HIPAA compliance and regulation
Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards for safeguarding protected health information. Maintaining HIPAA compliance is essential to protecting patients and avoiding penalties and fines. Get the latest HIPAA news and learn strategies for compliance with HIPAA and other healthcare privacy and security regulations.
Top Stories
-
News
04 Dec 2024
OCR issues $1.19M HIPAA penalty against Florida provider
OCR imposed a $1.19 million HIPAA penalty against Gulf Coast Pain Consultants after a former contracted employee improperly accessed PHI to submit fraudulent Medicare claims. Continue Reading
By- Jill McKeon, Associate Editor
-
News
03 Dec 2024
New legislation aims to strengthen healthcare cybersecurity
The Health Care Cybersecurity and Resiliency Act of 2024 aims to strengthen healthcare cybersecurity and improve coordination between HHS and CISA. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
02 Dec 2024
Breaking down New York's hospital cybersecurity regulations
New York's hospital cybersecurity regulations include 72-hour incident reporting and other requirements to bolster cybersecurity programs in the state's general hospitals. Continue Reading
By- Jill McKeon, Associate Editor
-
News
27 Nov 2024
OIG: OCR should expand scope of HIPAA audit program
OIG recommended that OCR expand the scope of the HIPAA audit program and define metrics for evaluating the effectiveness of its audits. Continue Reading
By- Jill McKeon, Associate Editor
-
Podcast
04 Nov 2024
Understanding new NY hospital cybersecurity regulations
Recently enacted New York State general hospital cybersecurity requirements could be a sign of what's to come for the healthcare sector as a whole. Continue Reading
By- Jill McKeon, Associate Editor
-
News
25 Oct 2024
HHS, NIST conference: OCR identifies top priority areas
Updating the HIPAA Security Rule is one of OCR's current top priorities, OCR Director Melanie Fontes Rainer said during an HHS/NIST conference on safeguarding health information. Continue Reading
By- Jill McKeon, Associate Editor
-
News
23 Oct 2024
HHS, NIST conference: Collaboration is key in healthcare cyber
HHS Deputy Secretary Andrea Palm emphasized the role of collaboration in tackling healthcare cybersecurity challenges at a conference held in Washington. Continue Reading
By- Jill McKeon, Associate Editor
-
News
23 Oct 2024
OCR issues 50th HIPAA right of access enforcement action
OCR resolved a HIPAA right of access case involving Gums Dental Care following a complaint that the practice had failed to provide a patient with timely access to their records. Continue Reading
By- Jill McKeon, Associate Editor
-
News
08 Oct 2024
HHS settles 2 investigations under HIPAA Security Rule
HHS imposed civil monetary penalties against two healthcare organizations following ransomware investigations and potential HIPAA Security Rule violations. Continue Reading
By- Jill McKeon, Associate Editor
-
Definition
07 Oct 2024
What is PHI (protected or personal health information)?
Protected health information (PHI), also referred to as 'personal health information,' is the demographic information, medical histories, test and laboratory results, physical and mental health conditions, insurance information and other data that a healthcare professional collects to identify an individual and determine appropriate care. Continue Reading
By- Cameron Hashemi-Pour, Site Editor
- Ben Lutkevich, Site Editor
- Scott Wallask
-
News
26 Sep 2024
Proposed bill calls for minimum healthcare cyber standards
The Health Infrastructure Security and Accountability Act would require HHS to establish minimum healthcare cyber standards and remove the cap on fines under HIPAA. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
16 Sep 2024
Top considerations for HIPAA-compliant cloud computing
HIPAA-compliant cloud computing is essential to reducing security, privacy and legal risks within a healthcare organization. Continue Reading
By- Jill McKeon, Associate Editor
-
News
12 Sep 2024
Texas sues HHS over HIPAA rule on reproductive health data
The Texas attorney general alleged that an HHS rule that protects reproductive health data unlawfully prevents states from using their investigative authority. Continue Reading
By- Jill McKeon, Associate Editor
-
News
29 Aug 2024
Lawmakers introduce Healthcare Cybersecurity Act in House
Representatives introduced the Healthcare Cybersecurity Act in the House following companion legislation in the Senate. Continue Reading
By- Jill McKeon, Associate Editor
-
News
15 Aug 2024
Enzo Biochem pays $4.5M for health data security failures
State attorneys general from New York, Connecticut and New Jersey issued a $4.5 million penalty to Enzo Biochem, Inc. following a 2023 ransomware attack that resulted in health data security failures. Continue Reading
By- Jill McKeon, Associate Editor
-
News
12 Jul 2024
Industry groups express concern over proposed CIRCIA reporting requirements
Industry groups such as the AHA and MGMA suggested that CISA’s proposed CIRCIA reporting requirements are redundant and burdensome for healthcare entities. Continue Reading
By- Jill McKeon, Associate Editor
-
News
02 Jul 2024
OCR reaches third-ever ransomware settlement
Heritage Valley Health System will pay $950,000 and implement a corrective action plan as part of OCR’s third settlement involving ransomware. Continue Reading
By- Jill McKeon, Associate Editor
-
News
24 Jun 2024
Court deems OCR’s third-party web tech bulletin unlawful
A Texas court ruled that OCR’s third-party web technology bulletin “was promulgated in clear excess of HHS’s authority under HIPAA." Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
17 Jun 2024
What is the Health Breach Notification Rule, Who Does It Apply To?
The Federal Trade Commission’s Health Breach Notification Rule applies to vendors of personal health records, including health apps and other non-HIPAA-covered entities. Continue Reading
By- Jill McKeon, Associate Editor
-
News
22 May 2024
Industry groups seek clarity from HHS on Change Healthcare breach reporting
More than 100 industry groups asked OCR to clarify breach reporting obligations and publicly state that its investigation will focus on Change Healthcare, not the affected providers. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
02 May 2024
How updated third-party tech guidance affects compliance efforts
In its updated bulletin on third-party tracking tech, OCR doubled down on its stance that an IP address of a device accessing certain parts of a covered entity’s website constitutes PHI. Continue Reading
By- Jill McKeon, Associate Editor
-
News
30 Apr 2024
FTC finalizes updates to Health Breach Notification Rule
The FTC underscored the Health Breach Notification Rule's applicability to health apps and emerging technologies outside the scope of HIPAA. Continue Reading
By- Jill McKeon, Associate Editor
-
News
29 Apr 2024
Physician groups seek clarity on Change Healthcare breach notification requirements
In a letter to OCR, the MGMA expressed concerns about Change Healthcare breach notification obligations for the many physician practices impacted by the incident. Continue Reading
By- Jill McKeon, Associate Editor
-
News
24 Apr 2024
Third-party tracking tech lawsuits surge in healthcare
From class action lawsuits to regulatory pushback, third-party tracking tech remains a focus area in the healthcare privacy landscape. Continue Reading
By- Jill McKeon, Associate Editor
-
News
17 Apr 2024
Cerebral faces $7M FTC penalty over alleged health data security failures
The FTC’s proposed order prohibits Cerebral from disclosing consumer health data to third parties for advertising purposes and requires it to implement a comprehensive data security program. Continue Reading
By- Jill McKeon, Associate Editor
-
News
16 Apr 2024
FTC bans Monument from disclosing health data to third-party advertisers
In addition to being barred from disclosing personal health data to third-party advertisers without consent, the alcohol addiction treatment service is facing a $2.5M civil penalty. Continue Reading
By- Jill McKeon, Associate Editor
-
News
02 Apr 2024
HHS imposes $100K penalty on NJ facility over HIPAA right of access violations
Hackensack Meridian Health agreed to pay $100,000 to resolve HIPAA right of access failures. Continue Reading
By- Jill McKeon, Associate Editor
-
News
01 Apr 2024
HHS reaches HIPAA right of access settlement with Phoenix Healthcare
Phoenix Healthcare agreed to pay $35,000 and revise its HIPAA policies to resolve OCR’s 47th right of access enforcement action. Continue Reading
By- Jill McKeon, Associate Editor
-
News
21 Mar 2024
OCR updates HIPAA guidance on online tracking technologies
The HIPAA guidance prohibits regulated entities from using online tracking tech to disclose PHI to vendors for marketing and other purposes without consent. Continue Reading
By- Jacqueline LaPointe, Director of Editorial
-
Feature
13 Mar 2024
3 ways to prepare for impending HIPAA Security Rule updates
Covered entities and business associates should prepare for changes as HHS plans to update the HIPAA Security Rule this spring. Continue Reading
By- Jill McKeon, Associate Editor
-
News
05 Mar 2024
Indiana AG Sues Healthcare Organization Over Data Breach
Indiana Attorney General Todd Rokita filed a lawsuit against Apria Healthcare regarding a data breach that impacted nearly two million individuals. Continue Reading
By- Jill McKeon, Associate Editor
-
News
26 Feb 2024
HHS Delivers Reports to Congress on HIPAA Compliance, Enforcement
OCR stressed the need for additional funding to support its HIPAA compliance and enforcement efforts across the healthcare sector. Continue Reading
By- Jill McKeon, Associate Editor
-
News
23 Feb 2024
HHS Settles Ransomware Investigation With Behavioral Health Provider
This marks the second-ever ransomware settlement that OCR has reached with a covered entity over potential HIPAA violations following a ransomware attack. Continue Reading
By- Jill McKeon, Associate Editor
-
News
20 Feb 2024
HHS, NIST Finalize Joint HIPAA Security Rule Guidance
The revised publication, issued by NIST and OCR, aims to help covered entities and business associates comply with the HIPAA Security Rule and manage risks to PHI. Continue Reading
By- Jill McKeon, Associate Editor
-
News
08 Feb 2024
HHS Finalizes Changes to Substance Use Confidentiality Regulations
The final rule modified the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations under 42 CFR part 2 to better align with HIPAA. Continue Reading
By- Jill McKeon, Associate Editor
-
News
07 Feb 2024
US Fertility Reaches $5.75M Data Breach Settlement
US Fertility resolved a class action lawsuit following a 2020 ransomware attack and data breach that impacted nearly 900,000 individuals. Continue Reading
By- Jill McKeon, Associate Editor
-
News
06 Feb 2024
OCR Reaches $4.75M Settlement With NY Health System
OCR reached a settlement with Montefiore Medical Center over potential HIPAA Security Rule violations that occurred over a decade ago. Continue Reading
By- Jill McKeon, Associate Editor
-
News
03 Jan 2024
NY AG Fines NewYork-Presbyterian Hospital Over Tracking Tech Use
NewYork-Presbyterian Hospital’s tracking tech use resulted in patient information being shared with third-party tech companies, the New York Attorney General’s Office found. Continue Reading
By- Jill McKeon, Associate Editor
-
News
19 Dec 2023
OCR Settles Multiple HIPAA Right of Access Complaints With Optum Medical Care
Optum Medical Care agreed to pay $160,000 to resolve OCR’s investigation, marking the 46th enforcement action under its HIPAA Right of Access Initiative. Continue Reading
By- Jill McKeon, Associate Editor
-
News
13 Dec 2023
NY AG Reaches $400K Settlement With Healthplex Over Data Breach
Healthplex suffered a phishing attack that resulted in a data breach in 2021, impacting tens of thousands of New Yorkers. Continue Reading
By- Jill McKeon, Associate Editor
-
News
08 Dec 2023
HHS Settles First Phishing Attack Investigation With Louisiana Medical Group
Lafourche Medical Group agreed to pay $480K to HHS and implement a corrective action plan following a phishing attack that impacted nearly 35,000 individuals. Continue Reading
By- Jill McKeon, Associate Editor
-
News
21 Nov 2023
HHS Settles HIPAA Investigation With St. Joseph’s Over PHI Disclosure to Media
HHS launched a HIPAA investigation into St. Joseph’s Medical Center and determined that the organization had disclosed three patients’ protected health information to the Associated Press. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
20 Nov 2023
Understanding the Nuances of the Healthcare Cybersecurity Regulatory Landscape
A patchwork of key healthcare cybersecurity and privacy regulations aim to keep cyber threats at bay, but compliance can be challenging. Continue Reading
By- Jill McKeon, Associate Editor
-
News
06 Nov 2023
AHA Sues Federal Government Over OCR Tracking Technology Guidance
The AHA’s lawsuit suggests that OCR’s tracking technology bulletin disturbs the balance between privacy and information sharing under HIPAA. Continue Reading
By- Jill McKeon, Associate Editor
-
News
01 Nov 2023
HHS Reaches Settlement With Healthcare Business Associate Following Ransomware Attack
Doctors’ Management Services will pay $100,000 to resolve an investigation stemming from a ransomware attack that impacted more than 206,000 individuals. Continue Reading
By- Jill McKeon, Associate Editor
-
News
31 Oct 2023
OCR Releases Educational Video on HIPAA Security Rule
OCR produced a video on how the HIPAA Security Rule can help covered entities defend against cyberattacks. Continue Reading
By- Jill McKeon, Associate Editor
-
News
19 Oct 2023
Inmediata Health Resolves Multi-State Data Breach Investigation With $1.4M Settlement
More than 30 state attorneys general joined forces to investigate potential HIPAA violations connected to a data breach that spanned nearly three years and impacted 1.5 million individuals. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
11 Oct 2023
Communicating With a Patient’s Family Under the HIPAA Privacy Rule
Providers must ensure that they are following the HIPAA Privacy Rule when choosing to disclose a patient’s protected health information with the patient’s family and friends. Continue Reading
By- Jill McKeon, Associate Editor
-
News
04 Oct 2023
AHA: OCR Tracking Technology Rule Violates HIPAA Regulations
AHA said the rule violates HIPAA regulations and is a bad public policy as many hospitals use third-party technologies in their information-sharing efforts. Continue Reading
By- Victoria Bailey, Xtelligent
-
Answer
28 Sep 2023
How Digital Health Companies Navigate the Patchwork of State Data Privacy Laws
As new state-level data privacy laws go into effect, digital health companies will have to navigate unforeseen compliance complexities. Continue Reading
By- Jill McKeon, Associate Editor
-
Answer
21 Sep 2023
Navigating the SEC Cyber Incident Disclosure Rule, How It Impacts Healthcare
The Securities and Exchange Commission’s (SEC) cyber incident disclosure rule requires publicly traded companies to disclose material cyber incidents within four business days. Continue Reading
By- Jill McKeon, Associate Editor
-
News
15 Sep 2023
ONC, OCR Release Security Risk Assessment Tool Version 3.4
The latest version of the Security Risk Assessment (SRA) Tool contains updated references to HICP and a remediation report to help users track responses within the tool. Continue Reading
By- Jill McKeon, Associate Editor
-
News
12 Sep 2023
Senator Seeks Stakeholder Feedback on Improving Health Data Privacy
US Senator Bill Cassidy, ranking member of the Senate Health, Education, Labor, and Pensions (HELP) Committee, is seeking feedback on how to modernize HIPAA and safeguard health data privacy. Continue Reading
By- Jill McKeon, Associate Editor
-
News
11 Sep 2023
OCR Reaches $1.3M Settlement With LA Care Over Potential HIPAA Violations
The largest publicly operated health plan in the US paid $1.3 million to conclude two OCR HIPAA violation investigations stemming from data breaches. Continue Reading
By- Jill McKeon, Associate Editor
-
News
07 Sep 2023
HHS, FTC Publish Warning Letters Sent to Healthcare Entities Over Third-Party Tracking Tech
HHS and the FTC sent warning letters about the security and privacy risks of third-party tracking tech to 130 hospital systems and telehealth providers in July. Continue Reading
By- Jill McKeon, Associate Editor
-
News
25 Aug 2023
UnitedHealthcare Resolves HIPAA Right of Access Case With $80K Settlement
UnitedHealthcare paid an $80,000 settlement to HHS, marking the 45th case settled under OCR’s HIPAA Right of Access Initiative. Continue Reading
By- Jill McKeon, Associate Editor
-
News
20 Jul 2023
HHS, FTC Warn Hospitals and Telehealth Providers About Third-Party Tracking Tech
HHS and the FTC sent a joint letter to 130 hospital systems and telehealth providers to bring attention to the privacy and security risks of online tracking technologies. Continue Reading
By- Jill McKeon, Associate Editor
-
News
19 Jul 2023
Lawmakers Ask HHS to Expand Proposed HIPAA Rule, Require Warrant For PHI
Lawmakers urged the Biden administration to require law enforcement to obtain a warrant before forcing providers to turn over patient PHI. Continue Reading
By- Jill McKeon, Associate Editor
-
News
13 Jul 2023
Examining Health Data Privacy, HIPAA Compliance Risks of AI Chatbots
Healthcare organizations seeking to reap the benefits of AI chatbots must consider the HIPAA compliance and data privacy risks that come along with them. Continue Reading
By- Jill McKeon, Associate Editor
-
News
05 Jul 2023
OCR Reinforces Importance of Multi-Factor Authentication in Healthcare
OCR’s latest newsletter doubles down on the importance of strong authentication practices for security and compliance. Continue Reading
By- Jill McKeon, Associate Editor
-
News
29 Jun 2023
HHS Settles HIPAA Investigation With Healthcare Business Associate
Healthcare business associate iHealth Solutions paid $75,000 to OCR to resolve potential HIPAA violations. Continue Reading
By- Jill McKeon, Associate Editor
-
News
20 Jun 2023
24 Attorneys General Express Support For Bolstering Reproductive Care HIPAA Protections
New York Attorney General Letitia James and California Attorney General Rob Bonta led a coalition of two dozen attorneys general in supporting proposed amendments to HIPAA. Continue Reading
By- Jill McKeon, Associate Editor
-
News
15 Jun 2023
Medical Record Snooping Case Leads to $240K HIPAA Settlement
Multiple security guards at Yakima Valley Memorial Hospital were caught improperly accessing medical records, resulting in a HIPAA violation. Continue Reading
By- Jill McKeon, Associate Editor
-
News
05 Jun 2023
HHS Reaches Settlement With NJ Provider Over Potential HIPAA Privacy Rule Violations
New Jersey-based Manasa Health Center committed a potential HIPAA Privacy Rule violation by disclosing the protected health information of patients when responding to a negative online review. Continue Reading
By- Jill McKeon, Associate Editor
-
News
05 Jun 2023
Arizona Man Pleads Guilty to Criminal HIPAA Violation
An Arizona man was sentenced to 54 months in prison and ordered to pay more than $130,000 in restitution to victims after committing a criminal HIPAA violation. Continue Reading
By- Jill McKeon, Associate Editor
-
News
30 May 2023
AHA Urges OCR to Suspend or Amend Online Tracking Guidance
The American Hospital Association claims that OCR defined PHI too broadly in its Online Tracking Guidance and encouraged it to “suspend or amend” the guidance immediately. Continue Reading
By- Jill McKeon, Associate Editor
-
News
22 May 2023
FTC Seeks to Update Health Breach Notification Rule to Clarify Health App Coverage
The Federal Trade Commission (FTC) proposed amendments to the Health Breach Notification Rule, aiming to enhance patient privacy protection for the millions of patients utilizing digital health apps. Continue Reading
By- Sarai Rodriguez
-
News
19 May 2023
FTC Issues Health Breach Notification Rule Enforcement Action Against Fertility App
The FTC alleged that fertility app Premom shared sensitive user data with third parties and failed to notify customers of these disclosures in violation of the Health Breach Notification Rule. Continue Reading
By- Jill McKeon, Associate Editor
-
News
16 May 2023
OCR Settles HIPAA Investigation With Revenue Cycle Management Company
Revenue cycle management company MedEvolve agreed to pay $350,000 to resolve a potential HIPAA violation following a data breach that exposed patient information on the internet. Continue Reading
By- Jill McKeon, Associate Editor
-
News
08 May 2023
OCR Resolves HIPAA Right of Access Case With Pennsylvania Therapist
The Pittsburgh-based psychotherapy provider will be required to pay $15,000 to resolve a potential violation of the HIPAA Privacy Rule’s right of access standard. Continue Reading
By- Jill McKeon, Associate Editor
-
News
04 May 2023
Lawsuit Strikes 90 Degree Benefits After 181K-Impacted Data Breach
The plaintiffs seek class-action status in a lawsuit against 90 Degree Benefits, citing weak security measures that failed to keep patient privacy under lock and key in the December 2022 data breach Continue Reading
By- Sarai Rodriguez
-
News
03 May 2023
Washington State Passes My Health, My Data Act to Safeguard Health Data Privacy
The My Health, My Data Act gives Washingtonians the right to request data deletion, restricts geo-fencing around healthcare facilities, and forbids the collection of health data without consent. Continue Reading
By- Jill McKeon, Associate Editor
-
Answer
02 May 2023
How FTC Enforcement Actions Will Impact Telehealth Data Privacy
Recent high-profile settlements against telehealth companies show that the FTC is willing to enforce its Health Breach Notification Rule and hold entities accountable for noncompliance. Continue Reading
By- Jill McKeon, Associate Editor
-
News
27 Apr 2023
Data Breach Lawsuits Tied to Tracking Pixel Use On the Rise In Healthcare
Since August 2022, more than 50 lawsuits have been filed against health systems related to their use of tracking pixels, BakerHostetler observed. Continue Reading
By- Jill McKeon, Associate Editor
-
News
27 Apr 2023
Ex-Methodist Staff Plead Guilty to Illegal PHI Exposure in HIPAA Violation Case
Several ex-Methodist Hospital workers admitted to violating HIPAA regulations by unlawfully exposing PHI of motor vehicle accident victims to third parties, such as injury lawyers and chiropractors. Continue Reading
By- Sarai Rodriguez
-
News
12 Apr 2023
HHS Proposes Rule to Strengthen HIPAA Protections For Reproductive Healthcare Data
HHS issued a Notice of Proposed Rulemaking aimed at strengthening HIPAA Privacy Rule protections by prohibiting the use of PHI to investigate or prosecute patients and providers involved in the provision of reproductive healthcare. Continue Reading
By- Jill McKeon, Associate Editor
-
News
11 Apr 2023
Pandemic-Era Telehealth Rules Set to Expire in May, Shifting HIPAA Compliance Obligations
When the public health emergency ends on May 11, OCR’s four Notifications of Enforcement Discretion under HIPAA will also expire, including loosened telehealth requirements. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
29 Mar 2023
Aligning Substance Abuse Confidentiality Regulations With HIPAA to Enhance Compliance
Covered entities are awaiting a final rule that would align the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations under 42 CFR part 2 with HIPAA. Continue Reading
By- Jill McKeon, Associate Editor
-
News
14 Mar 2023
HHS Requests $78M in Funding For OCR in Next Fiscal Year
HHS requested a $38 million increase over last year’s budget for OCR in order to address its complaint inventory backlog and enhance education and outreach efforts. Continue Reading
By- Jill McKeon, Associate Editor
-
News
08 Mar 2023
Understanding the Import of HITRUST Certification to Healthcare
HITRUST plays a crucial role in ensuring the privacy and security of patient data through its certification of health IT systems and services. Continue Reading
By- Consensus Cloud Solutions
-
News
28 Feb 2023
HHS Restructures OCR to Better Handle Increased HIPAA Complaint Volume
OCR’s new Enforcement Division, Policy Division, and Strategic Planning Division were designed to help the agency manage an increased volume of HIPAA and HITECH complaints. Continue Reading
By- Jill McKeon, Associate Editor
-
News
27 Feb 2023
DOJ Finalizes FTC Settlement With GoodRx Over Alleged Health Breach Notification Rule Violations
Following allegations of Health Breach Notification Rule violations, GoodRx agreed to pay a civil monetary penalty of $1.5 million and notify users that their information was disclosed, the DOJ announced. Continue Reading
By- Jill McKeon, Associate Editor
-
News
22 Feb 2023
HHS Delivers 2 Reports to Congress On Healthcare Data Breaches, HIPAA Compliance
The reports provide key insights into OCR’s efforts to investigate healthcare data breaches and HIPAA compliance cases throughout the 2021 calendar year. Continue Reading
By- Jill McKeon, Associate Editor
-
News
21 Feb 2023
Advent Health Partners Agrees to $500K Healthcare Data Breach Settlement
Advent Health Partners reached a settlement of $500,000 to address allegations over a 2021 healthcare data breach that exposed the protected health information of thousands. Continue Reading
By- Sarai Rodriguez
-
News
03 Feb 2023
Banner Health Pays $1.25M to Resolve HIPAA Security Rule Investigation
HHS settled a HIPAA Security Rule investigation over a 2016 data breach at Banner Health that impacted 2.81 million individuals. Continue Reading
By- Jill McKeon, Associate Editor
-
News
04 Jan 2023
OCR Settles HIPAA Right of Access Case With Georgia Lab
The lab agreed to pay $16,500 to OCR and implement a corrective action plan to resolve a potential HIPAA right of access violation. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
28 Dec 2022
How to Properly Dispose of Electronic PHI Under HIPAA
HIPAA requires covered entities to implement appropriate safeguards to protect electronic PHI throughout its lifecycle. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
27 Dec 2022
How to Properly Dispose of Paper Medical Records, Physical PHI Under HIPAA
HIPAA requires covered entities to implement appropriate administrative, technical, and physical safeguards to protect PHI at all times, even when disposing of it. Continue Reading
By- Jill McKeon, Associate Editor
-
News
16 Dec 2022
OCR Resolves HIPAA Right of Access Case With FL Primary Care Practice
The primary care practice paid $20,000 to OCR and implemented a corrective action plan to resolve a potential HIPAA right of access violation. Continue Reading
By- Jill McKeon, Associate Editor
-
News
15 Dec 2022
OCR Settles Potential HIPAA Violation After Dental Practice Discloses PHI on Yelp
The dental practice paid $23,000 to OCR to settle a potential HIPAA violation after including PHI in its responses to reviews on Yelp. Continue Reading
By- Jill McKeon, Associate Editor
-
News
08 Dec 2022
FTC, HHS Update Mobile Health App Data Privacy Compliance Tool
Mobile health app developers can use the updated FTC-HHS tool to navigate data privacy compliance and determine which laws apply to their apps. Continue Reading
By- Jill McKeon, Associate Editor
-
News
02 Dec 2022
OCR Outlines Proper Use of Tracking Tech to Maintain HIPAA Compliance
Covered entities and business associates using tracking tech such as Google Analytics and Meta Pixel should pay close attention to whether PHI is being handled in accordance with HIPAA. Continue Reading
By- Jill McKeon, Associate Editor
-
News
28 Nov 2022
HHS Proposes New Rule to Align 42 CFR Part 2 With HIPAA
The HHS Office for Civil Rights and the Substance Abuse and Mental Health Services Administration proposed updates to increase care coordination and strengthen Part 2’s alignment with HIPAA. Continue Reading
By- Jill McKeon, Associate Editor
-
Answer
17 Nov 2022
Top 3 HIPAA Compliance Challenges of This Year
A privacy expert breaks down the top HIPAA compliance challenges coming out of 2022, including the Dobbs decision, third-party risk, and the increasing interconnectedness of healthcare. Continue Reading
By- Jill McKeon, Associate Editor
-
News
16 Nov 2022
5 Former Methodist Hospital Employees Indicted Over HIPAA Violations
The five former Tennessee hospital employees allegedly committed HIPAA violations by disclosing the personal information of patients involved in car accidents. Continue Reading
By- Jill McKeon, Associate Editor
-
News
01 Nov 2022
OCR Releases Video On Recognized Security Practices Under HITECH
OCR created the video presentation to educate covered entities and answer common questions about recognized security practices under HITECH. Continue Reading
By- Jill McKeon, Associate Editor
-
News
28 Oct 2022
OCR Highlights HIPAA Security Rule Incident Response Procedures
OCR stressed the importance of timely incident detection and response, as required by the HIPAA Security Rule. Continue Reading
By- Jill McKeon, Associate Editor
-
News
11 Oct 2022
Doctor Pleads Guilty to HIPAA Violation, Wrongful Disclosure of PHI
A former physician pleaded guilty to a HIPAA violation and admitted to conspiring to wrongfully disclose patient PHI to a pharmaceutical sales representative. Continue Reading
By- Jill McKeon, Associate Editor
-
Answer
05 Oct 2022
What the American Data Privacy and Protection Act Could Mean For Health Data Privacy
If passed, the American Data Privacy and Protection Act (ADPPA) could have significant implications for health data privacy outside of HIPAA. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
23 Sep 2022
Exploring the HIPAA Privacy Rule’s Right of Access Provisions
HIPAA-covered entities must comply with the HIPAA Privacy Rule’s right of access provisions, which ensure that patients have access to their health records in a timely and cost-effective manner. Continue Reading
By- Jill McKeon, Associate Editor
-
News
21 Sep 2022
OCR Settles Three HIPAA Right of Access Cases With Dental Practices
OCR resolved three HIPAA right of access cases involving dental practices, reinforcing its commitment to ensuring timely patient access to health records. Continue Reading
By- Jill McKeon, Associate Editor
-
News
15 Sep 2022
Senators Once Again Ask HHS to Update HIPAA, Citing Patient Privacy Concerns
A group of 30 Senators urged HHS to update HIPAA, citing “widespread confusion” among healthcare providers about health privacy provisions and growing patient privacy concerns. Continue Reading
By- Jill McKeon, Associate Editor