides greater privacy protections for individually identifiable health information than HIPAA…
Background checks for healthcare employees are an important safeguard in environments in which the well-being of patients and the integrity…
The provision of HIPAA training is not only a regulatory requirement. It is also an investment. Effective HIPAA training reduces…
Effective management of HIPAA policies is one of the most constructive ways in which organizations can support HIPAA compliance by…
The HIPAA rules and regulations are the standards and implementation specifications adopted by federal agencies to streamline healthcare transactions and…
The Health Information Technology for Economic and Clinical Health Act or HITECH Act is the part of the American Recovery…
Doctors can share patient information with other doctors provided the disclosure complies with the HIPAA Privacy Rule – and a…
HIPAA certification for mental health professionals is a practical way to prove you understand how to protect Protected Health Information…
The HIPAA permitted disclosures of PHI are summarized in §164.502 of the Privacy Rule, with more details about each type…
The Physical Safeguards of HIPAA’s Security Rule are the standards and implementation specifications that must be applied when applicable “to…
The 7 HIPAA compliance rules for covered entities are the rules within the HIPAA Administrative Simplification Regulations that covered entities…
The HIPAA transactions and code sets rules have the objective of replacing non-standard descriptions of healthcare activities with standard formats…
HIPAA updates and news, plus the latest data breaches and fines.
Guidance on HIPAA compliance across different medical specialties.
Detailed analysis and examples of data breaches to help you understand how to avoid penalties.
Memorial Healthcare Services, a nonprofit healthcare provider serving patients in Southern California, has agreed to settle a class action lawsuit…
Serviceaide, Inc., a provider of AI-powered solutions to boost productivity and enhance service delivery, has agreed to pay $1.8 million…
Allina Health System, a nonprofit health system based in Minneapolis, Minnesota, that serves patients in Minnesota and Western Wisconsin, has…
Get Our Free Guide To
HIPAA Compliance Software
Learn Why HIPAA Compliance Software Is Perfect For Small Medical Practices
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The national retail company Spencer Gifts LLC has agreed to a $450,000 settlement to resolve alleged violations of the HIPAA…
Delta Dental Insurance and Delta Dental of New York (Delta Dental) have agreed to pay a fine of $2.25 million…
South Texas Oncology and Hematology, a San Antonio, TX-based provider of leading-edge cancer treatment and other medical services, has settled…
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced four financial penalties to…
A ransomware attack on Hospital Caribbean Medical Center in Puerto Rico has affected up to 92,000 individuals. Data breaches have…
Illinois Bone and Joint Institute (IBJI), one of the largest orthopedic group practices in Illinois, has agreed to settle a…
Anne Arundel Dermatology has agreed to pay $2,400,000 to settle a consolidated class action lawsuit stemming from a cybersecurity incident…
Cardiovascular Consultants in Arizona has settled a class action lawsuit stemming from a 2023 data breach involving the protected health…
A settlement has been reached to resolve class action data breach litigation against Excelsior Orthopaedics and Buffalo Surgery Center. The…
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced its first financial penalty of…
Orthopedics NY LLP (aka OrthoNY; OrthopedicsNY), a New York orthopedic medicine practice, has been fined $500,000 by the New York…
The Department of Health and Human Services Office of Inspector General (HHS-OIG) has agreed to a $20,000 settlement with AccuCare…
A $182,000 settlement has been agreed between the HHS’ Office for Civil Rights and five Delaware healthcare providers to resolve…
Two providers of disability services have announced security incidents. The cyberattacks on Reimagine Network in California and the Center for…
The Federal Trade Commission (FTC) has proposed a $1.9 million settlement to resolve claims that Evoke Wellness, a Florida-based substance…
The HHS’ Office for Civil Rights (OCR) has announced its 6th financial penalty of the year to resolve alleged violations…
The Department of Health and Human Services Office of Inspector General (HHS-OIG) has entered into settlement agreements with two healthcare…
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has imposed its second financial penalty…
Examples of HIPAA violations by employers are easy to find because almost every avoidable HIPAA violation is indirectly attributable to…
The HHS’ Office for Civil Rights (OCR) has announced another civil monetary penalty for a HIPAA-regulated entity to address non-compliance…
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has imposed a $1.19 million civil…
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has imposed a $100,000 civil monetary penalty…
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has agreed to settle an investigation of…
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has imposed a $240,000 civil monetary penalty…
American Medical Response (AMR), a private ambulance company, has paid a $115,200 civil monetary penalty to the HHS’ Office for…
The Occupational Safety and Health Administration (OSHA) has proposed a $163, 627 fine for a home healthcare provider that the…
The Federal Trade Commission (FTC) has fined the mental health startup Cerebral $7.1 million for consumer privacy violations and deceptive…
New York Attorney General Letitia James has announced that an agreement has been reached with Refuah Health Center Inc. to…
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced its 11th HIPAA penalty of…
The HHS’ Office for Civil Rights (OCR) has agreed to settle a HIPAA investigation of an Arkansas business associate that…
The HHS’ Office for Civil Rights has announced its 44th enforcement action under its HIPAA Right of Access initiative with…
The HHS’ Office for Civil Rights (OCR) has announced a settlement has been reached with a Californian dental practice to…
The HHS’ Office for Civil Rights (OCR) has agreed to settle three HIPAA investigations of potential HIPAA Right of Access…
The New Jersey Division of Consumer Affairs has agreed to settle a data breach investigation that uncovered violations of the…
Adventist Health Physicians Network in Simi Valley, California has been ordered to pay $40,000 in civil momentary penalties by the…