“TMI” usually means “too much information”, but it was used aptly by the Office for Civil Rights (OCR) as an acronym for a covered entity that exposed protected health information
Continue Reading Too Much (Protected Health) Information Exposed + Too Little Response = $3M and Corrective Action Plan for Medical Imaging Company
OCR
Ransomware Claims A Victim
A two-physician practice in Battle Creek, Michigan is reportedly the first health care provider to cease operations as a result of a ransomware attack. The Minneapolis Star Tribune reports that…
Continue Reading Ransomware Claims A Victim
HIPAA Security and “Zero Day” Exploits: How to Stay Ahead of the Hack
HHS Office for Civil Rights (OCR)’s April 3, 2019 cybersecurity newsletter highlights one of the more challenging cybersecurity vulnerabilities faced by covered entities and business associates. OCR reminds covered entities…
Continue Reading HIPAA Security and “Zero Day” Exploits: How to Stay Ahead of the Hack
New HIPAA Guidance on Disclosure of PHI Related to Opioid Abuse and Mental Health
In our most recent post, the Top 5 Common HIPAA Mistakes to Avoid in 2018, we noted that the U.S. Department of Health and Human Services, Office for Civil…
Continue Reading New HIPAA Guidance on Disclosure of PHI Related to Opioid Abuse and Mental Health
Top 5 Common HIPAA Mistakes to Avoid in 2018
Heading into its 22nd year, HIPAA continues to be misunderstood and misapplied by many, including health care industry professionals who strive for (or at least claim the mantle of) …
Continue Reading Top 5 Common HIPAA Mistakes to Avoid in 2018
Your Business Associates Hold Your HIPAA Compliance Future in Their Hands: Eleven Things You Can Do
Our partner Elizabeth Litten and I were recently featured again by our good friend Marla Durben Hirsch in her article in the April 2017 issue of Medical Practice Compliance Alert…
Continue Reading Your Business Associates Hold Your HIPAA Compliance Future in Their Hands: Eleven Things You Can Do
Charges for Copies of Medical Records May Violate HIPAA, Despite Compliance with State Law
A patient requests a copy of her medical record, and the hospital charges the per-page amount permitted under state law. Does this violate HIPAA? It may.
In the spring of…
Continue Reading Charges for Copies of Medical Records May Violate HIPAA, Despite Compliance with State Law
The Blindfolded Business Associate: New HHS Guidance on HIPAA and Cloud Computing
According to the latest HIPAA-related guidance (Guidance) published by the U.S. Department of Health and Human Services (HHS), a cloud service provider (CSP) maintaining a client’s protected health…
Continue Reading The Blindfolded Business Associate: New HHS Guidance on HIPAA and Cloud Computing
Six Tips for a Small Business to Avoid HIPAA Security Breach Headaches
Last week, I blogged about a recent U.S. Department of Health and Human Services Office of Civil Rights (OCR) announcement on its push to investigate smaller breaches (those involving fewer…
Continue Reading Six Tips for a Small Business to Avoid HIPAA Security Breach Headaches
Small HIPAA Breaches, Big HIPAA Headaches
What you might have thought was not a big breach (or a big deal in terms of HIPAA compliance), might end up being a big headache for covered entities and…
Continue Reading Small HIPAA Breaches, Big HIPAA Headaches