HIPAA compliance and regulation
Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards for safeguarding protected health information. Maintaining HIPAA compliance is essential to protecting patients and avoiding penalties and fines. Get the latest HIPAA news and learn strategies for compliance with HIPAA and other healthcare privacy and security regulations.
Top Stories
-
News
26 Sep 2024
Proposed bill calls for minimum healthcare cyber standards
The Health Infrastructure Security and Accountability Act would require HHS to establish minimum healthcare cyber standards and remove the cap on fines under HIPAA. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
16 Sep 2024
Top considerations for HIPAA-compliant cloud computing
HIPAA-compliant cloud computing is essential to reducing security, privacy and legal risks within a healthcare organization. Continue Reading
By- Jill McKeon, Associate Editor
-
Feature
08 May 2020
Insights into HHS COVID-19 HIPAA Waivers and Lasting Implications
HHS and OCR have issued several COVID-19 HIPAA waivers around telehealth and data sharing amid the pandemic. But it’s crucial providers keep privacy and security in focus. Continue Reading
By- Jessica Davis
-
News
06 May 2020
COVID-19: OCR Reminds Providers of Media Access Restrictions to PHI
Even during the COVID-19 emergency, OCR reminds providers that HIPAA restricts the media and film crews from accessing areas where PHI could be accessible without patient authorization. Continue Reading
By- Jessica Davis
-
News
05 May 2020
LabCorp Hit with Shareholder Lawsuit Over 2 Separate Data Breaches
Following a second breach in less than a year, a LabCorp shareholder is suing the testing giant in an attempt to recoup share value losses. Continue Reading
By- Jessica Davis
-
News
01 May 2020
Ciitizen: ‘Significant Improvement’ in HIPAA Right of Access Compliance
The third version of Ciitizen’s Patient Record Scorecard, evaluating providers on their compliance with the HIPAA Privacy Rule's Right of Access, saw ‘significant improvement’ from the initial reports. Continue Reading
By- Jessica Davis
-
News
13 Apr 2020
OCR Lifts HIPAA Penalties for COVID-19 Community-Based Testing Sites
In the latest move to support the COVID-19 response, OCR announced it will lift penalties around HIPAA noncompliance for Community-Based Testing Sites during the pandemic. Continue Reading
By- Jessica Davis
-
News
06 Apr 2020
Sens. Probe Privacy, Cybersecurity of Apple COVID-19 Screening Tools
Four Democratic Senators are asking Apple to explain the privacy and cybersecurity practices of its COVID-19 screening app and website, in light of its data collection efforts. Continue Reading
By- Jessica Davis
-
News
03 Apr 2020
OCR Permits Business Associates to Share Patient Data During COVID-19
A new enforcement discretion by OCR will allow business associates to share PHI with public health authorities in good faith, without fear of an OCR penalty for HIPAA noncompliance. Continue Reading
By- Jessica Davis
-
News
25 Mar 2020
OCR Shares COVID-19 PHI, Data Sharing Guidance for First Responders
In light of the COVID-19 pandemic, OCR provided insights on how protected health information can be shared with first responders and law enforcement in compliance with the HIPAA Privacy Rule. Continue Reading
By- Jessica Davis
-
News
23 Mar 2020
OCR Clarifies HIPAA Liability on Telehealth Use During COVID-19
Two days after OCR announced it would lift penalties around telehealth use during the COVID-19 pandemic, its officials released clarifications around HIPAA compliance to ease concerns. Continue Reading
By- Jessica Davis
-
News
18 Mar 2020
OCR Lifts HIPAA Penalties for Telehealth Use During COVID-19
Following HHS' lead, OCR announced it won’t impose penalties for noncompliance against covered providers who use telehealth vendors that may not fully comply with HIPAA during COVID-19. Continue Reading
By- Jessica Davis
-
News
17 Mar 2020
HHS Issues Limited Waiver of HIPAA Sanctions Due to Coronavirus
HHS Secretary Alex Azar lifted certain HIPAA sanctions in response to the Coronavirus pandemic, including obtaining patient consent before sharing information with family about the individual's care. Continue Reading
By- Jessica Davis
-
News
04 Mar 2020
Senators Press Ascension on Data Sharing Agreement with Google
Calling Google’s responses to their inquiry incomplete, a group of senators are asking Ascension to shed light on its data sharing agreement with Google in light of patient privacy concerns. Continue Reading
By- Jessica Davis
-
News
03 Mar 2020
Judge Finalizes Quest Diagnostics Settlement Over 2016 Data Breach
First proposed in October, a judge has finalized the data breach lawsuit settlement between Quest Diagnostics and the patients impacted by a 2016 hack of the testing giant’s patient application. Continue Reading
By- Jessica Davis
-
News
03 Mar 2020
OCR Settles with Utah Provider for $100K Over HIPAA Security Failures
Provider Steven Porter, MD in Ogden, Utah settled with HHS OCR after failing to implement HIPAA security requirements, such as conducting a risk analysis of potential risks to patient data. Continue Reading
By- Jessica Davis
-
News
02 Mar 2020
OIG Finds NIH Security Practices Potentially Put EHR Data at Risk
An OIG audit around NIH's EHR security found that while it had some established controls, the agency’s security practices and policies may have increased the potential risk to its EHR data. Continue Reading
By- Jessica Davis
-
News
18 Feb 2020
OIG Finds Serious Misuse of Medicare Data Transactions by Pharmacies
A recent OIG audit of mail-order pharmacy’s Medicare Part D E1 transactions found rampant improper access and misuse of Medicare beneficiary data by pharmacies. Continue Reading
By- Jessica Davis
-
News
29 Jan 2020
Judge Rules Against HHS Over HIPAA Right of Access Third-Party Fees
Ciox Health sued HHS in 2018 to stop what it called “irrational” enforcement of the HIPAA Right of Access rule around third parties; a federal judge ruled HHS overstepped on fee limitations. Continue Reading
By- Jessica Davis
-
Answer
22 Jan 2020
Key Elements for Secure Business Associate Agreements, Relationships
Impact Advisors’ Shefali Mookencherry dives into key elements for building secure business associate agreements and relationships that can protect the covered entity in the event of a data breach. Continue Reading
By- Jessica Davis
-
News
17 Jan 2020
Sen. Warner Digs into DHA Over Exposed Army Medical Center Images
Millions of medical images are being exposed online through unsecured PACS; Sen. Warner is demanding action from DHA as sensitive health data is still being leaked through Army PACS. Continue Reading
By- Jessica Davis
-
News
15 Jan 2020
ONC Draft Federal Health IT Strategy Puts Privacy, Security in Focus
HHS ONC shares its draft Federal Health IT Strategy for 2020 to 2025, designed to improve investments and develop standards, among other goals with a focus on patient privacy and security. Continue Reading
By- Jessica Davis
-
News
14 Jan 2020
Health Plans Struggle with HIPAA Compliance, Unprepared for Audit
Many health plan sponsors aren't fully compliant with HIPAA or struggle to remain compliant with the rule, which means they are not prepared for an OCR HIPAA audit, Buck researchers find. Continue Reading
By- Jessica Davis
-
News
06 Jan 2020
HSCC Tells HHS: Include Patching in Stark Law Cybersecurity Donations
In response to HHS proposed changes to Stark Law and the Anti-Kickback Statute, HSCC is urging stakeholders to include patching and updates as allowable donations to protect providers. Continue Reading
By- Jessica Davis
-
News
17 Jun 2019
Proposed Bill Would Close HIPAA Gaps, Curb Health App Privacy Risks
A proposed bipartisan bill would direct HHS to create regulations for health tech like apps and direct-to-consumer genetic tests, which HIPAA does not cover, to bolster patient privacy. Continue Reading
By- Jessica Davis
-
Feature
05 Oct 2018
Complying with the HIPAA Privacy Rule During Emergency Situations
The last thing on healthcare professionals’ minds in emergency situations is complying with the HIPAA Privacy Rule, but it should be a priority. Continue Reading
By- Fred Donovan
-
News
10 Sep 2018
Identifying the Challenges to Securing Patient Data
Numerous challenges to securing patient data post threats to health data security, including significant financial costs. Continue Reading
By- Insight
-
News
27 Aug 2018
Oklahoma Hospital Sued for Alleged HIPAA Violation Over Drowning
McAlester Regional Health Center in Oklahoma is being sued for an alleged HIPAA violation for sharing information on a boy’s drowning with his biological mother, reported the Pauls Valley Democrat newspaper on Aug. 23. Continue Reading
By- Fred Donovan
-
Answer
24 Jul 2018
How Does HIPAA Apply to Wearable Health Technology?
The use of wearable health technology is expected to expand substantially within the next few years. How do HIPAA security and privacy protections apply to wearables and the health data they collect and store? Continue Reading
By- Fred Donovan
-
News
11 Jun 2018
New York Suspends Nurse for HIPAA Violation Affecting 3K Patients
The state of New York has suspended Martha Smith-Lightfoot, a former nurse at the University of Rochester Medical Center, for a HIPAA violation affecting more than 3,000 patients. Continue Reading
By- Fred Donovan
-
News
04 Jun 2018
Did EMS Worker Commit HIPAA Violation With Facebook Post?
Did an emergency medical services worker in Tennessee commit a HIPAA violation with a Facebook post that described the peculiar location of an emergency response—a chicken coop? Continue Reading
By- Fred Donovan
-
News
24 Jan 2018
Why Providers Need a Disaster Recovery Plan for EHR Security
Covered entities can help ensure a more comprehensive approach to EHR security by having a current disaster recovery plan in place. Continue Reading
By- Elizabeth Snell
-
News
13 Sep 2017
How HIPAA Rules Apply with Law Enforcement Investigations
A recent case in Utah brought forth concerns in how HIPAA rules actually apply when it comes to law enforcement investigations. Continue Reading
By- Elizabeth Snell
-
News
22 Sep 2016
The Role of HIM Professionals in HIPAA Compliance
When it comes to HIPAA compliance, healthcare organizations’ HIM professionals must ensure that those on the privacy and security sides are able to work together. Continue Reading
By- Elizabeth Snell
-
Feature
16 Sep 2016
HIPAA Data Breaches: What Covered Entities Must Know
Covered entities and their business associates need to understand the basics of how HIPAA data breaches are determined, and what they can do to keep information secure. Continue Reading
By- Elizabeth Snell
-
News
19 Aug 2016
The Role of Nurses in HIPAA Compliance, Healthcare Security
Maintaining HIPAA compliance is essential for any healthcare provider, and nurses are key tools in protecting patients’ healthcare security. Continue Reading
By- Kate Borten of The Marblehead Group
-
Feature
19 Aug 2016
The Role of Risk Assessments in Healthcare
Healthcare risk assessments are not only required under HIPAA regulations, but can also be a key tool for organizations as they develop stronger data security measures. Continue Reading
By- Elizabeth Snell
-
News
20 Jun 2016
How Do HIPAA Rules, Patient Privacy Apply in Emergencies?
Healthcare organizations need to understand how HIPAA rules apply in emergency situations, ensuring that patient privacy is not unnecessarily compromised. Continue Reading
By- Elizabeth Snell
-
News
17 Mar 2016
HHS Reviews HIPAA Regulations for Workplace Wellness Programs
Employers must comply with HIPAA Regulations when collecting PHI for wellness programs as part of a health plan, HHS states. Continue Reading
By- Jacqueline LaPointe, Director of Editorial
-
News
25 Jan 2016
What are Top HIPAA Compliance Concerns, Obstacles?
Maintaining HIPAA compliance and the exposure of patient data following a breach and are among the top challenges for HealthITSecurity.com readers. Continue Reading
By- Elizabeth Snell
-
News
18 Jan 2016
Understanding Physical Safeguards, Healthcare Data Security
Physical safeguards still present a great opportunity for healthcare organizations to ensure health data security. Continue Reading
By- Sara Heath, Executive Editor
-
News
31 Jul 2015
How Do HIPAA Regulations Affect Judicial Proceedings?
HIPAA regulations must still be followed throughout legal proceedings. Continue Reading
By- Elizabeth Snell
-
News
20 Oct 2014
HIPAA Best Practices: Acceptable Use Policies, Team Training
Creating Acceptable Use Policies (AUP) and then training your employees is essential for security at your healthcare organization. Continue Reading
By- Lisa Myers of ESET North American
-
News
06 Oct 2014
AHIMA Releases Information Governance Principles for Healthcare
AHIMA determined that there are eight core principles involving data privacy and security for healthcare organizations to consider. Continue Reading
By- Patrick Ouellette
-
News
17 Jun 2014
HIPAA Privacy Rule: Permitted PHI uses and disclosures
HealthITSecurity.com kicked off its HIPAA Privacy Rule series with a breakdown of permitted protected health information (PHI) uses and disclosures. Continue Reading
By- Patrick Ouellette