If you are a covered entity health plan or clearinghouse, you may be among the nine (un)lucky entities randomly chosen this month for review into compliance with HIPAA’s Administrative Simplification rules governing electronic transactions, code sets, and unique identifiers.  According to an FAQ published in March, the Centers for Medicare & Medicaid Services (CMS), acting

HHS Office for Civil Rights (OCR)’s April 3, 2019 cybersecurity newsletter highlights one of the more challenging cybersecurity vulnerabilities faced by covered entities and business associates.  OCR reminds covered entities (CEs) and business associates (BAs) that compliance with the HIPAA Security Rule can help, but stops a bit short of providing concrete guidance as to

We blogged on this back in early May, but compliance with individuals’ rights to access their PHI under HIPAA is even more critical now that OCR has announced that its current HIPAA audits will focus on an audited Covered Entity’s documentation and process related to these access rights.

In an email sent to listserv participants

Contributed by Elizabeth R. Larkin and Jessica Forbes Olson

Health care providers know about and have worked with HIPAA privacy and security rules for well over a decade. They have diligently applied it to their covered entity health care provider practices and to their patients and think they have HIPAA covered.

What providers may not